Kamran Salour

Associate

Costa Mesa
T +1.714.966.8897
F +1.714.754.6611

Overview

Kamran Salour (CIPP/US and CIPT) dedicates his practice to helping clients respond to security incidents; comply with numerous data privacy and security requirements; and assert and defend against claims in state and federal litigation.

Kamran helps his clients respond to security incidents and data breach investigations involving malware, network intrusion, inadvertent disclosure, and ransomware. He guides his clients through the incident response process, directing forensic investigations, consulting with federal and state agencies, developing post-incident response notification plans, and responding to regulatory investigations. As part of his security incident response work, Kamran provides his clients with advice on proactive data security practices, including designing pre-incident response planning and preparedness, and post-incident response notification and remediation plans. Central in his response work, Kamran strives to minimize disruption to his clients, preserve their customer relationships, and reduce the likelihood and consequences of litigation and regulatory investigations.

Kamran’s experience also extends to compliance. Utilizing his knowledge of U.S. and international privacy laws, including the EU’s General Data Protection Regulation (GDPR), Illinois’ Biometric Information Privacy Act (BIPA), and the California Consumer Privacy Act (CCPA), Kamran educates clients about a full-range of privacy issues and counsels them on complying with emerging and ever-changing privacy laws.

Armed with decades-plus experience as a litigator, Kamran provides his clients with a unique perspective on data privacy and protection issues. He brings a pragmatic problem-solving approach to his incident response work, an approach that he developed and honed through years of resolving high-stakes litigation disputes on behalf of his clients. Because of his litigation experience, Kamran’s skill-set includes understanding and anticipating drafting ambiguities and oversights that spawn litigation, a skill-set that he uses to his clients’ benefit when counseling them on compliance.

Select Experience

Incident Response
  • Ransomware: Significant experience representing private companies and public entities whose operations have been stymied by a ransomware attack. Worked with clients and third parties, including forensic investigators, law enforcement officials, and ransomware negotiators to identify and contain the incident; minimize disruption to business operations; deliver effective public communications designed to preserve customer relationships; minimize the likelihood and consequences of litigation and regulatory investigations; and avoid reoccurrence.
Compliance
  • Utilizing knowledge as a Certified Information Privacy Professional (CIPP/US), Certified Privacy Information Technologist (CIPT), and frequent author and speaker on a wide-array of privacy issues, assisted numerous companies develop, implement, and maintain privacy programs that comply with applicable data protections laws, including the California Consumer Protection Act (CCPA).
Litigation
  • Defended a prominent physician against $20 million fraud and perjury claims that threatened to bankrupt him. On second day of trial, resolved matter for less than half of plaintiff’s prior settlement demand.
More »

Experience

Incident Response
  • Ransomware: Significant experience representing private companies and public entities whose operations have been stymied by a ransomware attack. Worked with clients and third parties, including forensic investigators, law enforcement officials, and ransomware negotiators to identify and contain the incident; minimize disruption to business operations; deliver effective public communications designed to preserve customer relationships; minimize the likelihood and consequences of litigation and regulatory investigations; and avoid reoccurrence.
  • Network Intrusion: Significant experience representing public and private companies of all sizes across innumerable industries respond to various network intrusion incidents. Helped clients minimize incident’s impact on operations; determine whether incident triggers state breach notification laws or contractual notice obligations and ensure compliance with them; minimize the likelihood and consequences of litigation and regulatory investigations; preserve customer and vendor relationships; and avoid incident reoccurrence.
  • PCI Incident: Experience representing retailers respond to attacks on their card-present and e-commerce payment systems. Worked with retailers and third parties through the incident response process, including: determining the source and scope of the attack; devising a plan to remediate the incident and avoid a future attack; complying with any resulting notice obligations; addressing card network fines and assessments; and minimize likelihood and impact of litigation.
Compliance
  • Utilizing knowledge as a Certified Information Privacy Professional (CIPP/US), Certified Privacy Information Technologist (CIPT), and frequent author and speaker on a wide-array of privacy issues, assisted numerous companies develop, implement, and maintain privacy programs that comply with applicable data protections laws, including the California Consumer Protection Act (CCPA).
  • Provided counsel to nationally-recognized tele-communications company on structuring of third-party vendor agreements to minimize impact of CCPA on business operations.
  • Advised leading student data and research organization on CCPA requirements and corresponding obligations in connection with organization’s corporate restructuring.
Litigation
  • Defended a prominent physician against $20 million fraud and perjury claims that threatened to bankrupt him. On second day of trial, resolved matter for less than half of plaintiff’s prior settlement demand.
  • On the eve of trial, secured walk-away for an Orange County commercial broker and his company against competitor’s defamation and unfair competition claims.
  • Turned demand letter from organization threatening to rescind client’s contract into that organization paying client a five-figure sum without having to file suit.
  • Obtained injunctive relief on behalf of the Gulf Cooperation Council preventing the Internet Corporation of Assigned Names and Numbers (ICANN) from issuing the PERSIANGULF generic top-level domain name.
  • Achieved complete defense of $10 million breach of contract claim against video game developer after two-week trial.

