As Chair of Shook’s Privacy and Data Security Practice, Alfred J. Saikali has gained the trust of clients challenged by data incident response, privacy litigation, and compliance with the myriad laws governing sensitive information.
Al believes that client service, deep experience and proactive thinking are what separates him from other privacy and data security lawyers.
These values are illustrated by the fact that Chambers USA named him a Nationwide Recognized Practitioner in Privacy and Data Security in 2017 and 2018; he was named a Cybersecurity Trailblazer by the National Law Journal in 2015; and he received the Client Choice Award from Lexology in both 2016 and 2018.
“Top-notch work should be a given from any law firm,” Al says. “I believe what separates Shook’s privacy and data security team from the competition is client service. This means we listen closely to our clients’ needs, ask questions, understand their business and learn their industry.
We are incredibly responsive and we apply the Golden Rule 24/7. Doing all of this helps us better monitor and proactively advise our clients on ways to address applicable legal trends. In this area of law, if you’re not preparing you’re responding, which is not the optimal place to be.”
The Wall Street Journal and Law360, among others, frequently interview him when they need insight into the legal implications of data breaches, emerging technological trends, biometric privacy, and other data security and privacy issues.
Al often speaks to business professionals and teaches fellow attorneys about meeting the challenges associated with the proliferation of sensitive electronic information.
Outside his client practice, Al is Chair Emeritus of The Sedona Conference® Working Group 11: Data Security and Privacy Liability.
Tasked with developing guides to help organizations minimize their privacy and data security liability risks, the working group includes leading practitioners in privacy and data security law, regulatory authorities and information security experts.
Al is a Fellow of Information Privacy, a Certified Information Privacy Technologist and a Certified Information Privacy Professional/US accredited by the International Association of Privacy Professionals.
He maintains a blog, Data Security Law Journal, where he regularly posts about legal developments and trends in data security and privacy law.
He serves on the International Association of Privacy Professionals’ Privacy Bar Board and is an active member of the U.S. Secret Service’s Electronic Crimes Task Force.
He also is a member of Law360’s Privacy & Consumer Protection Editorial Advisory Board and teaches cybersecurity law at St. Thomas University in Miami.
For those clients seeking to proactively minimize the risks of a data incident, Al guides companies in building an incident response team and preparing an incident response plan.
Based on his deep experience and the hundreds of data incidents handled, Al develops and directs tabletop exercises to ensure that organizations are prepared to respond to the inevitable attacks.
For those clients who have experienced a data incident, Al directs the forensic investigation under privilege and work product protection; advises as to legal obligations to notify affected consumers, business partners and regulators; oversees the notification of third parties; communicates with law enforcement; responds to regulatory inquiries; and represents companies in litigation and enforcement actions arising from the incident or breach.
Al’s incident response experience includes:
- a cyberattack exploiting the vulnerability of a website that allowed access to the personal information of several million individuals;
- a network intrusion affecting the payment card information of an online retailer’s consumers in every U.S. state and overseas;
- a cyberattack involving an Advanced Persistent Threat that put the intellectual property of a multinational science and technology company at risk;
- the insertion of malware into a company’s website, affecting the payment card information of more than 100,000 individuals;
- the theft of personally identifiable information from a professional services company by an employee involved in a nationwide identity-theft crime ring;
- lost mobile devices used to store protected health information by covered entities and business associates; and
- a vendor’s theft of consumer information from a national financial services company.
Litigation:
Al regularly represents companies in class action lawsuits arising from data breaches or alleged privacy incidents. Al and the rest of Shook’s Biometric Privacy Task Force currently represent more companies in class action lawsuits arising from alleged violations of the Illinois Biometric Information Privacy Act than almost any other firm in the country.
Al has also represented companies in consumer class actions arising from data breaches involving the loss of medical records and theft of payment card information. Additionally, Al is one of a small number of practitioners with experience representing companies in proceedings challenging assessments levied by card brands against merchants based on alleged violations of the Payment Card Industry’s Data Security Standards.
Al has also represented companies in B2B lawsuits where clients are bringing or defending against indemnification and other contractual liability issues relating to a data breach.
Finally, Al represents companies in enforcement actions brought by state and federal regulatory authorities as a result of a data breach or alleged data privacy violations.
Compliance:
Al believes that, if handled correctly, the proliferation of privacy and data security laws provides an opportunity for his clients to shine, rather than an obstacle they must overcome. When clients approach Al, they are looking for advice that goes beyond the letter of the law because regulatory or judicial interpretation of many privacy laws may be scarce.
Al and his team draw from their deep experience working with some of the most sophisticated companies in the world to help operationalize legal requirements that may seem like a moving target and can be quite challenging.
Al’s compliance experience includes:
- building a global biometric technology program for a multinational company in compliance with state and international biometric privacy laws;
- counseling covered entities and business associates to comply with HIPAA/HITECH, preparing risk assessments, drafting internal and consumer-facing privacy policies and notices, performing employee training, and negotiating business associate agreements;
- designing and drafting incident response plans for companies in all industries;
- helping companies comply with the General Data Protection Regulation and, more recently, the California Consumer Privacy Act;
- providing counsel on the Payment Card Industry’s Data Security Standards and negotiating merchant agreements and subcontractor agreements to ensure compliance with the standards;
- designing vendor management programs, along with the drafting and negotiation of agreements, to minimize the risks of service-provider access to sensitive information.
- This also encompasses the drafting and negotiation of agreements that address incident response, indemnification, notification, data ownership and the implementation and auditing of security safeguards;
- directing an information-security assessment for a Fortune 50 company to identify legal risks associated with its procedures for collecting, storing, using and disposing of sensitive information;
- training employees of covered entities, business associates and insurance companies about the proper handling of protected health information; and
Education:
- J.D., Boston University School of Law, 1999
- B.A., University of Florida, 1996
Bar Admissions:
- Florida
- U.S. District Court, Middle District of Florida
- U.S. District Court, Southern District of Florida
- U.S. Court of Appeals, Eleventh Circuit
- U.S. Supreme Court
Memberships:
- American Bar Association, Section of Science and Technology, Cloud Computing and E-Privacy Committees
- International Association of Privacy Professionals
- Certified Information Privacy Professional
- Education Advisory Board
- South Florida KnowledgeNet, Co-Chair (2013)
- Law360, Privacy and Consumer Protection, Editorial Advisory Board
- The Florida Bar
- Technology Committee (2015-Present)
- Civil Procedure Rules Committee, Vice Chair (2012-2013)
- Code and Rules of Evidence Committee, Vice Chair (2006-2007)
- The Sedona Conference, Working Group 11: Data Security and Privacy Liability, Chair
- U.S. Secret Service, Electronic Crimes Task Force
Community Involvement:
- Big Brothers Big Sisters of Greater Miami, Big Brother
- Leukemia and Lymphoma Society, Miami-Dade Chapter, Executive Committee, Volunteer
- Cybersecurity & Privacy Editorial Advisory Board Member
Certifications:
- Privacy Law Specialist – International Association of Privacy Professionals
- Fellow of Information Privacy – International Association of Privacy Professionals
- Certified Information Privacy Technologist
- Certified Information Privacy Professional/United States
Cost
Rate : $$$
