Sal Phillips is an associate attorney in the Technology Transactions and Data Privacy practice group. He regularly advises clients on issues of breach response, risk assessment and management, policies and procedures, table top exercises, and information security due diligence associated with corporate transactions. Sal also assists clients with implementing compliance programs under the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) Standards, and the Defense Federal Acquisition Regulation Supplements (DFARS).
In addition, Sal has extensive experience with U.S. and international privacy laws, including the California Consumer Privacy Act (CCPA), the New York Department of Financial Services Cybersecurity Regulation, the Gramm-Leach-Bliley Act (GLBA), the New York SHIELD Act, the European Union’s General Data Protection Regulation (GDPR), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and the Australian Privacy Act. Sal uses his knowledge to advise clients on their legal rights and responsibilities under state, federal and international privacy laws, including notification to individuals affected by a breach and to regulatory authorities.
Sal also represents clients in connection with state and federal government investigations and third-party claims that arise out of a cybersecurity incident. In this capacity, Sal handles issues that arise during investigations by state and federal agencies, including the U.S. Department of Health and Human Services Office for Civil Rights and various state Attorneys General.
Sal is a Certified Information Privacy Professional for Europe (CIPP/E) and the United States (CIPP/US). Before joining Polsinelli, he worked for an international law firm, where he assisted large and small entities with incident response and other emerging privacy and data security challenges, including compliance with newly enacted laws.