Recognitions and Memberships

Recognitions

  • Certified Information Privacy Professional – United States (CIPP/US)
  • Certified Information Privacy Technologist (CIPT)
  • Southern California Super Lawyers "Rising Star" (2014 to 2018)

Memberships

  • International Association of Privacy Professionals
  • Los Angeles County Bar Association, Privacy and Cybersecurity Section
  • AIMed: AI Ambassador
  • Orange County Bar Association, Entertainment, Sports & Marketing Section

Community

  • Children's Hospital of Orange County: AIMed AI Ambassador

Pro Bono

  • Defends low-income tenants against unlawful eviction attempts through Inner City Law Center, helping families remain in affordable housing and avoid becoming homeless.

Admissions

  • U.S. District Court, Central District of California
  • U.S. District Court, Northern District of California
  • U.S. District Court, Eastern District of California
  • U.S. District Court, Southern District of California
  • California

Education

  • J.D., Emory University School of Law, 2006, with honors; ABA/BNA Award for Excellence in the Study of Intellectual Property; National Moot Court Team
  • B.S., University of California, Los Angeles, 2001

Blog

In The Blogs

Previous Next
Data Privacy Monitor
A Balancing Act: A Brief Overview of California Privacy Laws
By Kamran Salour
October 23, 2019
The California Consumer Privacy Act (“CCPA”) takes effect on January 1, 2020. The CCPA aims to provide consumers with an unprecedented array of rights concerning the control of their personal information and, correspondingly, imposes an...
Read More ->
Data Privacy Monitor
California Bill SB-208 Tackles Pervasive Robocalls
By Kamran Salour
September 27, 2019
On Sept. 11, 2019, the California State Senate approved the Consumer Call Protection Act of 2019, SB-208. The measure seeks to protect consumers from fraudulent robocalls and enact into law provisions that, despite strong support from...
Read More ->
Data Privacy Monitor
If Signed by Governor, California Bill AB-602 Will Provide Private Right of Action for Victims of Sexually Explicit ‘Deepfakes'
By Kamran Salour
September 26, 2019
AB-602, passed by the California State Senate on September 12, 2019, will, if approved by the governor, create a private right of action against persons who create or disclose another’s sexually explicit content through use of “deepfake”...
Read More ->
Data Privacy Monitor
AB-1790 Seeks to Add Transparency to the Marketplace/Marketplace Seller Relationship
By Kamran Salour
September 25, 2019
Seeking to increase transparency and, consequently, fairness in the marketplace/marketplace seller commercial relationship, the California State Senate approved AB-1790 Marketplaces: marketplace seller on Sept. 12, 2019. AB-1790 aims to...
Read More ->
Data Privacy Monitor
AB-1130 Expands the Definition of Personal Information for Data Breaches
By Kamran Salour
September 24, 2019
In what appears to be yearly tradition, the California State Senate has again amended its Data Breach Notification Law. [Civ. Code § 1798.29.] On Sept. 11, 2019, the California State Senate voted in favor of AB-1130 Personal information...
Read More ->