Nichole L. Sterling

She | Her | Hers

Associate

New York
T +1.212.589.4282
F +1.212.589.4201

Overview

Nichole Sterling collaborates with clients across industry sectors to develop practical, global compliance solutions to complex data management challenges, from navigating the dynamic international privacy and data protection landscape to managing everyday data use.

Nichole’s practice spans privacy and data protection, information governance and emerging technologies, with a focus on assisting companies subject to multiple privacy laws. A certified privacy professional (CIPP/E and CIPP/US), Nichole advises on a wide range of legal questions related to information and data use. She regularly counsels clients on domestic and cross-border regulatory and compliance matters, including cross-border data transfers, international security incident response, advertising technologies and information governance. Nichole also has considerable experience handling all aspects of discovery in complex litigation and regulatory investigations, and frequently advises on electronic discovery issues, particularly as they intersect with privacy concerns. In addition to holding a foreign language doctorate, Nichole spent several years living and working in Europe, including a clerkship at the Court of Justice of the European Union.

Select Experience

  • Advises on the requirements of the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other privacy and data protection laws, and assists with the development, implementation, assessment and maintenance of compliance programs.
  • Counsels personal data importers and exporters on compliance with international data transfer restrictions and data localization requirements, including data processing agreements, transfer assessments and the use of cross-border data transfer mechanisms, such as the European Union's Standard Contractual Clauses. Assists clients with assessing and updating data transfer mechanisms after the invalidation of the EU-U.S. Privacy Shield Framework in Schrems II.
  • Advises on international data breach notification requirements and associated regulatory response, as well as the use of international data in U.S. litigation and regulatory investigations.
More »

Experience

  • Advises on the requirements of the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other privacy and data protection laws, and assists with the development, implementation, assessment and maintenance of compliance programs.
  • Counsels personal data importers and exporters on compliance with international data transfer restrictions and data localization requirements, including data processing agreements, transfer assessments and the use of cross-border data transfer mechanisms, such as the European Union's Standard Contractual Clauses. Assists clients with assessing and updating data transfer mechanisms after the invalidation of the EU-U.S. Privacy Shield Framework in Schrems II.
  • Advises on international data breach notification requirements and associated regulatory response, as well as the use of international data in U.S. litigation and regulatory investigations.
  • Provides guidance on the implementation of privacy-focused AdTech and global solutions for the use of cookies and tracking technologies, including compliance with the ePrivacy Directive.
  • Counsels clients on information governance practices, including developing and implementing records retention schedules, maintenance and destruction policies, legal hold policies, and related procedures and materials.
  • Creates, develops and implements global privacy and security policies, standards, procedures and guidelines.
  • Drafts and negotiates data protection/data processing agreements regarding the handling of personal data and multi-party contracts in complex technology transactions, including associated artificial intelligence (AI) development and operation.
  • Researched and wrote memoranda and a technical annex describing the scope, impact, and legal implications of the EU’s Data Retention Directive as judicial background for the Court of Justice of the European Union’s decision in Digital Rights Ireland.
  • Member of the BakerHostetler team serving as court-appointed counsel to the Securities Investor Protection Act Trustee for the liquidation of Bernard L. Madoff Investment Securities LLC, an unprecedented recovery effort involving hundreds of actions.
  • Assists with developing and conducting a coordinated discovery strategy, focusing on privilege issues, for a healthcare company involved in litigation that includes lawsuits in nearly every U.S. state, a federal multi-district litigation, a multi-state attorneys general investigation, and numerous other state and federal inquiries.
  • Supported discovery efforts in litigation and regulatory investigations in connection with the representation of one of the world’s leading credit rating agencies in all matters arising out of its rating of structured finance securities, including securities backed by subprime mortgages.

Recognitions and Memberships

Recognitions

  • The Legal 500 United States
    • Recommended in Media, Technology and Telecoms: Cyber Law (including Data Privacy and Data Protection) (2022)
  • Certified Information Privacy Professional – Europe (CIPP/E)
  • Certified Information Privacy Professional – United States (CIPP/US)

Memberships

  • American Bar Association
    • Section of International Law
  • International Association of Privacy Professionals (IAPP)
  • New York City Bar Association
  • New York State Bar Association
  • The Sedona Conference 
    • Working Group 6 Steering Committee Member
    • Brainstorming/Drafting Group and Meeting Participant - Cooperation and Transparency, Cross-Border Privilege (Lead), Privilege Logs and Proportionality in Cross-Border Discovery (Steering Committee Liaison)

Pro Bono

  • Counseled global non-profits on privacy and data protection issues regarding social media, youth engagement, and GDPR compliance; updated information governance programs.
  • Revised and updated a nonprofit’s guide to state and federal employment rights for victims of domestic violence, sexual assault, or stalking.
  • Represented LGBT individuals seeking asylum in the United States; drafted and filed application materials and prepared materials to support the asylum application prior to the asylum interview.

Prior Positions

  • European Court of Justice, Luxembourg: Dean Acheson Legal Stagiaire, Judge Thomas Von Danwitz
  • Law Clerk for Senate Judiciary Committee, Subcommittee on Privacy, Technology and the Law

Admissions

  • U.S. District Court, Southern District of New York
  • U.S. District Court, Eastern District of New York
  • New York

Education

  • J.D., University of Michigan Law School, 2012; Michigan Telecommunications and Technology Law Review, Executive Production Editor; International Transactions Clinic, Student Attorney (2010 to 2012)
  • Ph.D., Scandinavian Studies, University of California, Berkeley, 2008
  • B.A., Gustavus Adolphus College, 1997, magna cum laude; Phi Beta Kappa

Languages

  • Swedish

Blog

In The Blogs

Previous Next
Data Counsel
Deeper Dive: Why Personal Data Deletion Matters
By James A. Sherer, Nichole L. Sterling
July 14, 2022
Our 2022 Data Security Incident Response Report discussed how businesses can be better positioned to meet the tight data breach notification deadlines now imposed in dozens of countries worldwide. In particular, we highlighted some steps...
Read More ->
Data Counsel
International Data Protection Update
By Andreas T. Kaltsounis, Melinda L. McLellan, Nichole L. Sterling
March 14, 2022
This Update highlights some of the international data protection issues that caught our attention and the attention of our clients over the winter, including updates on European data transfers and cookie compliance, regulatory enforcement...
Read More ->
Data Counsel
Are More European Standard Contractual Clauses Coming?
By Andreas T. Kaltsounis, Nichole L. Sterling
November 22, 2021
On November 18, 2021, the European Data Protection Board (EDPB) adopted its new draft guidance on the interplay between Article 3 of the European Union’s General Data Protection Regulation (GDPR) and Chapter V of the same law. This new...
Read More ->
Data Counsel
International Data Protection Update – Summer 2021
By Andreas T. Kaltsounis, Melinda L. McLellan, Nichole L. Sterling
September 21, 2021
This update highlights some of the international data protection issues that caught our attention, and the attention of our clients, over the summer. Asia-Pacific China’s Data Security Law and Personal Information Protection Law – This...
Read More ->
Data Counsel
Data Breach Enforcement Is a Global Risk
By Nichole L. Sterling
June 23, 2021
The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report highlights some regulatory enforcement trends we saw from the European Union (EU) data protection authorities (DPAs) during the past year. EU DPA...
Read More ->