Overview
Results
Recognition
Community
Credentials
Insights & Events/Media

HOME
PEOPLE
Amy C. Pimentel

Overview

Amy C. Pimentel advises clients on U.S. and international data protection, privacy and cybersecurity. Her clients are diverse – from multinational Fortune 500 companies to start-ups – and operate in a variety of industries, including health care, technology, consumer products, retail, media, and financial services.

Amy is skilled at harmonizing requirements across industries and jurisdictions to build practical, risk-based and business-focused global privacy and cybersecurity programs. In the U.S., this includes advising on federal and state laws such as HIPAA, FCRA, GLBA, TCPA, CAN-SPAM, CCPA, state breach notification laws, and state data security laws, as well as existing self-regulatory frameworks, including those covering online advertising and payment card processing. She works with clients to understand their obligations under international laws such as PIPEDA, the GDPR and ePrivacy, and China’s cybersecurity and privacy laws, and helps clients implement cross-border transfer mechanisms, such as Privacy Shield and EU Model Clauses, to enable the flow of data between company entities and third parties.

Amy also manages large and complex cyber incidents by guiding clients through the phases of breach response and post-incident remediation. She has teamed with forensic vendors and other consultants to help clients investigate, remediate, mitigate and notify required parties. She has also teamed with her white collar and litigation colleagues to manage and respond to ensuing government investigations.

In addition, Amy helps clients, implement pragmatic and approaches to managing and leveraging big data, advises clients through comprehensive privacy and cybersecurity assessments, vets privacy and security risks in corporate transactions, and she drafts and negotiates contracts concerning data-related partners and vendors.

Show Less

Results

Developed and implemented GDPR and CCPA compliance programs for numerous US and international organizations, advising on, as applicable, GDPR and CCPA applicability analysis, data mapping, data transfer mechanisms, privacy notices, consent mechanisms, data subject and consumer rights, data security assessments, breach response programs, selection of Data Protection Officers and EU Representatives, and employee training
Managed the development of a global data privacy assessment of a multibillion-dollar food service company to evaluate the process through which it collects, stores, protects, shares and manages information in more than 100 countries
Developed a data privacy risk assessment that leverages in-depth analyses of the data collection consent laws in Europe, Asia, the Americas, the Middle East and Africa to help a multinational tech firm better strategize its global privacy and data protection approaches

Developed a global records retention policy and schedule for a multinational software company that complied with records retention requirements across seven different countries
Vetted privacy and security risks in a private equity fund’s multimillion-dollar acquisition of four national data brokers, and advised on post-closing implementation of privacy and security controls.
Performed and documented HIPAA breach analyses for a large regional hospital system to assess whether uses and disclosures of protected health information resulted in a reportable breach, drafting notification letters when appropriate
Acted as an interim privacy officer for a large regional hospital system

Show Less

Recognitions

Super Lawyers, Rising Star, 2018-2019
Northeastern University School of Law, Equal Justice America Fellow and PHRGE Fellow

Community

Boston Bar Association
American Health Lawyers Association
International Association of Privacy Professionals
Filipino American Lawyers Association of Massachusetts, founding member

Credentials

Education
Northeastern University School of Law, JD, 2014
Duke University, BA, 2007

Admissions
Massachusetts

Languages
English
Spanish

Amy C. Pimentel

Associate | Boston

Boston: +1 617 535 3948

Boston: +1 617 535 3800

VCARD

PDF

Services & Industries:

Regional Markets:

Global Privacy & Cybersecurity

Autonomous Vehicles

Consumer Data & Digital Marketing

Cross-Border Data Protection

Data Breach Management

Data Licensing & Strategies

Employer Data Privacy

Health Information Privacy

Information Security & Risk Mitigation

Privacy Litigation & Governmental Investigations

Regulatory, Government & Lobbying Strategies

Healthcare

Digital Health

United States

Amy C. Pimentel

Insights & Events / Media

Filter by:

McDermott Event Publications Speaking Engagements

United States / McDermott Event / February 2020

CCPA Compliance: An Interactive Workshop | February

On the Subject / January 8, 2020

A Sale, or Not a Sale? The Digital Advertising Debate

On the Subject / January 8, 2020

Little by Little, Attorney General Becerra Sheds Light on the CCPA in 2020

United States / McDermott Event / January 2020

CCPA Compliance: An Interactive Workshop | January

United States / McDermott Event / December 2019

Countdown to CCPA: An Interactive Compliance Workshop | December

United States / McDermott Event / November 2019

Countdown to CCPA: An Interactive Compliance Workshop | November

United States / McDermott Event / October 2019

Countdown to CCPA: An Interactive Compliance Workshop | October

On the Subject / September 20, 2019

CCPA Update: Changes, Clarifications, but no Major Overhaul Heading to Governor's Desk

