어두운 정장에 주황색 넥타이를 맨 소송 지원 전문 변호사가 흐릿한 실내 배경을 배경으로 카메라를 향해 미소를 짓고 있습니다.

사무엘 D. 골드스틱

수석 고문

뒤로

사무엘 D. 골드스틱

수석 고문

[email protected]

Chicago 312.832.4915

섹터

혁신적인 기술

연습 영역

교육

Chicago-Kent College of Law (J.D., 2013)
- Member, Law Review
- Recipient of CALI Awards, highest grade in Legal Writing II, Legal Writing III and Disability Law
- Judicial extern to the Honorable Robert W. Gettleman, United States District Court, Northern District of Illinois
University of Wisconsin, Madison (B.A., with distinction, 2010)
- Dean’s List
- Member, Sigma Alpha Lambda Honor Society and National Society of Collegiate Scholars

입학

Illinois

사무엘 (샘) 골드스틱은 데이터 개인정보 보호 및 사이버 보안 변호사로, 다양한 산업 분야의 고객에게 국제, 연방 및 주 데이터 개인정보 보호 및 보안법 준수와 관련된 모든 측면에 대해 자문을 제공합니다. 그는 회사의 기술 거래, 사이버 보안 및 개인정보 보호 분야의 선임 변호사이자 스포츠 및 엔터테인먼트 산업 팀과 혁신 기술 부문의 일원으로 활동하고 있습니다.

Sam counsels companies in nearly every sector of the economy — including the retail, hospitality, manufacturing, financial services, health care, insurance, sports, aerospace, energy, government contracting, education, information technology, transportation, and travel industries — on a full array of data privacy and security compliance issues, such as those involving:

Data breach notification requirements at the state, federal, and international level
EU and UK General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and other similar comprehensive U.S. state consumer privacy laws
Gramm-Leach-Bliley Act (GLBA)
The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation
State insurance data security laws (including those modeled after the NAIC model law)
Illinois’ Biometric Information Privacy Act (BIPA) and other state biometric privacy laws
Telephone Consumer Protection Act (TCPA) and state law equivalents
Health Insurance Portability and Accountability Act (HIPAA) and state law equivalents
Department of Defense (DoD) cybersecurity requirements for federal contractors, including DFARS 252.204-7012, NIST SP 800-171, and CMMC

Sam assists clients of all sizes with their incident preparedness, such as reviewing and updating incident response (IR) policies and procedures, negotiating three-party agreements with forensics and other third-party IR providers to help maintain attorney-client privilege and work product protections during an incident, and running tabletop exercises that simulate real-life cyber-attacks.

On the reactive front, Sam frequently guides clients through the entire incident response process, from the early stages of the investigation to the notification of affected individuals and government regulators, as well as through any resulting enforcement actions or regulatory investigations. To date, Sam has handled hundreds of data breaches and security incidents for clients, and his depth of experience in this area allows him to provide clients with practical and business-oriented solutions in the event of a data incident and its aftermath.

대표 경험

Served as legal advisor to TruStage, a financially strong insurance and financial services provider, in the sale of its Digital Storefront business to Demopolis Equity Partners.
Negotiated more than 50 different vendors’ GDPR DPAs on behalf of a large financial institutional client.
Advised a Fortune 10 company on the applicability of new U.S. state comprehensive consumer privacy laws and recommended measures for compliance in connection with a myriad of business initiatives.
Updated website terms of use and general online and offline privacy policies with jurisdiction-specific addendums (i.e., GDPR, CCPA/CPRA, VCDPA, and CPA) for global retailers, sports clubs, and manufacturers, among many others.
Developed a practical handbook for a large insurer to use in responding to consumer rights requests under the CCPA/CPRA (with model templates).
Updated an extensive set of information security policies for a mutual insurance company to align with applicable requirements under HIPAA, PCI DSS, and relevant state insurance data security laws.
Updated IR and crisis communications policies for, proactively entered into a three-party forensic agreement with an IR provider (to maintain privilege and work product protections) on behalf of and helped facilitate separate tabletop exercises simulating mock breaches for, a global electronics manufacturing services company.
Counseled a global aerospace defense contractor through a DoD-reportable “cyber incident” involving controlled unclassified information (CUI) and handled regulatory follow-ups on their behalf.
Guided a self-funded employee health plan through a complex OCR investigation and prepared a sophisticated response with over 20 exhibits to an OCR data request, in connection with a HIPAA breach that affected over 2,000 individuals.
Guided an insurance vendor through a data breach affecting over 4 million individuals and managed the entire notification process from start to finish (including interfacing with regulators).

