Sean W. Fernandes

Bio

Sean is a member of the firm’s Privacy & Data Security practice group. He counsels clients on the legal requirements and risks associated with the collection, storage, use, protection, and disposal of data in their businesses. He has experience with a variety of international, federal, and state privacy and data security laws and regulations, including the Fair Credit Reporting Act (FCRA), the EU General Data Protection Regulation (GDPR), the Gramm-Leach-Bliley Act (GLBA), HIPAA, state data breach notification laws, the Stored Communications Act, the Video Privacy Protection Act (VPPA), and the Wiretap Act. Sean has experience guiding clients through responses to security incidents and data breaches, drafting privacy policies and notices, creating and administering privacy and security compliance programs, and addressing privacy and data security issues in transactional matters, including privacy and security due diligence and contract negotiation.

Sean received his J.D. from the University of Chicago Law School, where he was a Victor McQuistion scholar. Sean received his B.A. in Anthropology, with honors and distinction, from the University of North Carolina at Chapel Hill. Before joining the firm, Sean practiced in the privacy & data security and commercial litigation groups at a North Carolina firm.

Sean writes extensively on privacy matters. Visit our privacy law blog to read his take on current data privacy-related events.

Awards & Recognition

Listed among North Carolina Super Lawyers Health Care – Rising Star (2020)

Professional & Community Activities

American Bar Association Litigation Section Privacy & Data Security Committee
International Association of Privacy Professionals
North Carolina State Bar
North Carolina State Bar Association Privacy & Data Security Committee
Wake County Bar Association

Representative Experience

Advised national pharmacy client on responding Office for Civil Rights (OCR) investigations into HIPAA compliance.
Drafted information security and HIPAA policies and procedures for healthcare startup.
Advised multiple portfolio companies of private equity firm on California Consumer Privacy Act compliance.
Negotiated privacy and security purchase agreement provisions in acquisition of an international consumer research platform.
Advised national financial institution on multistate data breach response and subsequent regulatory inquiries.
Negotiated data protection addenda and business associate agreements for global companies.
Advised educational institution on compliance with General Data Protection Regulation and ePrivacy Directive.
Drafted privacy policy for local technology startup.

Certifications

Certified Information Privacy Professional, U.S. (CIPP/US), International Association of Privacy Professionals (IAPP), 2017-Present

Recent Insights

Recent posts from our privacy and data security blog, Practical Privacy.

Speeches & Publications

Proposed Overhaul of North Carolina Security Breach Notification Law Would Make It One of the Toughest in the Nation, April 17, 2019
2018 Actions Show North Carolina Attorney General Emerging as Leading Privacy Enforcer, Client Alert, January 2019
“Ohio Law Creating Affirmative Defense in Data Breach Litigation Takes Effect,” ABA Litigation Section Privacy & Data Security Committee, November 2018
"Supreme Court Addresses Stored Communications Act Cases," ABA Litigation Section Privacy & Data Security Committee, July 2018
The Inside Job: Cybersecurity, Trade Secret Protection, and Departing Employee Data Theft; Panelist; Association of Corporate Counsel-Research Triangle Area Chapter, Cary, NC, May 16, 2018
"Supreme Court Hears Oral Argument on Stored Communications Act Cases," ABA Litigation Section Privacy & Data Security Committee, March 2018
eDiscovery: Strategies for Privacy and Data Security Risk Management; Presenter; Wake County Bar Association Young Lawyers’ Division CLE, Raleigh, NC, February 1, 2018
"Strategies for Drafting and Negotiating Non-Disclosure Agreements," TYL, ABA Young Lawyers Division, January 2018
"WannaComply? OCR’s Application of HIPAA’s Breach Notification Rule to Ransomware Attacks," Elon Business Law Journal, December 2017
"Supreme Court to Address Significant Stored Communications Act Cases," ABA Litigation Section Privacy & Data Security Committee, August 2017
"Spies in the Skies? D.C. Circuit Invalidates Drone Registration Rule," ABA Litigation Section Privacy & Data Security Committee, June 2017
"Treble Damages for TCPA Violations in Kraukauer v. Dish Network, L.L.C.," ABA Litigation Section Privacy & Data Security Committee, June 2017
"Strategies for Managing Privacy and Data Security Risk in Vendor Engagements," The Inside Scoop, Corporate Counsel Section, North Carolina Bar Association, April 2017
“Tips for Smart Privacy Practices from Smart TV Settlement,” ABA Litigation Section Privacy & Data Security Committee, March 2017
“Fourth Circuit Weighs In On Data Breach Standing,”ABA Litigation Section Privacy & Data Security Committee, February 2017
“Regulatory Guide-Freeing Energy Data,” Energy Policy Institute at the University of Chicago, June 2016
Data Breach Response: Practical Tips for Reducing Litigation Risk; Presenter; Annual Meeting of the North Carolina Association of Defense Attorneys, Hilton Head Island, SC, June 16, 2018

Practice Areas

Privacy & Data Security

The rapid proliferation of security threats, technology innovation, and privacy laws demands a legal team with deep and varied expertise. Our team represents diverse clients from a variety of industries, such as finance and banking, retail, healthcare, pharmaceutical and life sciences, technology, insurance, manufacturing, academia, and nonprofits, including emerging companies.

Attorney

Bio

Practice Areas

Privacy & Data Security

Related News & Insights

Proposed Overhaul of North Carolina Security Breach Notification Law Would Make It One of the Toughest in the Nation

Unplug Social Media? How CJEU’s Fashion ID Ruling Could Affect Your Website

Wyrick Robbins Data Protection Team Grows to Meet Client Demand