Bio

Alex dedicates his practice to privacy and data security law. He assists clients with compliance strategies, policy development and implementation, data monetization and data use analyses, privacy and security issues in transactions, privacy and security incident response, and regulatory and litigation matters that involve privacy and data security issues. 

Alex represents clients in the information technology, financial services, healthcare, and retail industries, among others.  His experience includes

  • formulating and implementing strategies for clients to comply with comprehensive privacy laws and regulations such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018 (CCPA);
  • counseling financial services institutions on compliance with state and federal privacy and cybersecurity standards, including the Gramm-Leach-Bliley Act, New York Department of Financial Services regulations, and network and payment card rules such as PCI-DSS;
  • leading the response to cybersecurity incidents and data breaches, including interactions with state and federal regulators;
  • drafting and negotiating cloud computing, technology services, and data processing agreements; and
  • representing clients in disputes that implicate privacy and data-security issues, including disputes arising from fraudulent funds transfer schemes and litigation involving cross-border discovery.

Alex understands firsthand the challenges that confront organizations seeking to understand and manage the risks posed by this dynamic field.  Before returning to private practice in 2017, he served for six years as in-house counsel for SAS, a global provider of analytics, business intelligence, and data management software and services. As the company’s lead Privacy Counsel, Alex managed the company’s global privacy program and advised on domestic and international privacy and data security issues arising throughout the company’s operations.

In 2018 Alex was certified as a Specialist in Privacy and Information Security Law by the North Carolina State Bar Board of Legal Specialization as part of its inaugural class of board-certified Specialists in the field.  He has also been certified by the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional/United States (CIPP/US), a Certified Information Privacy Technologist (CIPT), and a Fellow of Information Privacy (FIP), and in 2018 was designated by the IAPP as a Privacy Law Specialist as part of its inaugural class of specialists in the area of Privacy Law.

Alex received his B.A., summa cum laude, from Wake Forest University as a Phi Beta Kappa graduate.  He received his J.D., with distinction, from Stanford Law School.  Following law school he served as a law clerk for the Honorable Milton I. Shadur in the United States District Court for the Northern District of Illinois. 

  • North Carolina Bar Association, Chair, Privacy and Data Security Section
  • International Association of Privacy Professionals, Chair, Raleigh/Durham KnowledgeNet Chapter
  • Carolina Privacy Officials Network
  • Sedona Conference Working Group 11, Data Security and Privacy Liability
  • Led the creation and implementation of a California Consumer Privacy Act compliance program for multinational contract research organization.
  • Advised fintech platform on compliance with federal and state privacy and data security laws, including Gramm-Leach-Bliley, California Consumer Privacy Act, and state online privacy laws.
  • Represented health care provider in investigation by Department of Health and Human Services Office for Civil Rights arising from security incident involving patients’ health information.
  • Represented software and information technology services provider in connection with company’s certification to the EU-US and Swiss-US Privacy Shield Frameworks to facilitate business with European customers.
  • Negotiated European data protection agreements on behalf of global software-as-a-service provider.
  • Represented online retailer in response to multistate payment card data breach.
  • Drafted privacy notices, policies, and procedures for online vacation travel booking platform.
  • Privacy and Information Security Law Specialist, North Carolina State Bar Board of Legal Specialization
  • Privacy Law Specialist, International Association of Privacy Professionals
  • Fellow of Information Privacy, International Association of Privacy Professionals
  • Certified Information Privacy Professional/United States (CIPP/US), International Association of Privacy Professionals
  • Certified Information Privacy Technologist (CIPT), International Association of Privacy Professionals
  • Data Privacy and HR; Triangle Society for Human Resource Management Meeting, April 24, 2015
  • Best Legal Practices for Information Security and Privacy: Advising Private and Governmental Clients; NC State Lawyers Alumni Annual Meeting, October 30, 2015
  • Risks, Costs, Disputes and Litigation; North Carolina Chamber and U.S. Chamber of Commerce Cybersecurity Conference, December 15, 2015
  • Key Issues and Ingredients of Compliant and Effective Information Governance: Compliance with respect to handling data from the U.S. and from outside the U.S.; NCHICA Academic Medical Center Security and Privacy Conference, June 27, 2016
  • Legislative and Regulatory Developments in Cybersecurity and Data Privacy; Benchmark Data Security and Privacy Forum, February 14, 2017
  • "Strategies for Managing Privacy and Data Security Risk in Vendor Engagements," The Inside Scoop, Corporate Counsel Section, North Carolina Bar Association, April 2017
  • Managing Privacy and Data Security Risk in eDiscovery, Women in eDiscovery, Raleigh/Durham Chapter Meeting, June 13, 2017
  • "Data security law: Managing the legal risks of cloud and collaboration tools," Business North Carolina 2017 Law Journal, September, 2017
  • "Defending Novel Theories of Harm in Data-Breach Litigation," Bloomberg Law Privacy and Data Security Law Report, October 30, 2017
  • "Defending the Business-to-Business Data Breach Lawsuit," DRI For the Defense, December, 2017
  • Darned if you do? Navigating Conflicts Between International Data Protection Laws and US Discovery, International Association of Defense Counsel Webinar, April 11, 2018
  • The Inside Job: Cybersecurity, Trade Secret Protection, and Departing Employee Data Theft; Association of Corporate Counsel-Research Triangle Area Chapter Meeting, Cary, NC, May 16, 2018
  • “Can Companies Disclaim and Limit Liability for Data Breaches in Online Terms of Service?” Journal of Internet Law, July, 2018
  • International Association of Privacy Professionals Raleigh/Durham KnowledgeNet Chapter Meeting, November 28, 2018
  • Damage Control or Control Damages? How Corporate Counsel Can Take Care of the Brand and Legal Arguments in a Crisis; North Carolina Bar Association Corporate Counsel Section Annual Meeting and CLE, January 25, 2019
  • Security Considerations for a Paperless Practice; North Carolina Bar Association Center for Practice Management CLE, February 8, 2019
  • The Shape of Things to Come: Why GDPR Matters for your Business; North Carolina Bar Association Business Law and International Law and Practice Sections Joint Annual Meeting and CLE, February 15, 2019
  • Marketing and Advertising: Challenges in the Current Privacy Landscape; International Association of Privacy Professionals, Raleigh/Durham KnowledgeNet Chapter Meeting, June 25, 2019
  • GDPR, CCPA, and Beyond: What Risk Managers Need to Know about the Evolving Data Privacy Law Landscape; Risk and Insurance Management Society, Southeastern Regional Conference, September 19, 2019