Dana is a member of the Privacy & Data Security practice group. She advises clients on matters including data breach notification and response, and state and federal laws that impact collection, storage, use, and protection of personal information. She helps clients assess the privacy and data security risks associated with new business and technology initiatives and assists with the implementation of risk-mitigating measures, such as procedural controls. She also regularly prepares and revises privacy notices and contracts to account for legal requirements, such as the EU General Data Protection Regulation (GDPR). Dana has experience with a variety of federal and state privacy and data security laws, including the Telephone Consumer Protection Act (TCPA), CAN-SPAM, the Illinois Biometric Information Privacy Act, the Gramm-Leach-Bliley Act, and HIPAA.  Dana’s government contracting experience includes advising and representing businesses on matters unique to government contractors, including small business programs, protests, and other disputes before the U.S. Small Business Administration, the U.S. Government Accountability Office, and U.S. Court of Federal Claims, as well as contract disputes and terminations.

Dana received her B.A. in Mathematics, cum laude, and her M.Ed. in Secondary Mathematics Education from Vanderbilt University, where she also competed for four years as a member of Vanderbilt’s varsity women’s lacrosse team. Dana received her J.D., with honors, from the University of North Carolina at Chapel Hill. While at Chapel Hill, Dana was a member of the Holderness National Moot Court team.

Before attending law school, Dana worked for two years in the financial services industry, first as a financial adviser for a large wealth management firm and later as a marketing coordinator and analyst for a life insurance general agency. Dana also worked for three years as a high school mathematics teacher.

Dana writes for the firm’s privacy law blog. Visit Practical Privacy for her take on current data privacy-related events.

  • Drafted privacy policies for various clients across various industries, including healthcare, engineering, technology, and retail.
  • Negotiated data protection agreements on behalf of global media client.
  • Completed and reviewed DPIAs for global payments company.
  • Negotiated information security agreements on behalf of global retail client.
  • Advised clients across various industries on compliance with GDPR and CCPA.
  • Advised clients regarding privacy and data security considerations for buy-side and sell-side mergers and acquisitions across various industries.
  • Advised clients in the healthcare and retail industries on multi-state data breaches.
  • Conducted a security assessment for a start-up client in the technology and healthcare industry.
  • Drafted, revised, and negotiated business associate agreements for clients acting as business associates or covered entities.