Aleksandra Vold

Counsel

Chicago
T +1.312.416.6249
F +1.312.416.6201

Overview

In an increasingly connected world, Aleksandra Vold’s emphasis on cybersecurity offers clients a critical safeguard. Her practice is devoted to privacy breach response and preparedness, payment card industry standards and investigations, and advising on how to identify, evaluate and manage first- and third-party data privacy and security risks. When a breach occurs, Aleksandra promptly coordinates a skilled team – including forensic and public relations professionals, and notification vendors – to quickly help reduce public and regulatory scrutiny and protect her clients’ reputations. She has handled numerous breaches for entities of all sizes, including merchants, financial institutions, medical providers and educational institutions.

Aleksandra’s strengths in cybersecurity are bolstered by her representation of startups and closely held technology companies in a variety of commercial disputes, including intellectual property, trade secrets, federal labor law and contract matters. Additionally, she brings a strategic advantage to the defense of class action litigation, having worked as a plaintiffs’ attorney who focused largely on consumer data privacy class actions. Aleksandra frequently advises clients on compliance with state, federal and international laws and regulations.

Select Experience

  • Handled data breaches ranging from a single record loss to 23 million records lost with multi-national notification requirements, and attacks ranging from drive-by ransomware injections to pervasive network compromises by international hacking groups, which led to personal and company extortion attempts.
  • Coordinates all aspects of data security incident response, conducting initial breach intake, vetting and selecting vendors (forensics, PR and notification), drafting notification materials (individual notification, talking points, frequently asked questions, media statements and regulatory notification), supervising and directing forensic investigations, and assisting clients with mitigation activities.
  • Assists in management, investigation and response related to regulatory inquiries from state attorneys general and HHS OCR. Coordinates and participates in clients’ internal investigations, document and policy reviews, and drafts formal responses to regulatory inquiries.
More »

Experience

  • Handled data breaches ranging from a single record loss to 23 million records lost with multi-national notification requirements, and attacks ranging from drive-by ransomware injections to pervasive network compromises by international hacking groups, which led to personal and company extortion attempts.
  • Coordinates all aspects of data security incident response, conducting initial breach intake, vetting and selecting vendors (forensics, PR and notification), drafting notification materials (individual notification, talking points, frequently asked questions, media statements and regulatory notification), supervising and directing forensic investigations, and assisting clients with mitigation activities.
  • Assists in management, investigation and response related to regulatory inquiries from state attorneys general and HHS OCR. Coordinates and participates in clients’ internal investigations, document and policy reviews, and drafts formal responses to regulatory inquiries.
  • Works with clients to understand system posture and regulatory environment to counsel on best practices, regulatory requirements and industry standards. Drafts and revises policies and procedures related to privacy, Incident Response Plans, Information Governance policies and Data Mapping initiatives to mitigate cyber risks. Counsels companies in various industries on website best practices, as well as international and domestic requirements for terms of use, and privacy policies.
  • Counsels both acquiring/investing and target companies on the scope of due diligence requests and responses related to data privacy and data security reps and warranties.
  • Defended companies sued for alleged violations of privacy statutes, including the Illinois Biometric Information Privacy Act and Fair and Accurate Credit Transactions Act in state and federal court.

Recognitions and Memberships

Recognitions

  • Illinois Super Lawyers "Rising Star" (2013 to 2019)
  • Chicago Magazine Top Women Attorneys (2013 to 2017)

Memberships

  • American Bar Association

Prior Positions

  • Columbia College: Adjunct Professor of Law (2010 to 2012)

Admissions

  • U.S. District Court, Northern District of Illinois
  • U.S. Court of Appeals, Seventh Circuit
  • U.S. District Court, Northern District of Illinois, Trial Bar
  • Illinois

Education

  • J.D., John Marshall Law School, 2010; John Marshall Review of Intellectual Property, Staff Editor; CALI Award: Protecting Intellectual Property in a Global/Digital Environment
  • B.A., Columbia College, 2006, cum laude

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Best Cybersecurity Practices for Healthcare Organizations – Insider-Caused Data Loss
By Kathryn Carey, Aleksandra Vold
March 1, 2019
This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series...
Read More ->
Data Privacy Monitor
Best Cybersecurity Practices for Healthcare Organizations – Loss or Theft of Devices
By Kathryn Carey, Aleksandra Vold
February 18, 2019
This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series...
Read More ->
Data Privacy Monitor
Best Cybersecurity Practices for Healthcare Organizations – Ransomware Prevention
By Kathryn Carey, Aleksandra Vold
February 8, 2019
This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its “Cybersecurity Best Practices” report. For previous articles in the series...
Read More ->
Data Privacy Monitor
Best Cybersecurity Practices for Healthcare Organizations – Phishing Prevention
By Kathryn Carey, Aleksandra Vold
January 24, 2019
This article is part of a series of blog posts exploring the recommendations and guidance Health and Human Services (HHS) provides healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series...
Read More ->
Data Privacy Monitor
HHS Issues Cybersecurity Guidance for Healthcare Organizations
By Kathryn Carey, Aleksandra Vold
January 7, 2019
BakerHostetler will post a series of blogs to fully explore the recommendations and guidance Health and Human Services provides healthcare organizations in its report. Cyberattacks continue to rise across industries, and healthcare is no...
Read More ->