Christina Barnett (formerly Hernandez-Torres) is committed to helping companies navigate the complex and rapidly evolving global data privacy landscape, cybersecurity and regulatory compliance. She has experience managing high-stakes data incidents across a wide range of industries in the U.S. and internationally, including financial services, accounting, tax preparation, healthcare, technology, education, retail, manufacturing, hospitality and government entities. She regularly assists tax preparers and accounting firms in responding to data incidents, including incidents involving unauthorized access to taxpayer data, phishing attacks and fraudulent tax return filings. She has extensive experience working with the IRS to advocate for and assist clients in mitigating potential liabilities and ensuring compliance.
Her work includes responding to cybersecurity incidents impacting companies with operations across the U.S. and in Latin America, the Caribbean, Europe and Asia; coordinating forensic investigations; internal and external communications; and regulatory notifications across multiple jurisdictions. She counsels clients through the full lifecycle of a cybersecurity incident, from investigation and containment to regulatory reporting and post-incident remediation. She has advised companies responding to ransomware attacks, business email compromises, vendor breaches, lost or stolen devices, insider threats and other security incidents.
She helps organizations assess legal obligations under U.S. and global data protection laws, including, but not limited to, the Gramm-Leach-Bliley Act (GLBA), Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Act (COPPA), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), Brazil’s General Data Protection Law (LGPD), Colombia’s Data Protection Law (Law 1581 of 2012), Jamaica’s Data Protection Act No.7-2020, Barbados’ Data Protection Act 2019, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and China’s Personal Information Protection Law (PIPL).
In addition to incident response, Christina works proactively with clients to strengthen their cybersecurity readiness. She advises on regulatory compliance, data governance, risk assessments and cybersecurity due diligence in corporate transactions. She helps organizations develop and refine incident response plans and information security policies. Christina also works with executive teams and boards to conduct cybersecurity preparedness training, including tabletop exercises.
With a deep understanding of the regulatory and operational challenges businesses face, Christina helps clients navigate multi-jurisdictional enforcement actions, regulatory inquiries and consumer litigation risks stemming from data breaches and privacy compliance issues. She regularly engages with regulators, including state attorneys general and international data protection authorities, to advocate for her clients and ensure compliance strategies align with emerging legal standards.
Through her proactive and strategic approach, Christina helps clients protect sensitive data and maintains the trust of their customers and stakeholders.
Education
- University of Illinois College of Law (J.D., 2019)
- DePaul University (B.A., cum laude, Dean’s List, 2016)
- Sociology, Political Science
Bar Admission
- Illinois, 2019
Professional Affiliations
- Haitian Lawyers Association
- Puerto Rican Bar Association
Recognition
- Named one of Best Lawyers: Ones to Watch® in America in:
- Privacy and Data Security Law, 2024-2026
- Technology Law, 2026
- Fluent in Spanish
