Heidi draws on her notable background as one of the first U.S. attorneys focused on data privacy and cybersecurity, as well as her experience as a corporate executive, to advise clients on matters involving consumer and employee privacy, data protection, cybersecurity, data ethics, and artificial intelligence.
Heidi counsels clients on a wide range of laws, regulations, and standards, including the California Consumer Privacy Act (CCPA), Family Educational Rights and Privacy Act (FERPA), EU and U.K. General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act (FCRA), Gramm-Leach-Bliley Act (GLBA), and National Institute of Standards and Technology (NIST) frameworks, as well as various U.S. state laws and regulations touching on healthcare and financial privacy, biometrics, and information security. In a world where data protection touches every organization, her work spans a wide array of industries.
Heidi also helps clients address emerging issues in artificial intelligence, guiding the development of corporate AI policies, advising on specific use cases, and helping organizations protect confidential data that might not be covered by traditional privacy laws. In addition, she regularly advises on cybersecurity risks from a legal perspective and is working toward certification as an AI Governance Professional.
Heidi first began her career as a litigator. While working full-time, she pursued an LL.M. in intellectual property at George Washington University, completing all the necessary coursework and lacking only her thesis to complete the degree. Her early work with technology companies evolved to focus on data privacy, leading to an in-house role at Sprint Nextel which combined intellectual property and privacy-related responsibilities. She later advised clients at several major law firms and held executive positions at two large multinational corporations, Thomson Reuters and Leidos. In these positions, Heidi was part of the in-house legal team while also managing the practical, day-to-day aspects of privacy operations. At Leidos, she established and led the company’s global privacy office and, along with her team, developed a first-in-class corporate data protection program. She also held leadership positions on various executive committees, including the Data Governance Steering Committee.
Heidi’s experience gives her a unique perspective: she has “been in clients’ shoes” and personally understands the realities of business leadership. At the same time, she’s practiced data privacy, cybersecurity, and intellectual property law for more than 20 years and is passionate about staying current on the constant changes in these evolving fields. In practice areas where applicable law often lags behind technology, Heidi has the experience not only to help clients comply with current laws, but to anticipate what’s coming next.