BakerHostetler
Alumni Login
| Subscribe | Print
Open search/close search button Open menu/close menu button
Services
Professionals
About Us
Offices
News/Resources
Diversity
Pro Bono
Careers
Alumni

Sara M. Goldstein

She | Her | Hers

Partner

Philadelphia
T +1 215.564.1572
F +1 215.568.3439
sgoldstein@bakerlaw.com
Download Vcard LinkedIn

Overview

Named a 2021 "Rising Star" by Law360 and a 2021 "Lawyer on the Fast Track" by The Pennsylvania Legal Intelligencer, Sara Goldstein has advised hundreds of clients from a variety of different industries on responding to cybersecurity and data privacy incidents, including several of the largest data breaches to date.  

Sara has led BakerHostetler’s response to several large, high-profile data security incidents, including one incident at a cloud software company that involved the data of several hundred firm clients. As the leader of these matters, Sara developed the strategy for the incident response process, oversaw the team of attorneys working directly with clients, and created processes and protocols for the attorney team to follow.

Prior to joining BakerHostetler, Sara was the vice president and general counsel of the nation’s second-largest provider of release of information and disclosure management services, where she was responsible for overseeing all of the company’s legal and compliance-related matters. This experience gives her a depth of knowledge regarding clients’ needs, bringing a business-oriented perspective to her practice and allowing her to provide legal guidance that is realistic and practical for the clients.

Sara has authored a variety of articles on privacy and data security in publications such as Westlaw Journal Computer and Internet, Journal of the American Health Information Management Association, The Group Practice Journal, Compliance Today, RACMonitor.com, and Health Affairs. She has been invited to speak to organizations across the country about compliance with federal and state privacy laws and the incident response process. She also served as an adjunct professor of law at Drexel University, where she taught a course on the Health Insurance Portability and Accountability Act (HIPAA) and patient privacy.

Select Experience

  • Advises clients in the healthcare, retail, financial, higher education, and nonprofit sectors on responding to cybersecurity and data privacy incidents in the U.S. and abroad ranging from phishing incidents to sophisticated, state-sponsored network intrusions.
  • Leads investigations of data security incidents, including the selection and engagement of third-party forensic investigators and interactions with law enforcement.
  • Provides clients with guidance on federal, state, and international breach notification law requirements, as well as contractual notification obligations.
More »

Experience

  • Advises clients in the healthcare, retail, financial, higher education, and nonprofit sectors on responding to cybersecurity and data privacy incidents in the U.S. and abroad ranging from phishing incidents to sophisticated, state-sponsored network intrusions.
  • Leads investigations of data security incidents, including the selection and engagement of third-party forensic investigators and interactions with law enforcement.
  • Provides clients with guidance on federal, state, and international breach notification law requirements, as well as contractual notification obligations.
  • Drafts notification materials, including notification letters, press releases, website notices, internal client communications, and regulatory notices.
  • Oversees the post-breach response process, including the preparation of responses to questions from notice letter recipients, employees, customers, the media, and regulators.
  • Represents clients in post-breach investigations from the United States Department of Health and Human Services Office for Civil Rights, state insurance departments, state attorneys general (including multistate taskforce), and other regulators arising from large and small data security incidents.
  • Drafts website and app privacy and terms of use policies.
  • Oversees the firm's response to a large, high-profile data security incident that occurred at a cloud software company that involved the data of several hundred firm clients.
  • Provides guidance on HIPAA, health information management, and privacy to healthcare providers across the country.
  • Drafts website and app privacy and terms of use policies.
  • Conducts data security training and tabletop exercises for companies to help them develop their incident response plans.
  • Completed a secondment at one of the top cybersecurity insurance carriers in the world.
  • Provided on-site support and guidance to a large health insurer following the discovery of a data security incident involving the personal information of over 3 million individuals.
  • Drafted the regulatory notices for one of the largest data security incidents in history that involved the personal data of over 500 million individuals worldwide.
  • Served as vice president and general counsel for the second largest provider of disclosure management and release of information services in the United States.
  • Developed comprehensive HIPAA privacy and security policies and procedures, business associate agreements, privacy notices, and training materials.
  • Drafted company policies and procedures.

Recognitions and Memberships

Recognitions

  • Law360: Cybersecurity and Privacy: Rising Star (2021)
  • The Pennsylvania Legal Intelligencer: Lawyers on the Fast Track (2021)

Memberships

  • International Association of Privacy Professionals
  • Association of Health Information Outsourcing Services

News

News

Blog Posts

Community

  • Morris Arboretum of the University of Pennsylvania 
  • Drexel University Thomas R. Kline School of Law
    • Co-op Supervisor
    • Adjunct Professor of Law
    • Guest lecturer 

Services

Prior Positions

  • MRO Corporation: Vice President and General Counsel 
    • General Counsel (2016 to 2017)
    • Privacy and Compliance Counsel (2015 to 2016)

Admissions

  • Pennsylvania
  • New Jersey

Education

  • J.D., Health Law, Drexel University Thomas R. Kline School of Law, 2011
  • B.A., Government and Italian, Smith College, 2008

Languages

  • Italian

Blog

In The Blogs

Previous Next
Data Counsel
Pennsylvania's Data Breach Notification Law Is Changing: What Does It Mean for Entities Doing Business in the Keystone State?
By Sara M. Goldstein
December 19, 2022
2023 is going to bring big changes to Pennsylvania’s Breach of Personal Information Notification Act. Although the revisions to the law do not go into effect until May 2, 2023, now is the time for Pennsylvania entities to ensure that they...
Read More ->
Data Counsel
Sounding the Alarm: New Federal Law Will Mandate the Reporting of Cybersecurity Incidents Involving Critical Infrastructure – What Companies Need to do now to be Prepared
By Sara M. Goldstein, Kimberly C. Gordy, Thomas I. Moran II
March 18, 2022
In response to increased and persistent cybersecurity threats to American infrastructure, Congress passed the Strengthening American Cybersecurity Act (SACA), which President Joe Biden signed into law on March 15. SACA is likely the first...
Read More ->
Data Counsel
New Director of HHS Office for Civil Rights Announced: What could Lisa J. Pino's appointment mean for future HIPAA enforcement?
By Sara M. Goldstein
September 28, 2021
More than eight months into the Biden administration, the U.S. Department of Health & Human Services (HHS) announced the appointment of Lisa J. Pino as the new director of the Office for Civil Rights (OCR) on Sept. 27, 2021. As the new...
Read More ->
Data Counsel
Executive Order on Improving the Nation's Cybersecurity: What Does It Mean for Business?
By Sara M. Goldstein, Jessica S. Lowery
May 13, 2021
In response to recent highly publicized cybersecurity incidents, President Biden signed an Executive Order on May 12, 2021, that contains eight key initiatives aimed at modernizing the federal government’s response to cyberattacks...
Read More ->

Services

Find Professionals

Offices

About Us

Careers

Firm Diversity

LinkedIn Twitter Facebook Instagram Youtube RSS
Subscribe »
© 2023 Baker & Hostetler LLP