San Francisco, CA / McDermott Event / September 10, 2019

2019 Privacy & Cybersecurity Risk Management Series | Insights on Cybersecurity and Data Privacy for ...

Wolters Kluwer / August 2019

Implementing the EU-U.S. Privacy Shield

New York, NY / McDermott Event / June 18, 2019

2019 Privacy & Cybersecurity Risk Management Series | Insights on Cybersecurity and Data Privacy

On the Subject / May 9, 2019

OCR Corrects Past Misinterpretation of HIPAA Annual Penalty Limits, Signaling Potential Relief ...

Washington, DC / Speaking Engagements / April 5, 2019

International Privacy + Security Forum

Boston, Massachusetts / Speaking Engagements / March 19, 2019

IAPP KnowledgeNet

Boston, Massachusetts / Speaking Engagements / February 19, 2019

Online Privacy and Internet Law

Webcast / McDermott Event / December 5, 2018

Global Privacy & Cybersecurity Webcast Series | Year in Review

Massachusetts Lawyers Weekly / October 26, 2018

GDPR 6 Months After Implementation: Where Are We Now?

On the Subject / June 29, 2018

California Enacts a Groundbreaking New Privacy Law

Boston, Massachusetts / Speaking Engagements / June 20, 2018

GDPR: Where are we now?

On the Subject / May 2, 2018

The Continuing Disconnect between the Health Care Industry and OCR on HIPAA’...

International News / April 2018

Tracking the Emerging Global Regulation of Cybersecurity & Privacy in Autonomous Vehicles

AHLA (American Health Lawyers Association) / March 2018

The Law of Digital Health

Washington, District of Columbia / Speaking Engagements / February 6, 2018

ACC Foundation Cybersecurity Summit

On the Subject / February 5, 2018

Does GDPR Regulate My Research Studies in the United States?

Boston, Massachusetts / Speaking Engagements / January 29, 2018

IAPP KnowledgeNet

Special Report / January 22, 2018

A Short Primer on Autonomous and Connected Vehicle Regulation

Ontario, Canada / Speaking Engagements / October 11, 2017

Privacy Across Borders Information Technology and Intellectual Property Law & Privacy and ...

On the Subject / October 10, 2017

Irish Court Casts Serious Doubt on EU Model Clauses

Chicago, Illinois / Speaking Engagements / September 27, 2017

Reassess, Reinforce, Resolve: Cybersecurity Best Practices in Health Care

On the Subject / September 25, 2017

The Department of Transportation Helps Clear the Road for Autonomous Vehicles

Publications / August 2017

Privacy Shield Implementation and How-To Kit from McDermott Will & Emery

Webcast / McDermott Event / May 24, 2017

Global Privacy & Cybersecurity Webcast Series | Data Breach — Challenges in Responding to Large ...

On the Subject / May 15, 2017

The First 24 Hours: How to Prepare and Respond to a Major Cybersecurity ...

Boston, Massachusetts / Speaking Engagements / March 23, 2017

Privacy Shield – A “How-to” Guide on Navigating its Process, Risks and Opportunities

Bloomberg BNA Health IT Law and Industry Report / January 2, 2017

Concerns Grow that Telephone Consumer Protection Act May Frustrate Patient Engagement Goals

On the Subject / November 11, 2015

HHS Office of Inspector General Calls for Increased Oversight and Enforcement of ...

On the Subject / May 4, 2015

Where Are We Now? The NIST Cybersecurity Framework One Year Later

On the Subject / February 20, 2015

Employers with Group Health Plans: Have You Notified State Regulators of the ...

Special Report / February 12, 2015

The White House Calls for Action Where Congress Has Failed to Deliver

Law360 / December 19, 2014

Tracking State Data Protection Enforcement In 2014

Special Report / December 10, 2014

Privacy and Data Protection: 2014 Year in Review

Buffalo Law Review, Vol. 62, 933 / August 2014

Taking Climate Change by Storm: Theorizing Global and Local Policy-Making in Response ...

... 7

Filter by:

Coverage

Chiropractic Economics / May 21, 2018

HIPAA Consulting Vendors Often Misinterpret a Key Compliance Requirement

Security Week / September 6, 2016

Google Signs Up For EU/U.S. Privacy Shield