Shea M. Leitch

Associate

Seattle
T +1.206.566.7106
F +1.206.624.7317

Overview

Shea Leitch brings wide-ranging experience and proven skills to her privacy and data protection practice. She serves as a reliable counsel for clients in an array of industries, who seek her insight on everything from the development of enterprise-wide privacy and security compliance programs, to targeted guidance on discrete data protection issues.

In addition to her counseling practice, Shea advises businesses in various industries regarding detection, containment, investigation, notification and regulatory follow-up arising from security incidents, including business email compromise, ransomware, network intrusions, and inadvertent disclosures. Shea also provides guidance to companies regarding incident response planning, as well as security policies and procedures.

Prior to joining BakerHostetler, Shea advised multinational organizations on the development and implementation of GDPR compliance programs both as an attorney and consultant. During that time, Shea traveled to her clients’ European offices, working hand-in-hand with cross-functional business teams to develop appropriate GDPR policies, procedures, and documentation. Drawing on this experience, Shea provides practical advice to clients on the adaptation of their global data protection programs to comply with rapidly evolving legal and regulatory requirements.

Select Experience

  • Develops global privacy programs for compliance with various national and international privacy laws and regulations.
  • Partners with privacy consultants for data discovery to develop required policies, procedures, and documentation for CCPA and GDPR compliance for companies in various industries.
  • Advises regarding the adjustment of existing privacy programs to meet emerging privacy legal and regulatory requirements.
More »

Experience

  • Develops global privacy programs for compliance with various national and international privacy laws and regulations.
  • Partners with privacy consultants for data discovery to develop required policies, procedures, and documentation for CCPA and GDPR compliance for companies in various industries.
  • Advises regarding the adjustment of existing privacy programs to meet emerging privacy legal and regulatory requirements.
  • Develops third-party addenda to ensure compliance with relevant privacy law and appropriate security measures.
  • Audits and evaluates tracking technologies and disclosures regarding same to ensure compliance with privacy and consumer protection laws.
  • Advises businesses in various industry sectors regarding response to and regulatory follow up arising from security incidents.
  • Develops individualized incident response plans for clients in various industries.
  • Assists with the assessment of security controls to ensure compliance with various legal and regulatory security requirements.
  • Conducts due diligence regarding cybersecurity and privacy governance and documentation in corporate transactions.
  • Advises on privacy program governance structure for multinational organizations.
  • Advises on international transfer issues and appropriate safeguards.

Recognitions and Memberships

Recognitions

  • Certified Information Privacy Professional (CIPP/US, E)*

*The Supreme Court of Washington does not recognize certification of specialties and the certificate is not required to practice law in the state of Washington.

Admissions

  • District of Columbia
  • Ohio
  • Washington

Education

  • J.D., The Ohio State University Michael E. Moritz College of Law, 2013; Ohio State Journal on Dispute Resolution, Managing Board
  • B.A., The Ohio State University, 2009, cum laude

Blog

In The Blogs

Previous Next
Data Counsel
California OAG Proposes New CCPA Regs Two Weeks Before Voters Decide on the Fate of CCPA 2.0
By Shea M. Leitch, Andrew M. Serrao, Patrick R. Waldrop
October 20, 2020
On Monday, Oct. 12, the California Office of the Attorney General (the Attorney General or OAG) released a third set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations (the Regulations). The full text can...
Read More ->
Data Counsel
Less Than a Month to Go Until Nevada Privacy Law Effective Date
By Shea M. Leitch
September 12, 2019
As discussed in our previous blog post on the topic, Nevada’s amendments to its privacy law are set to go into effect Oct. 1, 2019. Less comprehensive in scope than the much-heralded CCPA, the Nevada privacy law amendment has received...
Read More ->
Data Counsel
Nevada Adds "Do Not Sell" Requirement to Privacy Law
By Shea M. Leitch
June 5, 2019
Last week, Nevada Governor Steve Sisolak signed new privacy legislation into law in Nevada. Senate Bill 220 (SB-220) updates Nevada Revised State 603A to provide consumers a new right to opt out of the sale of their data. Effective Oct. 1...
Read More ->
Data Counsel
Washington Privacy Act Dies in the House While California Continues to Consider Refinements to the CCPA
By Shea M. Leitch
May 6, 2019
After passing the Senate nearly unanimously, the Washington Privacy Act (SB 5376) has stalled in the House of Representatives. The bill failed to achieve passage out of committee by the April 17 deadline for consideration of bills...
Read More ->