Samuel (Sam) Goldstick 是一名数据隐私和网络安全律师,就遵守国际、联邦和各州数据隐私和安全法律的各个方面为各行各业的客户提供咨询服务。他是公司技术交易、网络安全和隐私业务部的高级顾问,也是体育娱乐行业团队和创新技术部门的成员。
Sam counsels companies in nearly every sector of the economy — including the retail, hospitality, manufacturing, financial services, health care, insurance, sports, aerospace, energy, government contracting, education, information technology, transportation, and travel industries — on a full array of data privacy and security compliance issues, such as those involving:
- Data breach notification requirements at the state, federal, and international level
- EU and UK General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and other similar comprehensive U.S. state consumer privacy laws
- 《格拉姆-里奇-比利雷法案》(GLBA)
- The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation
- State insurance data security laws (including those modeled after the NAIC model law)
- Illinois’ Biometric Information Privacy Act (BIPA) and other state biometric privacy laws
- Telephone Consumer Protection Act (TCPA) and state law equivalents
- Health Insurance Portability and Accountability Act (HIPAA) and state law equivalents
- Department of Defense (DoD) cybersecurity requirements for federal contractors, including DFARS 252.204-7012, NIST SP 800-171, and CMMC
Sam assists clients of all sizes with their incident preparedness, such as reviewing and updating incident response (IR) policies and procedures, negotiating three-party agreements with forensics and other third-party IR providers to help maintain attorney-client privilege and work product protections during an incident, and running tabletop exercises that simulate real-life cyber-attacks.
On the reactive front, Sam frequently guides clients through the entire incident response process, from the early stages of the investigation to the notification of affected individuals and government regulators, as well as through any resulting enforcement actions or regulatory investigations. To date, Sam has handled hundreds of data breaches and security incidents for clients, and his depth of experience in this area allows him to provide clients with practical and business-oriented solutions in the event of a data incident and its aftermath.
代表经验
- Served as legal advisor to TruStage, a financially strong insurance and financial services provider, in the sale of its Digital Storefront business to Demopolis Equity Partners.
- Negotiated more than 50 different vendors’ GDPR DPAs on behalf of a large financial institutional client.
- Advised a Fortune 10 company on the applicability of new U.S. state comprehensive consumer privacy laws and recommended measures for compliance in connection with a myriad of business initiatives.
- Updated website terms of use and general online and offline privacy policies with jurisdiction-specific addendums (i.e., GDPR, CCPA/CPRA, VCDPA, and CPA) for global retailers, sports clubs, and manufacturers, among many others.
- Developed a practical handbook for a large insurer to use in responding to consumer rights requests under the CCPA/CPRA (with model templates).
- Updated an extensive set of information security policies for a mutual insurance company to align with applicable requirements under HIPAA, PCI DSS, and relevant state insurance data security laws.
- Updated IR and crisis communications policies for, proactively entered into a three-party forensic agreement with an IR provider (to maintain privilege and work product protections) on behalf of and helped facilitate separate tabletop exercises simulating mock breaches for, a global electronics manufacturing services company.
- Counseled a global aerospace defense contractor through a DoD-reportable “cyber incident” involving controlled unclassified information (CUI) and handled regulatory follow-ups on their behalf.
- Guided a self-funded employee health plan through a complex OCR investigation and prepared a sophisticated response with over 20 exhibits to an OCR data request, in connection with a HIPAA breach that affected over 2,000 individuals.
- Guided an insurance vendor through a data breach affecting over 4 million individuals and managed the entire notification process from start to finish (including interfacing with regulators).
