919.882.7123
sfernandes@wyrick.com
Bio
Sean is a Board Certified Specialist in Privacy and Information Security Law and holds a CIPP/US certification from the International Association of Privacy Professionals (IAPP). He counsels clients on legal requirements regarding privacy, data security, data protection, and artificial intelligence (AI) applicable to their businesses. He has experience with various federal, state, and foreign privacy, data security, and AI laws and regulations, including biometric privacy laws such as the Illinois Biometric Information Privacy Act (BIPA), state comprehensive privacy laws, including the California Consumer Privacy Act of 2018 (CCPA), California Privacy Rights Act (CPRA) and other state comprehensive privacy laws, CAN-SPAM, the EU’s Artificial Intelligence Act, ePrivacy Directive, and General Data Protection Regulation (GDPR), the Fair Credit Reporting Act (FCRA), the Family Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA) and other financial services privacy laws, including the NYDFS Cybersecurity Regulations, HIPAA, state data breach notification laws, the Stored Communications Act, the Video Privacy Protection Act (VPPA), and the Wiretap Act.
Sean has significant experience:
- Guiding clients through responses to security incidents and data breaches;
- Representing clients in federal and state regulatory investigations into data breaches and privacy law compliance;
- Drafting privacy policies and notices and creating and advising on the administration of privacy and security compliance programs; and
- Drafting and negotiating privacy and security contracts and advising on privacy and data security issues in M&A transactions.
Sean received his J.D. from the University of Chicago Law School, where he received the Victor McQuistion Scholarship. Sean received his B.A. with honors and distinction from the University of North Carolina at Chapel Hill.
Sean frequently writes on privacy, data security, and data protection matters. Visit our privacy law blog to read his take on current data privacy-related events.
- Listed among North Carolina Super Lawyers – Rising Star (2020-2026)
- 2024 Atlas Award from the Leadership Council on Legal Diversity (LCLD)
- 2024 LCLD Pathfinder
- Chapter Chair (2021-2023), IAPP Raleigh-Durham KnowledgeNet
- Former Member (2020-2022), Dix Park Community Committee
- Mentor, Leadership Council on Legal Diversity
- Pro Bono Co-Chair, North Carolina State Bar Association Privacy & Data Security Committee (2024-Present)
- Advised national pharmacy chain on responding to Office for Civil Rights (OCR) investigations into HIPAA compliance.
- Represented data brokers, ecommerce retailers, and other businesses in state attorney general investigations regarding state privacy law compliance.
- Drafted information security and HIPAA policies and procedures for healthcare startup.
- Counseled AdTech publisher, AdTech service providers, and data brokers on privacy legal compliance and contracting issues.
- Advised video streaming services, smart TV and IOT software providers, and a national retailer on VPPA issues and associated litigation risk.
- Advised multiple portfolio companies of private equity firm on EU and U.S. state law compliance.
- Negotiated privacy, data protection, and information security contracts for major financial institution.
- Negotiated and advised on privacy and security purchase agreement provisions in acquisition of an international consumer research platform.
- Counseled national financial institution on multistate data breach response and subsequent regulatory inquiries.
- Advised educational institution on compliance with General Data Protection Regulation and ePrivacy Directive.
- Advised mobile health application developers on global privacy compliance and privacy-by-design.
- Privacy and Information Security Law Specialist, North Carolina State Bar Board of Legal Specialization
- Certified Information Privacy Professional, U.S. (CIPP/US), International Association of Privacy Professionals (IAPP)
Recent posts from our privacy and data security blog, Practical Privacy.
- Disney’s Record CCPA Settlement and How Your Business Can Live Happily Ever After
- New CCPA Risk Assessment and Automated Decision-making Technology Regulations: Maybe Not Quite as Bad as They Look?
- U.S. District Court Vacates HIPAA Reproductive Health Privacy Rule Nationwide
- Patchwork 2.0: FAQs on Emerging US State AI Laws and What to Do About Them
- Naughty and Nice: Recent Website Tracking Technology Cases Present Mixed Bag for Website Operators
- Illinois Adopts Business-Favorable Amendment to Biometric Information Privacy Act
- Living in a Material World: SEC Clarifies Expectations Regarding Form 8-K Disclosure of Material Cybersecurity Incidents
- No Money, Mo’ Problems: DoorDash CCPA Enforcement Action Emphasizes Personal Information “Sales” Aren’t All About the Benjamins
- Empire State of Security: New York DFS Finalizes Significant Amendment to Financial Services Cybersecurity Regulation
- Nothing But NetChoice: Federal Court Blocks Enforcement of California Age-Appropriate Design Code
- Let’s Get Back Together?: What to Do About the EU-U.S. Data Privacy Framework Adequacy Decision
- Same Old, Not Quite Same Old: Montana and Tennessee Adopt Comprehensive Privacy Laws, with a Unique Twist in Tennessee
- Privacy in the Heartland: Iowa to Become Sixth State with a Comprehensive Privacy Law
- Not What the Doctor Ordered: GoodRx to Pay $1.5 Million in FTC’s First Enforcement of the Health Breach Notification Rule
- 2022 Hindsight: Breach Notification Year in Review
- Minor Keys: Major Takeaways from New California Online Children’s Privacy Law
- Special (Category) Edition: CJEU Adopts Broad Interpretation of “Special Categories” of Personal Data Under GDPR
- Def-Conn 5: Connecticut Becomes the Fifth State to Adopt a General Privacy Law
- Four and Counting: Utah on Verge of Becoming the Fourth State to Adopt a Comprehensive Consumer Privacy Law
- App-etite for Notification: FTC Says “Welcome to the Jungle” to Mobile Health App Developers in Policy Statement on Health Breach Notification Rule
- Worth the Wait? Key Takeaways from California Attorney General CCPA Enforcement Case Summaries
- The Short Arm of GDPR? UK Court Decision Analyzes Application of GDPR to US-based Company
- The Virginia Consumer Data Protection Act: Top 7 Things to Know Right Now
- HIPAA for the Holidays: How OCR’s December HIPAA Notice of Proposed Rulemaking Could Impact Covered Entities
- Fifth Time’s the Charm? Overview of the Latest Proposed CCPA Regulation Modifications
- Fortune Cookies: Predicting Privacy Challenges for Targeted Advertising; NCBA 2023 Privacy & Data Security Annual Program; Cary, NC; October 13, 2023
- If You Give a Regulator a Cookie: Targeted Advertising Challenges in the Current Privacy Legal Landscape; Panelist, Moderator; IAPP Raleigh-Durham KnowledgeNet; Raleigh, NC; December 8, 2022
- Where Are We Now?: The CCPA 9 (Or So) Months In; Moderator; IAPP Raleigh-Durham KnowledgeNet; Raleigh, NC; September 23, 2020
- Data Breach Response: Practical Tips for Reducing Litigation Risk; Presenter; Annual Meeting of the North Carolina Association of Defense Attorneys, Hilton Head Island, SC, June 16, 2018
- The Inside Job: Cybersecurity, Trade Secret Protection, and Departing Employee Data Theft; Panelist; Association of Corporate Counsel-Research Triangle Area Chapter, Cary, NC, May 16, 2018
