Sean W. Fernandes

Bio
Sean is a member of the firm’s Privacy & Data Security practice group. He counsels clients on legal requirements regarding privacy, data security, and data protection applicable to their businesses. He has experience with a variety of federal, state, and foreign privacy and data security laws and regulations, including biometric privacy laws such as the Illinois Biometric Information Privacy Act (BIPA), the California Consumer Privacy Act of 2018 (CCPA) and California Privacy Rights Act (CPRA), CAN-SPAM, the Colorado Privacy Act (CPA), Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring, the EU ePrivacy Directive and General Data Protection Regulation (GDPR), the Fair Credit Reporting Act (FCRA), the Federal Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), HIPAA, state data breach notification laws, the Stored Communications Act, the Video Privacy Protection Act (VPPA), the Utah Consumer Privacy Act (UCPA), the Virginia Consumer Data Protection Act (CDPA), and the Wiretap Act. Sean has significant experience guiding clients through responses to security incidents and data breaches, including responses to regulatory investigations into data breaches, drafting privacy policies and notices, creating and advising on the administration of privacy and security compliance programs, drafting and negotiating privacy and security contracts, and advising on privacy and data security issues in M&A transactions. Sean is a Board Certified Specialist in Privacy and Information Security Law and holds a CIPP/US certification from the International Association of Privacy Professionals (IAPP).
Sean received his J.D. from the University of Chicago Law School, where he was a Victor McQuistion scholar. Sean received his B.A. in Anthropology, with honors and distinction, from the University of North Carolina at Chapel Hill. Before joining the firm, Sean practiced in the privacy & data security and commercial litigation groups at a regional North Carolina firm.
Sean frequently writes on privacy, data security, and data protection matters. Visit our privacy law blog to read his take on current data privacy-related events.
- Listed among North Carolina Super Lawyers – Rising Star (2020-2023)
- Chapter Chair, IAPP Raleigh-Durham KnowledgeNet
- Former Member (2020-2022), Dix Park Community Committee
- Mentor, Leadership Council on Legal Diversity
- Member, North Carolina State Bar Association Privacy & Data Security Committee
- Advised national pharmacy client on responding Office for Civil Rights (OCR) investigations into HIPAA compliance.
- Drafted information security and HIPAA policies and procedures for healthcare startup.
- Advised multiple portfolio companies of private equity firm on California Consumer Privacy Act compliance.
- Negotiated privacy, data protection, and information security contracts for major financial institution.
- Negotiated privacy and security purchase agreement provisions in acquisition of an international consumer research platform.
- Advised national financial institution on multistate data breach response and subsequent regulatory inquiries.
- Advised educational institution on compliance with General Data Protection Regulation and ePrivacy Directive.
- Drafted privacy policy for local technology startup.
- Advised mobile health application developer on global privacy compliance and privacy-by-design.
- Advised technology company on compliance with comprehensive privacy laws in California, Colorado, Connecticut, Utah, and Virginia.
- Privacy and Information Security Law Specialist, North Carolina State Bar Board of Legal Specialization
- Certified Information Privacy Professional, U.S. (CIPP/US), International Association of Privacy Professionals (IAPP), 2017-Present
Recent posts from our privacy and data security blog, Practical Privacy.
- Nothing But NetChoice: Federal Court Blocks Enforcement of California Age-Appropriate Design Code
- Let’s Get Back Together?: What to Do About the EU-U.S. Data Privacy Framework Adequacy Decision
- Same Old, Not Quite Same Old: Montana and Tennessee Adopt Comprehensive Privacy Laws, with a Unique Twist in Tennessee
- Privacy in the Heartland: Iowa to Become Sixth State with a Comprehensive Privacy Law
- Not What the Doctor Ordered: GoodRx to Pay $1.5 Million in FTC’s First Enforcement of the Health Breach Notification Rule
- 2022 Hindsight: Breach Notification Year in Review
- Minor Keys: Major Takeaways from New California Online Children’s Privacy Law
- Special (Category) Edition: CJEU Adopts Broad Interpretation of “Special Categories” of Personal Data Under GDPR
- Def-Conn 5: Connecticut Becomes the Fifth State to Adopt a General Privacy Law
- Four and Counting: Utah on Verge of Becoming the Fourth State to Adopt a Comprehensive Consumer Privacy Law
- App-etite for Notification: FTC Says “Welcome to the Jungle” to Mobile Health App Developers in Policy Statement on Health Breach Notification Rule
- Worth the Wait? Key Takeaways from California Attorney General CCPA Enforcement Case Summaries
- The Short Arm of GDPR? UK Court Decision Analyzes Application of GDPR to US-based Company
- The Virginia Consumer Data Protection Act: Top 7 Things to Know Right Now
- HIPAA for the Holidays: How OCR’s December HIPAA Notice of Proposed Rulemaking Could Impact Covered Entities
- Fifth Time’s the Charm? Overview of the Latest Proposed CCPA Regulation Modifications
- EU-US Data Transfers Under Fire: The CJEU’s Schrems II Decision
- Some Restrictions Apply: Limits and Risks of OCR’s COVID-19 Notifications of HIPAA Enforcement Discretion
- Get Lost: Geolocation Privacy Claims Against Google Dismissed
- Unplug Social Media? How CJEU’s Fashion ID Ruling Could Affect Your Website
- If You Give a Regulator a Cookie: Targeted Advertising Challenges in the Current Privacy Legal Landscape; Panelist, Moderator; IAPP Raleigh-Durham KnowledgeNet; Raleigh, NC; December 8, 2022
- Where Are We Now?: The CCPA 9 (Or So) Months In; Moderator; IAPP Raleigh-Durham KnowledgeNet; Raleigh, NC; September 23, 2020
- Data Breach Response: Practical Tips for Reducing Litigation Risk; Presenter; Annual Meeting of the North Carolina Association of Defense Attorneys, Hilton Head Island, SC, June 16, 2018
- The Inside Job: Cybersecurity, Trade Secret Protection, and Departing Employee Data Theft; Panelist; Association of Corporate Counsel-Research Triangle Area Chapter, Cary, NC, May 16, 2018