Samuel (Sam) Goldstick is a data privacy and cybersecurity associate at Foley & Lardner LLP. He is a member of the firm’s Technology Transactions & Outsourcing, Cybersecurity and Privacy, Security & Information Management Practices, as well as the Technology & Health Care Industry Teams. He also is accredited by the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional in both United States and European privacy law (CIPP/US and CIPP/E).
Sam focuses his practice on advising clients on all aspects of compliance with federal, state and international data privacy and security laws, such as the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Gramm-Leach-Bliley Act (GLBA). He frequently guides clients through data incident management and the entire breach notification process, from the early stages of investigation to the notification of affected individuals as well as state and federal government regulators.
To date, Sam has handled more than 350 data breaches and non-reportable security incidents involving system-wide malware attacks, phishing schemes, ransomware infections, lost or stolen laptops/paper documents, insider wrongdoing and misdirected communications on behalf of clients operating in a wide range of industries, including financial services, health care, higher education, hospitality, insurance, and retail. He also prepares, updates and advises clients on their privacy, data security, and incident response policies and procedures, as well as third-party vendor agreements.
- Assists clients as a “breach coach” by managing all phases of the incident response process, including investigation, containment, notification, remediation and regulator interface
- Develops enterprise-wide GDPR and CCPA compliance programs for clients in a variety of industries.
- Assists in drafting and revising data privacy and security policies and procedures
- Creates and counsels clients on security incident response plans
- Negotiates data privacy issues in contracts, including GDPR data processing agreements
- Counsels clients on compliance issues related to a myriad of privacy and security laws, including GDPR, HIPAA, CCPA, GLBA, CFAA and CAN-SPAM, as well as state data security and breach notification laws
- Assists clients undergoing investigations by the Office for Civil Rights (OCR) and State Attorneys General
- Reviews and advises on the overall state of data privacy and security compliance during the due diligence process
- Assists in developing and facilitating simulated tabletop exercises for clients of all sizes
- Received, Best Lawyers: Ones to Watch recognition for Technology Law (2021-2022)
- Chicago-Kent College of Law (J.D., 2013)
- Member of the Law Review
- Recipient of CALI Awards for the highest grade in legal writing II, legal writing III and disability law
- Judicial extern to the Honorable Robert W. Gettleman of the United States District Court for the Northern District of Illinois
- University of Wisconsin-Madison (B.A., with distinction, 2010)
- Dean’s List
- Member of Sigma Alpha Lambda Honor Society and National Society of Collegiate Scholars
- Admitted to practice in Illinois
- Member of the Chicago Bar Association’s Cyber Law & Data Privacy Committee, the IAPP, and the Midwest Cyber Security Alliance