Steve Millendorf is a seasoned privacy and cybersecurity attorney with over two decades of experience as an engineer. Steve’s practice focuses on counseling a broad range of clients on privacy, cybersecurity, and intellectual property matters. He is a partner in the firm’s Technology Transactions, Cybersecurity, and Privacy Practice and is recognized by the International Association of Privacy Professionals (IAPP) as a Fellow of Information Privacy. He holds certifications from the IAPP as a Certified Information Privacy Professional in the United States and European privacy laws (CIPP/US and CIPP/E), as well as a Certified Information Privacy Manager (CIPM).
Privacy and Cybersecurity
Steve is a privacy and cybersecurity lawyer with a broad range of experience assisting clients with their privacy and cybersecurity issues, including data mapping activities, data ownership and monetization, data incident management, breach response and recovery, data subject request policies and form responses, privacy notices, and the development and maintenance of various privacy and cybersecurity policies and procedures that include industry best practices and guidance together with evolving legal requirements.
Steve’s experience includes all aspects of developing and maintaining compliance programs for many U.S. and international general privacy and security laws, including:
- EU General Data Privacy Rights Act (GDPR)
- UK General Data Protection Regulation and the Data Protection Act of 2018 (UK-GDPR)
- California Consumer Privacy Act of 2018 (CCPA) and California Privacy Rights Act (CPRA)
- Virginia Consumer Data Privacy Act (Virginia CDPA)
- Colorado Consumer Privacy Act (Colorado CPA)
- Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada’s Anti-SPAM Law (CASL)
- Other state legal requirements to privacy, data security, data breach notification, and consumer protection. In addition, Steve also has expertise in other U.S. sectoral privacy laws, such as CAN-SPAM, COPPA, TCPA, and the New York Cybersecurity Regulation.
Technology Transactions and Intellectual Property Counselling
Technology transactions and intellectual property counseling are also a major focus of Steve’s practice. He regularly advises clients on open source software license issues, and prepares and negotiates data processing agreements, data sharing agreements, open source policies and procedures, protection of intellectual property policies and procedures, professional service agreements, software license agreements, software as a service agreements, development agreements, website and application terms of use and end user license agreements (EULA), cloud agreements, artificial intelligence & machine learning development and use agreements, patent license agreements, and many other types of technology agreements, policies, and procedures.
Steve regularly leverages his breadth and depth in these areas to address the complexities of privacy and cybersecurity issues that are present in almost every technology transaction, as well as to support various M&A activities in the areas of privacy, cybersecurity, intellectual property, and information technology.
Trusted, Practical, and Actionable Advice
With more than two decades of engineering experience on the cutting edge of technology, Steve is regularly viewed as a “trusted advisor” to his clients and regularly collaborates with R&D, IT, risk, forensics, dark web, communications, and other professionals together with senior management, c-suite, and board members to bring a practical, multidisciplinary approach help his clients navigate today’s complex legal framework and solve our client’s complex technology and business problems.
Prior Experience
Steve’s engineering experience prior to his legal career spans over two decades. While attending law school, Steve was a senior staff hardware security engineer at Qualcomm, where he led the design and development activities for the security features for most of Qualcomm’s chip devices used in smartphones, tablets, cellular modems, and other personal computing devices. He was also recognized as a Subject Matter Expert (SME) by Qualcomm’s Government Technologies Division, where he previously held U.S. security clearance and supported the company’s federal, state, and local government partners in understanding the security of mobile devices.
Before his employment at Qualcomm, Steve worked as an ASIC design engineer in various ground-breaking technologies, such as network security processors for HIFN, some of the first broadband modems for General Instruments (now ARRIS), tape and floppy disk storage as a consultant for iOmega, and text terminals for the Applied Digital Data Systems division of NCR/AT&T. Steve is an inventor on over 10 U.S. and international patents in the areas of cryptography and security.
More Legal and Business Bylines From Steven M. Millendorf
- Privacy Shield – Rejected. GDPR – Accepted: What This Means to Your Organization and What You Should Consider Doing Now - (Posted On Friday, April 15, 2016)
- EU-U.S. Privacy Shield Agreement Released - (Posted On Tuesday, March 01, 2016)
- Tentative Agreement on New “Privacy Shield” Framework for Transatlantic Data Flows Reached - (Posted On Wednesday, February 03, 2016)
- FTC Case Against LabMD Dismissed Due to Lack of Harm - (Posted On Thursday, November 19, 2015)
- California Amends Definition of Personal Identifiable Information and Breach Notification Content Requirements - (Posted On Friday, October 09, 2015)
- Insights on Recent Developments re: Cybersecurity - (Posted On Friday, July 31, 2015)
- This is Not Your Father's Oldsmobile: Car Hacking and the SPY Car Act - (Posted On Thursday, July 23, 2015)
- FCC Chairman Proposes New TCPA Rules - (Posted On Friday, May 29, 2015)
- Blue Pill/Red Pill: How Officers and Board Members Can Swallow the Red Pill and See the Real World of Cybersecurity - (Posted On Tuesday, May 26, 2015)
- Florida Passes Law Requiring Contact Information on Websites - (Posted On Friday, May 22, 2015)