Catherine Zhu is a leading business, commercial and privacy lawyer, based in the Bay Area. She advises innovative and emerging technology companies on business expansion, go-to-market and commercialization, IP licensing and monetization, and data privacy compliance, governance, and risk management. Catherine helps her clients achieve their business objectives through finding risk-balanced solutions to legal issues and navigating complex legal frameworks with precision. See what clients are saying.
To date, Catherine has represented hundreds of technology companies and has extensive experience with:
- Data analytics, data enrichment, and other data intelligence
- Artificial intelligence (AI)
- Product-led growth in Software as a Service (SaaS), Platform as a Service (PaaS) and other subscription models
- Data-driven transportation and mobility services
- Emerging technologies and innovative consumer products
- Blockchain-based products and services
- Marketplace and community platforms
Catherine is a Bay Area native, where as a child she was exposed to innovative technology companies through her parents, both Silicon Valley engineers. Catherine started her legal career advising startups and technology companies. Prior to joining Foley, Catherine founded a boutique law firm specializing in data privacy and commercial transactions that aimed to create a best-in-class legal experience by leading with business-intelligent and ops-oriented advising. Catherine has also previously practiced in the commercial transactions and data privacy group at Atrium, a venture-backed law firm and Y-Combinator top 100 startup, and prior to Atrium, she was a member of the technology transactions group at an Am Law top 15 law firm. Having both worked at a startup and been a founder herself, Catherine’s practice resonates with entrepreneurs by emphasizing strategic counseling, process and operational efficiency, and creative problem-solving.
- Catherine publishes a quarterly op-ed column in Reuters, where she identifies and analyzes frontier privacy and legal issues affecting technology companies. Her first column, “Dark patterns — a new frontier in privacy regulation,” Reuters (July 29, 2021), was widely received and picked up by the International Association of Privacy Professionals (IAPP).
- Catherine is the co-author of Mondaq’s US Artificial Intelligence Guide, which forms part of a comprehensive AI law guide referenced by legal practitioners. Catherine is also co-author of Legal Guide to Launching an NFT Marketplace, which was ranked by Mondaq as the most widely read legal publication from February to May 2021.
- Catherine has published (and continues to publish) articles on current data privacy and emerging technology topics, select examples below. For a full list of publications, please see here.
- Author, “Is China’s New Personal Information Privacy Law the New GDPR?” Bloomberg Law® (September 17, 2021)
- Author, “The New SCCs Are Here. What Does This Mean for Non-EU Companies?” Law.com (June 10, 2021)
- Author, “Is ‘Privacy Debt’ Derailing Your Company? How to Build for Data Protection,” (April 27, 2021)
- Author, “Designing Data Privacy and Protection for Competitive Advantage,” IPWatchdog (November 2, 2020)
- Catherine is frequently quoted in leading publications as an expert on data privacy and emerging technology topics, including for Crunchbase News, Bloomberg Law, Rolling Stone Magazine, and others. She has also presented on these topics at TechGC, Saastr Annual, and other programs. For a full list, please see here.
- Outside Commercial, Privacy, and Product Counsel to Data Intelligence Companies. Advised multiple data intelligence companies comprehensively on commercial contracts, data privacy compliance, and privacy-by-design product development. Data intelligence companies process large volumes of data and, as a result, encounter unique privacy, product, commercial, and operational issues requiring an attorney who can synthesize these areas of expertise. Catherine’s full-stack advising helped these companies implement privacy compliance and risk mitigation at a global scale, while achieving revenue and growth objectives.
- Commercial and Legal Advisor to Product-Led Growth Companies. Advised companies in developing commercial agreement templates, playbooks, and related materials to enable scaling through product-led growth. These companies felt that their existing commercial agreement templates and processes were slowing down growth and customer acquisition. Catherine’s advising helped these companies reduce legal friction in the customer acquisition process and establish a risk-balanced legal framework to supercharge their sales operations.
- Outside US General Counsel for Data-Driven International Startups. Advised international data-driven companies seeking to expand their business to the US, including counseling on US entity formation, US employment and compensation matters, tax considerations, international data transfer considerations, and other regulatory compliance, and adapting commercial contracts to US market standards. Catherine’s advising helped these companies expand to the US in a manner that is optimal for venture capital funding.
