Alissa Lynwood

Alissa counsels clients on privacy and cybersecurity matters, including compliance with U.S. state privacy laws, data security risk management, and incident response. Her practice focuses on advising privately held companies and healthcare providers on regulatory compliance, breach preparedness, and response to complex cybersecurity incidents.

Representative Matters

Privacy & Data Protection

• Advises clients on compliance with U.S. state privacy laws and regulations, including the Indiana Consumer Data Protection Act, Kentucky Consumer Data Protection Act, and Rhode Island Data Transparency and Privacy Protection Act.
• Assists clients with the development and enhancement of privacy compliance programs, including drafting policies, conducting privacy due diligence, developing compliance frameworks, and providing training.
• Conducts website and mobile application audits to inform compliant privacy policies and data practices under applicable state privacy laws.
• Performs tracking technology scans and cookie assessments and advises on the use of tracking technologies and related compliance risks.
• Reviews and analyzes Data Processing Agreements and vendor privacy practices.
• Analyzes employee privacy issues, including state electronic monitoring laws and related case law.
• Advises healthcare providers on privacy compliance, including drafting compliant privacy policies and assessing data collection, storage, and governance practices.
• Assists healthcare clients with the management of consumer and patient rights requests.

Cybersecurity & Incident Response

• Conducts cybersecurity incident response for clients experiencing ransomware attacks, business email compromises, and sophisticated network intrusions.
• Counsels clients on incident response strategy, including coordination with forensic teams, engagement with law enforcement, and containment and remediation efforts.
• Assists clients with data security risk assessments and advises on regulatory reporting obligations following cybersecurity incidents.
• Advises clients on federal, state, and international breach notification requirements, as well as contractual notification obligations.
• Drafts and manages breach‑related communications, including communications playbooks, consumer notification letters, press releases, websites, and social media notices.
• Supports post‑breach response efforts, including assisting with call center escalations and preparing responses to consumers, regulators, and the media.
• Leads discussions with law enforcement agencies to assist with identifying threat actor groups responsible for large‑scale ransomware attacks.
• Assists clients with state and federal regulatory inquiries and investigations arising from cybersecurity incidents.

Pro Bono

• Represents domestic violence survivors in obtaining Civil Protection Orders, including preparing filings and advocating for clients throughout the protective order process.
• Represents parents in child custody matters, providing legal advocacy to protect parental rights and advance the best interests of the child.

Professional Experience

• Associate, Private law practice (2021-2024)
• Law Clerk, Verizon, Antitrust/Policy Division (2020-2021)
• Legal Policy Intern, Future of Privacy Forum (2020)
• Legal Privacy Intern, Traackr (2020)
• Law Clerk, Federal Trade Commission (FTC), Division of Privacy and Identity Protection (2019-2020)
• Law Clerk, Federal Communications Commission (FCC), Global Strategies and Negotiation Division (2019)

Affiliations

• Federal Communications Bar Association (FCBA)
• American Bar Association (ABA)
• Women’s Bar Association
• Women in eDiscovery, Washington DC Chapter
• International Association of Privacy Professionals