Aaron P. Simpson advises clients on a broad range of complex privacy, data protection and cybersecurity matters, including international and US federal and state privacy and data security requirements.
As a leader on the firm’s privacy team, Aaron’s work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements.
Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients.
Aaron is the only lawyer listed in both The Legal 500 United Kingdom and The Legal 500 United States guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters.
He is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine.
Aaron regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.
- Advises clients on compliance with the California Consumer Privacy Act of 2018 (CCPA), including conducting due diligence, preparing gap analyses, developing remediation plans, and undertaking compliance projects.
- Advises clients on all legal issues associated with cybersecurity events pursuant to requirements imposed by laws and regulatory guidance in the European Union and the United States.
- Prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises.
- Advises clients on international data protection requirements, including the EU General Data Protection Regulation and developing mechanisms to comply with cross-border data transfer requirements (such as through BCRs, the Privacy Shield and Standard Contractual Clauses).
- JD, University of Virginia School of Law, 2002
- BA, The University of Texas, High Honors, 1997
- England and Wales (Registered Foreign Lawyer)
- New York
- Member, Board of Editors, Pratt’s Privacy & Cybersecurity Law Report
- Member, Section of Antitrust Law–Privacy and Information Security Committee, American Bar Association
- Member, Association of the Bar of the City of New York
- Former Member, Information Technology Law Committee
Rate : $$$$