- Outside Legal Advisor for Global Data Privacy and International Data Transfers. Advised both US and international companies seeking conduct business and transfer data globally. The work involved developing “globally-flexible” data processing agreements that both minimizes risk to the company while meeting requirements under prevailing privacy regulations, updating privacy policies and notices, implementation of standard contractual clauses, navigating privacy and security diligence questionnaires, conducting transfer impact assessments, developing government access response policies, and counseling regarding data governance. Catherine’s advising helped these companies identify and achieve compliance objectives while mitigating regulatory risk.
- Outside Legal Advisor for US Multi-State Privacy Compliance. Advised companies seeking to understand and comply with US consumer privacy regulations, including CCPA, SB-220, and the upcoming CPRA, VCDPA, CoPA, as well as state-level data broker registration requirements. The work involved advising on data governance, conducting data protection impact assessments, updating privacy policies and notices, implementing employee privacy and security training, and counseling on required responses to data subject requests. Catherine’s advising helped these companies identify and achieve compliance objectives while mitigating regulatory risk.
- Lead Advisor to NBA Teams in Launching History-Making NFT Drops. Advised both the Milwaukee Bucks and the Utah Jazz teams on their respective NFT drops. The Milwaukee Bucks was the second NBA team (after the Warriors) to launch their own collectible NFT. The legal work was groundbreaking at the time and picked up by the Wisconsin Law Journal in their publication “Making Digital History.” The Utah Jazz was the third NBA team to launch their own NFT, and the first team in professional sports to sell NFTs that represented exclusive access to a fan meet-and-greet event hosted in the metaverse.
- Outside Legal Counsel for Complex Technology Agreements. Advised large insurance provider in re-negotiating software license and related agreements with a critical technology vendor. The company sought assistance due to underperformance by the technology vendor and felt the existing agreement was lacking. Catherine’s advising enabled the company to re-negotiate the agreement to minimize the company’s data risk exposure through the vendor, build in performance incentives, and hold the vendor legally accountable for non-performance.
- Technology Transactions and Data Privacy Subject Matter Expert. Catherine has advised in numerous venture capital, private equity and strategic acquisition transactions regarding data privacy and technology transaction matters.
“Huge thanks [to] Catherine for the quick response and on point advice. Catherine's guidance was exactly what we needed. She astutely addressed our concerns and the potential issues and provided a practical business solution within 30 minutes.. she will be my first call for privacy issues moving forward. Looking forward to our continued collaboration.”
– Deputy General Counsel, International Food Delivery Company
“Thank you so very much for this explanation -clear as day. And super helpful as we navigate these new waters.”
– COO, Events Technology Company
“I have worked at many SaaS companies in my career, and Catherine is by far the best outside counsel I have worked with. Highly recommend.”
– Cailen Dsa, VP of Sales
“Catherine knows what startups need and always delivers actionable legal advice that is relevant to our business objectives. We talked to many potential privacy attorneys before deciding to work with Catherine - unlike others we spoke with, Catherine does not tend to engage in long academic discussions or hypotheticals that have limited practical application. She is good at asking the right questions to understand our business model and products, and then is able to provide right-sized legal advice tailored to our situation that we can put to use and deliver value to our organization.
– James Wan, General Counsel
“6 months ago, our terms were being torn apart by our enterprise prospects’ legal teams. We’d get a mess of redlines back by these lawyers and it was taking months of painful conversations to work through it all. Catherine worked with us to refresh our subscription agreement to be more standard for these US legal teams – we now see minimal pushback and spend less of our time emailing lawyers. She's jumped on calls at short notice to negotiate agreements directly with our prospect's lawyers where we'd otherwise be lost.
She's also been instrumental in maturing our GDPR, privacy, and data processing documentation which has enabled us to sell to EU customers with relative ease. Cannot recommend her strongly enough to anyone hitting legal friction selling into US or trying to navigate GDPR and privacy law with EU customers.”
– Kai Forsyth, Head of Revenue Operations
“The best lawyers are not only able to help you triangulate and understand legal risks, they're also able to help you make informed decisions considering the business realities as well. By having a clear understanding of Clearbit's business and technology, Catherine is able to provide informed counsel regarding our legal risks. Through this informed and proactive approach, Catherine has cut down our legal review and processing time by two thirds. With Catherine's responsiveness, we beat our revenue goals and within striking distance of our stretch goal.”
– Sales Leader, Clearbit
- Harvard Law School (J.D.)
- Haas School of Business, University of California, Berkeley (B.S., cum laude)
- University of California, Berkeley (B.A.)