With a background in both business and law, Joe has a unique understanding of the challenges his clients face, and he crafts data privacy and security programs for real-world applications.
Joe has more than 30 years of experience in the areas of data use, privacy, and cybersecurity. He regularly advises technology and healthcare companies and government entities, helping to identify their data privacy and cybersecurity risks. Joe also designs and manages programs and policies that minimize those risks.
He defends clients against state and federal governmental agency enforcement investigations, and assists with data breach response and data privacy assessments, information security compliance audits, and cyber investigations, including managing third-party forensic investigations. Joe also has led diligence efforts on all levels of business transactions that have identified and managed data-related issues having 7-figure potential impacts representing buyers, sellers, and investors.
Joe’s experience covers multiple privacy and security issues facing entities in the private and public sectors. He has worked with clients in the development of data privacy and cybersecurity programs, global data breach response, cross-border data transfers, HIPAA, GDPR, CAN-SPAM, and CCPA compliance, technology licensing and transfer agreements, contracts involving data flows, and management of the related legal risks and obligations, intellectual property and information technology, governmental privacy-related investigations, and internal investigations related to corporate compliance.
Working closely with each client to build tailored programs and policies appropriate for the business, industry, and stage of development, Joe also assists with IoT risks, cloud services, and big data analytics. Joe evaluates the software development process, privacy by design, and counsels clients on responding to software audit requests and advising on the risks associated with the use of the Internet across international jurisdictions.
Before re-entering private practice, Joe served in-house as Chief Privacy and Chief Information Security Officer for a large Midwest academic medical system. He also managed the legal issues associated with global data sharing for a Big 4 accounting/consulting firm.
A recognized thought leader on data privacy, cybersecurity, and healthcare topics, Joe is Certified in Healthcare Privacy Compliance (CHPC®).
Community & Professional
- Board of Advisors, North Carolina Technology Association
- Member, Duke Law Center for Judicial Studies - North Carolina Thought Leadership Committee
- Member, International Association of Privacy Professionals
- Member, Health Care Compliance Association
- Certified in Health Care Privacy Compliance (CHPC®)
- Data Privacy and Security Committee, University HealthSystem Consortium
- Cleveland-Marshall College of Law
- National Advisory Board, Center for Cybersecurity and Privacy Protection
- Advisory Council, Center for Health Law & Policy
- The Sedona Conference®
- Working Group Series Program, Data Security and Privacy Liability - Working Group 11
- Member, American Health Lawyers Association
- Member, Association of Corporate Counsel, Northeast Ohio Chapter
- Member, North Carolina Bar Association, Privacy & Data Security Section
- Member, Cleveland Metropolitan Bar Association, Healthcare Practice Group
- Member, Ohio State Bar Association
- Member, American Bar Association
- Member, National Asian Pacific American Bar Association
- Advised a private equity fund and its healthcare solutions portfolio company in the acquisition of consulting, and data management company.
- Managed a global data breach involving 27 countries and more than 500 data servers.
- Lead the response teams for hundreds of national and international data incidents and breaches.
- Leads engagements for breach analysis, notification obligations, incident investigations, and regulatory compliance.
- Coordinates forensic investigations.
- Leads post-breach privacy and security gap remediation.
- Oversees the buy-side and sell-side privacy/cybersecurity due diligence efforts for multi-million-dollar transactions.
- Leads incident response preparations and tabletop exercises.
- Develops and leads privileged forensic investigations, vulnerability assessments, and compliance reviews.
- Assesses and operationalizes international data processing and data transfer protocols.
- North Carolina
- U.S. District Court, Northern District of Ohio