Overview
Results
Recognition
Community
Credentials
Insights & Events/Media

HOME
PEOPLE
Amy C. Pimentel

Overview

Amy C. Pimentel focuses her practice on data privacy and cybersecurity. Her clients operate in a variety of industries in the United States and internationally, including health care, consumer products, retail, food and beverage, technology, banking and other financial services.

Amy assists clients in identifying, evaluating and remediating privacy and data security risks on an enterprise level and global scale. She focuses on customizing pragmatic approaches to privacy, cybersecurity and other information management compliance matters, and advising on best practices that reflect a harmonization of international regulatory requirements. Amy also manages large and complex cyber incidents by guiding clients through the phases of breach response and post-incident remediation. In addition, Amy identifies and evaluates privacy and security risks in mergers, acquisitions and other corporate transactions.

In addition to data privacy and cybersecurity, Amy also helps health industry clients with their transaction and regulatory compliance needs. Amy has drafted employment, service and affiliation agreements between various players in the health care industry. She also has experience acting as an interim privacy officer of a large regional hospital system.

Amy has been published in the Buffalo Law Review and the Benefits Law Journal. While in law school, Amy worked at the US Department of Justice in the Office of International Affairs and interned in the Appeals Chamber of the International Criminal Tribunal for the Former Yugoslavia in The Hague, The Netherlands.

Show Less

Results

Advised an international e-commerce retailor regarding the global implementation of a GDPR compliance program, including assessment of current practices, analysis of gaps, development of work plan and assistance in implementation of compliance actions
Advised clients on the implementation of data transfer mechanisms, including EU Model Clauses and the EU-US and Swiss-US Privacy Shield
Worked with a multinational manufacturer and distributor of food products to develop internationally compliant privacy and data security policies that articulate the company’s position on how it handles information it receives and uses in the normal course of business

Managed the development of a global data privacy assessment of a multibillion-dollar food service company to evaluate the process through which it collects, stores, protects, shares and manages information in more than 100 countries
Developed a data privacy risk assessment that leverages in-depth analyses of the data collection consent laws in Europe, Asia, the Americas, the Middle East and Africa to help a multinational tech firm better strategize its global privacy and data protection approaches
Developed a records retention policy and schedule for a multinational software company that complied with records retention requirements across seven different countries
Vetted privacy and security risks in a private equity fund’s multimillion-dollar acquisition of a national data broker
Performed and documented HIPAA breach analyses for a large regional hospital system to assess whether uses and disclosures of protected health information resulted in a reportable breach, drafting notification letters when appropriate
Provided transactional support, conducted due diligence and advised on material risks in a transaction involving a private equity-backed portfolio company acquiring multiple community-based and regional healthcare providers

Show Less

Recognitions

Super Lawyers, Rising Star, 2018
Northeastern University School of Law, Equal Justice America Fellow and PHRGE Fellow

Community

Boston Bar Association
American Health Lawyers Association
International Association of Privacy Professionals
Filipino American Lawyers Association of Massachusetts, founding member

Credentials

Education
Northeastern University School of Law, JD, 2014
Duke University, BA, 2007

Admissions
Massachusetts

Languages
English
Spanish

Amy C. Pimentel

Associate | Boston

Boston: +1 617 535 3948

Boston: +1 617 535 3800

VCARD

PDF

Services & Industries:

Regional Markets:

Global Privacy & Cybersecurity

Autonomous Vehicles

Consumer Data & Digital Marketing

Cross-Border Data Protection

Data Breach Management

Data Licensing & Strategies

Employer Data Privacy

Health Information Privacy

Information Security & Risk Mitigation

Privacy Litigation & Governmental Investigations

Regulatory, Government & Lobbying Strategies

Healthcare

Digital Health

United States

Amy C. Pimentel

Insights & Events / Media

Filter by:

McDermott Event Publications Speaking Engagements

United States / McDermott Event / February 2020

CCPA Compliance: An Interactive Workshop | February

On the Subject / January 8, 2020

Little by Little, Attorney General Becerra Sheds Light on the CCPA in 2020

United States / McDermott Event / January 2020

CCPA Compliance: An Interactive Workshop | January

United States / McDermott Event / December 2019

Countdown to CCPA: An Interactive Compliance Workshop | December

United States / McDermott Event / November 2019

Countdown to CCPA: An Interactive Compliance Workshop | November

United States / McDermott Event / October 2019

Countdown to CCPA: An Interactive Compliance Workshop | October

On the Subject / September 20, 2019

CCPA Update: Changes, Clarifications, but no Major Overhaul Heading to Governor's Desk

