Amy assists clients in identifying, evaluating and remediating privacy and data security risks on an enterprise level and global scale. She focuses on customizing pragmatic approaches to privacy, cybersecurity and other information management compliance matters, and advising on best practices that reflect a harmonization of international regulatory requirements. Amy also manages large and complex cyber incidents by guiding clients through the phases of breach response and post-incident remediation. In addition, Amy identifies and evaluates privacy and security risks in mergers, acquisitions and other corporate transactions.

In addition to data privacy and cybersecurity, Amy also helps health industry clients with their transaction and regulatory compliance needs. Amy has drafted employment, service and affiliation agreements between various players in the health care industry. She also has experience acting as an interim privacy officer of a large regional hospital system.

Amy has been published in the Buffalo Law Review and the Benefits Law Journal. While in law school, Amy worked at the US Department of Justice in the Office of International Affairs and interned in the Appeals Chamber of the International Criminal Tribunal for the Former Yugoslavia in The Hague, The Netherlands.

Show Less

• Managed the development of a global data privacy assessment of a multibillion-dollar food service company to evaluate the process through which it collects, stores, protects, shares and manages information in more than 100 countries
• Developed a data privacy risk assessment that leverages in-depth analyses of the data collection consent laws in Europe, Asia, the Americas, the Middle East and Africa to help a multinational tech firm better strategize its global privacy and data protection approaches
• Developed a records retention policy and schedule for a multinational software company that complied with records retention requirements across seven different countries
• Vetted privacy and security risks in a private equity fund’s multimillion-dollar acquisition of a national data broker
• Performed and documented HIPAA breach analyses for a large regional hospital system to assess whether uses and disclosures of protected health information resulted in a reportable breach, drafting notification letters when appropriate
• Provided transactional support, conducted due diligence and advised on material risks in a transaction involving a private equity-backed portfolio company acquiring multiple community-based and regional health care providers

Show Less