Samuel (Sam) Goldstick is a data privacy and cybersecurity associate at Foley & Lardner LLP. He is a member of the firm’s Technology Transactions & Outsourcing, Cybersecurity and Privacy, Security & Information Management Practices, as well as the Technology & Health Care Industry Teams. He also is accredited by the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional in both United States and European privacy law (CIPP/US and CIPP/E).
Sam focuses his practice on advising clients on all aspects of compliance with federal, state and international data privacy and security laws, such as the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Gramm-Leach-Bliley Act (GLBA). He frequently guides clients through data incident management and the entire breach notification process, from the early stages of investigation to the notification of affected individuals as well as state and federal government regulators.
To date, Sam has handled more than 400 data breaches and non-reportable security incidents involving system-wide malware attacks, phishing schemes, ransomware infections, lost or stolen laptops/paper documents, insider wrongdoing and misdirected communications on behalf of clients operating in a wide range of industries, including financial services, health care, higher education, hospitality, insurance, manufacturing, and retail. He also prepares, updates and advises clients on their privacy, data security, and incident response policies and procedures, as well as third-party vendor agreements.
- Assists clients as a “breach coach” by managing all phases of the incident response process, including investigation, containment, notification, remediation and regulator interface.
- Develops enterprise-wide privacy and security compliance programs for domestic and international clients operating in a broad range of industries.
- Assists in drafting and revising data privacy and security policies and procedures.
- Creates and counsels clients on security incident response plans.
- Negotiates data privacy and security issues in contracts, including GDPR data processing agreements, CCPA service provider addendums, and HIPAA business associate agreements.
- Counsels clients on compliance issues related to a myriad of privacy and security laws, including CCPA/CPRA, VCDPA, CPA, GDPR, HIPAA, GLBA, CAN-SPAM, COPPA, TCPA, as well as state, federal, and international breach notification requirements.
- Assists clients undergoing investigations by the Office for Civil Rights (OCR) and State Attorneys General.
- Reviews and advises on the overall state of data privacy and security compliance during the due diligence process in M&A transactions (buy-side and sell-side).
- Assists in developing and facilitating simulated tabletop exercises for clients of all sizes.
- Received, Best Lawyers: Ones to Watch recognition for Technology Law (2021-2023)
- Chicago-Kent College of Law (J.D., 2013)
- Member of the Law Review
- Recipient of CALI Awards for the highest grade in legal writing II, legal writing III and disability law
- Judicial extern to the Honorable Robert W. Gettleman of the United States District Court for the Northern District of Illinois
- University of Wisconsin-Madison (B.A., with distinction, 2010)
- Dean’s List
- Member of Sigma Alpha Lambda Honor Society and National Society of Collegiate Scholars
Sam holds the Certified Information Privacy Professional/United States (CIPP/US) and Certified Information Privacy Professional/Europe (CIPP/E) credentials, considered global gold standards and key industry benchmarks accredited by the International Association of Privacy Professionals (IAPP).
- Co-presenter, “Cybersecurity: Ransomware Update & Anatomy of A Tabletop Exercise” Original Equipment Suppliers Association (OESA) Chief Financial Officers Council Meeting (June 8, 2022)
- Co-presenter, “The Evolving State of Cybersecurity & Consumer Data Privacy Laws in the US and Related Vendor Contract Negotiation Tips,” Foley’s CLE Week (November 18, 2021 and December 15, 2021)
- Co-author, “Appellate Court ruling on limitation periods for biometric data-related claims,” Article Published by OneTrust DataGuidance (November 2021)
- Admitted to practice in Illinois
- Member of the Chicago Bar Association’s Cyber Law & Data Privacy Committee, the IAPP, and the Midwest Cyber Security Alliance