奖项与表彰
- Best Lawyers: Ones to Watch in America™ – Technology Law (2021-2025)
附属机构
- Co-Vice Chair, e-Privacy Law Committee, American Bar Association (ABA)
- Certified Information Privacy Professional – United States (CIPP/US)
- Certified Information Privacy Professional – Europe (CIPP/E)
- 国际隐私专业人员协会 (IAPP) 会员
- Member, ABA
- Member, Chicago Bar Association Cyber Law & Data Privacy Committee
- Member, Midwest Cyber Security Alliance (MCSA)
演讲和出版物
- Presenter, “Privacy and Security – 2025 Update,” Annual Conference for the Association of Fraternal Benefit Counsel (AFBC), Savannah, GA (June 13, 2025)
- Co-author, “Gauging Professional Sport Biometric Data Privacy Concerns,” Law360 (May 15, 2025)
- Co-presenter, “State of Confusion: How to Make Sense of Continually Emerging State Privacy Laws,” ABA Privacy and Emerging Technology National Institute and Spring Meeting (PRISM), Washington D.C. (Mar. 21, 2025)
- Co-presenter, “Unsubscribing from Data Risks—Cyber, Privacy, and Crisis Management,” Consumer Brands CPG Legal Forum (February 27, 2025)
- Co-presenter, “Best Practices for Preparing for and Responding to Cybersecurity Incidents,” 33rd Annual Law of Product Distribution & Franchise Seminar (October 23, 2024)
- Moderator, “Masterclass: Supply Chain Due Diligence” Panel, Lexology Live: Cyber Risk, New York, NY (June 20, 2024)
- Co-presenter, “Episode 7: Data Privacy Deadline for Colorado and Connecticut,” Innovative Technology Insights Podcast (July 13, 2023)
- Panelist, “Risky Business,” University of Notre Dame’s IDEA Week (April 20, 2023)
- Co-presenter, “Deadlines Fast Approaching For Compliance with New U.S. Consumer Privacy Laws and Latest Cybersecurity Legal Developments,” Foley’s CLE Weeks (November 16, 2022, and December 14, 2022)
- Co-presenter, “Cybersecurity: Ransomware Update & Anatomy of A Tabletop Exercise” Original Equipment Suppliers Association (OESA) Chief Financial Officers Council Meeting (June 8, 2022)
- Co-presenter, “The Evolving State of Cybersecurity & Consumer Data Privacy Laws in the US and Related Vendor Contract Negotiation Tips,” Foley’s CLE Week (November 18, 2021, and December 15, 2021)
- Co-author, “Appellate Court ruling on limitation periods for biometric data-related claims,” article published by OneTrust DataGuidance (November 2021)
应对供应链网络威胁:在快速演变的网络环境中保护数据和数字供应链
制造业供应链面临不断升级的网络威胁,自 2021 年以来,攻击次数增加了 431%。了解供应商监管不力如何增加风险,以及 C-SCRM 和安全设计等网络弹性战略如何保护运营和提高竞争力"。
富理达为 TruStage™ 出售数字店面业务提供顾问服务
Foley & Lardner LLP 在 TruStage 将其 Digital Storefront 业务出售给 Demopolis Equity Partners 的过程中担任该公司的法律顾问,TruStage 是一家成立于 1935 年、财务实力雄厚的保险和金融服务提供商。
Foley 为 CloserStill Media 收购 Billington Cybersecurity 提供顾问服务
Foley & Lardner LLP 律师事务所为市场领先的商业活动、展览和会议制作商 CloserStill Media 收购美国领先的公共部门网络安全会议和活动组织者 Billington Cybersecurity 担任法律顾问。
/Passle/63109459f636e905f41c4854/MediaLibrary/Images/2025-09-15-16-08-53-602-68c83a15385d1737713c875c.png)
The CMMC Contract Clause Is Here: What Defense Contractors Need to Know
Last week marked an important milestone in the Cybersecurity Maturity Model Certification 2.0 (CMMC) program, the U.S. Department of...
Foley 代表 HeroDevs 获得 PSG 1.25 亿美元战略增长投资
Foley & Lardner LLP 代表 HeroDevs 获得了 PSG 1.25 亿美元的战略增长投资,PSG 是一家专注于软件和技术服务公司的成长型股权投资公司。现有投资者 Album 也参与了本轮投资。
Gauging Professional Sport Biometric Data Privacy Concerns
In today's data-driven sports industry, teams, leagues and sponsors increasingly rely on biometric and performance data to enhance player performance, prevent injuries and optimize contract negotiations. Such data collection often includes highly sensitive physiological and health information that goes beyond mere statistics, prompting additional ethical and legal considerations.