Overview
Cathy Lee focuses her practice on privacy and cybersecurity matters, advising clients on both domestic and international privacy and cybersecurity laws and regulations, including the Federal Trade Commission (FTC) Act, EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and US state data breach notification laws.
She has experience designing and helping clients implement compliance programs, including advising on digital advertising compliance, data mapping, internal and external privacy policies and procedures, data subject request processes and cross-border data transfers mechanisms. Cathy has drafted and negotiated numerous vendor data processing agreements. In addition, she routinely performs privacy and cybersecurity due diligence for corporate transactions, catering to companies spanning diverse industries.
Cathy counsels on cybersecurity matters, including incident response. She has conducted internal security incident investigations and assisted with remediation measures. Cathy has significant experience helping clients meet regulatory and legal notification obligations in the event of a security incident, including under both US state data breach notification laws and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
During law school, Cathy was editor-in-chief for the American Intellectual Property Law Association Quarterly Journal.
Credentials
Education
The George Washington University Law School, JD, cum laude, 2020
The Johns Hopkins University, BA, 2014
Admissions
District of Columbia