San Francisco, CA / McDermott Event / September 10, 2019

2019 Privacy & Cybersecurity Risk Management Series | Insights on Cybersecurity and Data Privacy for ...

Wolters Kluwer / August 2019

Implementing the EU-U.S. Privacy Shield

New York, NY / McDermott Event / June 18, 2019

2019 Privacy & Cybersecurity Risk Management Series | Insights on Cybersecurity and Data Privacy

On the Subject / May 9, 2019

OCR Corrects Past Misinterpretation of HIPAA Annual Penalty Limits, Signaling Potential Relief ...

Washington, DC / Speaking Engagements / April 5, 2019

International Privacy + Security Forum

Boston, Massachusetts / Speaking Engagements / March 19, 2019

IAPP KnowledgeNet

Boston, Massachusetts / Speaking Engagements / February 19, 2019

Online Privacy and Internet Law

Webcast / McDermott Event / December 5, 2018

Global Privacy & Cybersecurity Webcast Series | Year in Review

Massachusetts Lawyers Weekly / October 26, 2018

GDPR 6 Months After Implementation: Where Are We Now?

On the Subject / June 29, 2018

California Enacts a Groundbreaking New Privacy Law

Boston, Massachusetts / Speaking Engagements / June 20, 2018

GDPR: Where are we now?

On the Subject / May 2, 2018

The Continuing Disconnect between the Health Care Industry and OCR on HIPAA’...

International News / April 2018

Tracking the Emerging Global Regulation of Cybersecurity & Privacy in Autonomous Vehicles

AHLA (American Health Lawyers Association) / March 2018

The Law of Digital Health

Washington, District of Columbia / Speaking Engagements / February 6, 2018

ACC Foundation Cybersecurity Summit

On the Subject / February 5, 2018

Does GDPR Regulate My Research Studies in the United States?

Boston, Massachusetts / Speaking Engagements / January 29, 2018

IAPP KnowledgeNet

Special Report / January 22, 2018

A Short Primer on Autonomous and Connected Vehicle Regulation

Ontario, Canada / Speaking Engagements / October 11, 2017

Privacy Across Borders Information Technology and Intellectual Property Law & Privacy and ...

On the Subject / October 10, 2017

Irish Court Casts Serious Doubt on EU Model Clauses

Chicago, Illinois / Speaking Engagements / September 27, 2017

Reassess, Reinforce, Resolve: Cybersecurity Best Practices in Health Care

On the Subject / September 25, 2017

The Department of Transportation Helps Clear the Road for Autonomous Vehicles

Publications / August 2017

Privacy Shield Implementation and How-To Kit from McDermott Will & Emery

Webcast / McDermott Event / May 24, 2017

Global Privacy & Cybersecurity Webcast Series | Data Breach — Challenges in Responding to Large ...

On the Subject / May 15, 2017

The First 24 Hours: How to Prepare and Respond to a Major Cybersecurity ...

Boston, Massachusetts / Speaking Engagements / March 23, 2017

Privacy Shield – A “How-to” Guide on Navigating its Process, Risks and Opportunities

Bloomberg BNA Health IT Law and Industry Report / January 2, 2017

Concerns Grow that Telephone Consumer Protection Act May Frustrate Patient Engagement Goals

On the Subject / November 11, 2015

HHS Office of Inspector General Calls for Increased Oversight and Enforcement of ...

On the Subject / May 4, 2015

Where Are We Now? The NIST Cybersecurity Framework One Year Later

On the Subject / February 20, 2015

Employers with Group Health Plans: Have You Notified State Regulators of the ...

Special Report / February 12, 2015

The White House Calls for Action Where Congress Has Failed to Deliver

Law360 / December 19, 2014

Tracking State Data Protection Enforcement In 2014

Special Report / December 10, 2014

Privacy and Data Protection: 2014 Year in Review

Buffalo Law Review, Vol. 62, 933 / August 2014

Taking Climate Change by Storm: Theorizing Global and Local Policy-Making in Response ...

... 7

Filter by:

Coverage

Chiropractic Economics / May 21, 2018

HIPAA Consulting Vendors Often Misinterpret a Key Compliance Requirement

Security Week / September 6, 2016

Google Signs Up For EU/U.S. Privacy Shield