Samuel D. Goldstick

Professional Biography

Samuel (Sam) Goldstick is a data privacy and cybersecurity attorney, advising clients across a broad range of industries on all aspects of compliance with international, federal, and state data privacy and security laws. He is a senior counsel in the firm’s Technology Transactions, Cybersecurity, and Privacy Practice, as well as a member of the Sports & Entertainment Industry Team and Innovative Tech Sector.

Sam counsels companies in nearly every sector of the economy — including the retail, hospitality, manufacturing, financial services, health care, insurance, sports, aerospace, energy, government contracting, education, information technology, transportation, and travel industries — on a full array of data privacy and security compliance issues, such as those involving:

  • Data breach notification requirements at the state, federal, and international level
  • EU and UK General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and other similar comprehensive U.S. state consumer privacy laws
  • Gramm-Leach-Bliley Act (GLBA)
  • The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation
  • State insurance data security laws (including those modeled after the NAIC model law)
  • Illinois’ Biometric Information Privacy Act (BIPA) and other state biometric privacy laws
  • Telephone Consumer Protection Act (TCPA) and state law equivalents
  • Health Insurance Portability and Accountability Act (HIPAA) and state law equivalents
  • Department of Defense (DoD) cybersecurity requirements for federal contractors, including DFARS 252.204-7012, NIST SP 800-171, and CMMC

Sam assists clients of all sizes on their incident preparedness, such as reviewing and updating incident response (IR) policies and procedures, negotiating three-party agreements with forensics and other third-party IR providers to help maintain attorney-client privilege and work product protections during an incident, and running tabletop exercises that simulate real-life cyber-attacks.

On the reactive front, Sam frequently guides clients through the entire incident response process, from the early stages of the investigation to the notification of affected individuals and government regulators, as well as through any resulting enforcement actions or regulatory investigations. To date, Sam has handled hundreds of data breaches and security incidents for clients, and his depth of experience in this area allows him to provide clients with practical and business-oriented solutions in the event of a data incident and in its aftermath.

  • More Legal and Business Bylines From Samuel D. Goldstick


NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins


Sign Up for e-NewsBulletins