Robin B. Campbell focuses her practice on Global Privacy & Cybersecurity matters and provides practical solutions for data security and privacy risk management. Robin is a leader in the field and has twice chaired the global privacy/security practice at top tier law firms. She works closely with clients to analyze the risks associated with new technologies, data use or transfers and to develop appropriate controls to reduce those risks. She focuses on the automotive industry, including connected cars and autonomous vehicles (AV). She covers both US and international laws, including an in-depth knowledge of the General Data Protection Regulation (GDPR) and international data transfers.
Robin assists clients with implementing global privacy/security compliance programs under US and international laws, including developing program details, processes, oversight and management. She has helped clients structure complex data consolidation plans and large outsourcing agreements. She drafts and negotiates contractual agreements concerning the use of personal and protected health information, security and confidentiality, as well as the privacy and security components of more general contractual agreements. She also focuses on breach response, including notification procedures and best practices after a security breach as well as advising clients on both safeguard protocols and response plans in advance of a breach. Robin also provides privacy and security related training for clients.
Robin’s experience also includes serving as a special consultant to Hewlett Packard (HP) Europe in Geneva, Switzerland, while the European Data Protection Directive was in the early stages of implementation. While at HP, Robin worked with a cross-functional task force to develop a global compliance strategy under both the EU Directive and the Safe Harbor requirements. The task force acted as a European advisory body on the new privacy legislation, a central point of contact for all questions related to privacy and data protection, and it promoted a detailed policy framework within the company for handling personal data in its daily business.
Robin was selected by the US Department of Commerce and the European Commission as an Arbitrator for the EU-US Privacy Shield and was a member of Law360’s Cybersecurity & Privacy Editorial Advisory Board, as well as Cognomotiv, an automotive and transportation data services company. She has earned her CIPP/US and CIPM certifications and was a member of IAPP’s Professional Privacy faculty. Robin regularly publishes and presents on current privacy and security issues.
After a five-month secondment to a major automobile manufacturer, continues to advise on establishing policies and procedures to address next generation technology, developing and releasing mobile applications and best practices for data usage. Assisting the autonomous vehicles team in assessing the risks associated with AV technology and utilizing privacy by design to reduce those risks*
Defended an automotive manufacturer after a high profile 3-million-plus person security breach from initial investigation and response through numerous regulator inquiries and class action lawsuits
Defended a national health plan after a 2-million-person security breach from initial investigation and response through numerous regulator enforcement actions and class action lawsuits. Defended client against multiple State Attorneys General investigations and enforcement actions and received a rare “no HIPAA violation” finding from the HHS Office of Civil Rights after a two-year post-incident investigation *
*Matter handled prior to joining McDermott.
National Law Journal, Cybersecurity & Data Privacy Trailblazer, 2016
Do not send any information or documents that you want to have treated as secret or confidential. Providing information to McDermott via email links on this website or other introductory email communications will not create an attorney-client relationship; will not preclude McDermott from representing any other person or firm in any matter; and will not obligate McDermott to keep confidential the information you provide. McDermott cannot enter into an attorney-client relationship with you until McDermott has determined that doing so will not create a conflict of interest and until you and McDermott have entered into a written agreement or engagement letter that sets forth the terms of our relationship.