수상 및 표창

Best Lawyers: Ones to Watch in America™ – Technology Law (2021-2025)

제휴

Co-Vice Chair, e-Privacy Law Committee, American Bar Association (ABA)
Certified Information Privacy Professional – United States (CIPP/US)
Certified Information Privacy Professional – Europe (CIPP/E)
회원, 국제 개인정보 보호 전문가 협회(IAPP)
Member, ABA
Member, Chicago Bar Association Cyber Law & Data Privacy Committee
Member, Midwest Cyber Security Alliance (MCSA)

프레젠테이션 및 출판물

Presenter, “Privacy and Security – 2025 Update,” Annual Conference for the Association of Fraternal Benefit Counsel (AFBC), Savannah, GA (June 13, 2025)
Co-author, “Gauging Professional Sport Biometric Data Privacy Concerns,” Law360 (May 15, 2025)
Co-presenter, “State of Confusion: How to Make Sense of Continually Emerging State Privacy Laws,” ABA Privacy and Emerging Technology National Institute and Spring Meeting (PRISM), Washington D.C. (Mar. 21, 2025)
Co-presenter, “Unsubscribing from Data Risks—Cyber, Privacy, and Crisis Management,” Consumer Brands CPG Legal Forum (February 27, 2025)
Co-presenter, “Best Practices for Preparing for and Responding to Cybersecurity Incidents,” 33rd Annual Law of Product Distribution & Franchise Seminar (October 23, 2024)
Moderator, “Masterclass: Supply Chain Due Diligence” Panel, Lexology Live: Cyber Risk, New York, NY (June 20, 2024)
Co-presenter, “Episode 7: Data Privacy Deadline for Colorado and Connecticut,” Innovative Technology Insights Podcast (July 13, 2023)
Panelist, “Risky Business,” University of Notre Dame’s IDEA Week (April 20, 2023)
Co-presenter, “Deadlines Fast Approaching For Compliance with New U.S. Consumer Privacy Laws and Latest Cybersecurity Legal Developments,” Foley’s CLE Weeks (November 16, 2022, and December 14, 2022)
Co-presenter, “Cybersecurity: Ransomware Update & Anatomy of A Tabletop Exercise” Original Equipment Suppliers Association (OESA) Chief Financial Officers Council Meeting (June 8, 2022)
Co-presenter, “The Evolving State of Cybersecurity & Consumer Data Privacy Laws in the US and Related Vendor Contract Negotiation Tips,” Foley’s CLE Week (November 18, 2021, and December 15, 2021)
Co-author, “Appellate Court ruling on limitation periods for biometric data-related claims,” article published by OneTrust DataGuidance (November 2021)

어두운 회로 기판 배경에 디지털 보안을 상징하는 중앙에 빛나는 자물쇠 아이콘이 있는 컴퓨터 칩입니다.

2025년 10월 29일 제조 산업 어드바이저

사무엘 D. 골드스틱

수석 고문

사무엘 D. 골드스틱

수석 고문

섹터

연습 영역

교육

입학

대표 경험

수상 및 표창

제휴

프레젠테이션 및 출판물

공급망 사이버 위협에 대처하기: 빠르게 진화하는 사이버 환경에서 데이터 보호 및 디지털 공급망 보호하기

폴리, 트루스테이지에 디지털 매장 비즈니스 매각 자문 제공

폴리, 빌링턴 사이버보안 인수에 클로저스틸 미디어 자문 제공

The CMMC Contract Clause Is Here: What Defense Contractors Need to Know

폴리, 히어로데브스 대표로 PSG로부터 1억 2,500만 달러 전략적 성장 투자 유치

Gauging Professional Sport Biometric Data Privacy Concerns