Alex Altman's practice is centered on global data protection, privacy and cybersecurity law, an area he has navigated for over a decade. He advises clients across a broad spectrum of industries, including media, technology, finance, retail and life sciences. His work involves developing comprehensive privacy and cybersecurity compliance programs, conducting due diligence for mergers and acquisitions, negotiating data protection agreements, managing responses to data breaches and handling litigation and government investigations.

Known for his responsiveness, strategic thinking and innovative problem-solving skills, Alex is dedicated to staying ahead of the curve in the constantly changing legal environment of privacy and cybersecurity law. His genuine curiosity and commitment to this field enable him to effectively guide clients through the complexities of regulatory compliance and risk management. Alex is also recognized as a Certified Information Privacy Professional for the U.S. private sector (CIPP/US), highlighting his proficiency in safeguarding client interests in an increasingly intricate digital landscape.

Education

  • Fordham University School of Law (J.D., 2013)
    • Vassar College (B.A.)
      • Philosophy

    Bar Admission

    • California
    • New York

    Court Admissions

    • U.S. Court of Appeals, Second Circuit
    • U.S. District Court, Northern District of California
    • U.S. District Court, Southern District of New York
    • U.S. District Court, Northern District of New York

    Professional Affiliations

    • Sedona Conference Working Group 11 on Data Security and Privacy Liability, Member
    • New York City Bar International Law Committee, Member

    Recognition

    • Named one of Best Lawyers: Ones to Watch® in America in Commercial Litigation, 2024-2025
    • Certified Information Privacy Professional (CIPP/US)
    Publications
    All Publications
    Escalated CCPA Enforcement Delivers Record $2.75M Settlement and Expanded Focus
    Key Takeaways The California Attorney General (AG) reached a record $2.75 million settlement with Disney, stemming from allegations that the company violated the California Consumer Privacy Act (CCPA) by failing to adequately recognize consumer opt-out rights across its diverse platform. The settlement with Disney highlights how both the California AG and the California Privacy Protection Agency (CPPA) are still keenly focused on consumer opt-out rights while increasing scrutiny of complex ecosystems of personal information. Businesses should expect heightened scrutiny into the technical implementation of their consent management platforms and broader enforcement, including potentially steep fines and multi-year compliance obligations for violators. The California AG’s recent $2.75 million settlement with Disney marks a further escalation by enforcers of the CCPA, both in penalty size and
    Read More
    Cross-Border Data Transfers: New Obligations, Stable (For the Moment) Frameworks and Harmonizing Compliance
    Alex Altman explains how new U.S. rules are tightening restrictions on outbound transfers of sensitive personal data, while the EU-U.S. framework for inbound transfers remains intact — for now. He urges companies to map data flows, assess exposure under the Bulk Data Rule and prepare for potential shifts in EU adequacy standards. Read the full article in the 2026 Technology Transactions & Data Privacy Annual Report. 
    Read More