Alessandra Swanson

Alessandra is a former federal privacy regulator and primarily focuses her practice in the area of privacy and data security, which includes counseling on compliance with privacy laws and data security investigations and related regulatory defense. Alessandra has spent the entirety of her career working in the privacy space. Prior to joining Winston, Alessandra spent five years with the U.S. Department of Health and Human Services – Office for Civil Rights, where she was involved in a number of high-profile privacy investigations and settlements.

KEY CAPABILITIES

Alessandra counsels some of the country’s most well-known health care companies, brands, retailers, media companies and e-commerce platforms regarding their compliance with privacy and data security requirements. She helps her clients tackle their most complex privacy questions and navigate the increasingly thorny web of United States privacy laws to best leverage the data under their purview. In particular, Alessandra has assisted her clients in assessing their privacy regulatory profiles, analyzing data collection and usage across multiple brands and affiliates, developing practical internal privacy infrastructure and privacy disclosures, and implementing large-scale privacy-focused compliance programs.

Alessandra has extensive experience with the California Consumer Privacy Act (CCPA) and similar state privacy laws, the Illinois Biometric Information Privacy Act (BIPA), the California Invasion of Privacy Act (CIPA), the Video Privacy Protection Act (VPPA), the Telephone Consumer Privacy Act (TCPA), the Health Insurance Portability and Accountability Act (HIPAA), the CAN-SPAM Act, the Children’s Online Privacy Protection Act (COPPA) and other United States laws related to telematics and vehicle data, biometric information, online advertising, children’s privacy, privacy policies, personal information protection, and consumer outreach.  

Alessandra also dedicates a significant portion of her practice to security incident response and preparedness. When clients experience security breaches or privacy incidents, Alessandra provides practical and business-focused guidance to help navigate the investigation and remediation of the breach, assess legal and contractual notification obligations following the incident, and defend clients in related regulatory inquiries. Alessandra has led teams of Winston lawyers worldwide to assist clients who suffer multi-jurisdiction incidents, and, in particular, has deep experience working with clients in the health care sector. She also works with clients to proactively prepare for security incidents by conducting incident response table-top exercises and developing incident response plans.