Shea M. Leitch

Associate

Seattle
T +1.206.566.7106
F +1.206.624.7317

Overview

Shea Leitch brings wide-ranging experience and proven skills to her privacy and data protection practice. She serves as a reliable counsel for clients in an array of industries, who seek her insight on everything from the development of enterprise-wide privacy and security compliance programs, to targeted guidance on discrete data protection issues.

In addition to her counseling practice, Shea advises businesses in various industries regarding detection, containment, investigation, notification and regulatory follow-up arising from security incidents, including business email compromise, ransomware, network intrusions, and inadvertent disclosures. Shea also provides guidance to companies regarding incident response planning, as well as security policies and procedures.

Prior to joining BakerHostetler, Shea advised multinational organizations on the development and implementation of GDPR compliance programs both as an attorney and consultant. During that time, Shea traveled to her clients’ European offices, working hand-in-hand with cross-functional business teams to develop appropriate GDPR policies, procedures, and documentation. Drawing on this experience, Shea provides practical advice to clients on the adaptation of their global data protection programs to comply with rapidly evolving legal and regulatory requirements.

Select Experience

  • Develops global privacy programs for compliance with various national and international privacy laws and regulations.
  • Partners with privacy consultants for data discovery to develop required policies, procedures, and documentation for CCPA and GDPR compliance for companies in various industries.
  • Advises regarding the adjustment of existing privacy programs to meet emerging privacy legal and regulatory requirements.
More »

Experience

  • Develops global privacy programs for compliance with various national and international privacy laws and regulations.
  • Partners with privacy consultants for data discovery to develop required policies, procedures, and documentation for CCPA and GDPR compliance for companies in various industries.
  • Advises regarding the adjustment of existing privacy programs to meet emerging privacy legal and regulatory requirements.
  • Develops third-party addenda to ensure compliance with relevant privacy law and appropriate security measures.
  • Audits and evaluates tracking technologies and disclosures regarding same to ensure compliance with privacy and consumer protection laws.
  • Advises businesses in various industry sectors regarding response to and regulatory follow up arising from security incidents.
  • Develops individualized incident response plans for clients in various industries.
  • Assists with the assessment of security controls to ensure compliance with various legal and regulatory security requirements.
  • Conducts due diligence regarding cybersecurity and privacy governance and documentation in corporate transactions.
  • Advises on privacy program governance structure for multinational organizations.
  • Advises on international transfer issues and appropriate safeguards.

Recognitions and Memberships

Recognitions

  • Certified Information Privacy Professional (CIPP/US, E)*

*The Supreme Court of Washington does not recognize certification of specialties and the certificate is not required to practice law in the state of Washington.

Publications

Alerts

Admissions

  • District of Columbia
  • Ohio
  • Washington

Education

  • J.D., The Ohio State University Michael E. Moritz College of Law, 2013; Ohio State Journal on Dispute Resolution, Managing Board
  • B.A., The Ohio State University, 2009, cum laude

Blog

In The Blogs

Previous Next
Data Counsel
Colorado's Privacy Act: A Curve Ball on Consent and Targeted Ads
By Stanton P. Burke, Andreas T. Kaltsounis, Shea M. Leitch
August 4, 2021
On July 7, 2021, Gov. Jared Polis signed the Colorado Privacy Act (CoPA) into law, making Colorado the third state to enact a comprehensive privacy law, joining California and Virginia. The Act goes into effect on July 1, 2023, and shares...
Read More ->
Data Counsel
Highly-Anticipated SCOTUS Ruling Upends TCPA Landscape
By Shea M. Leitch, Melinda L. McLellan
April 13, 2021
In a landmark decision issued April 1, 2021, the Supreme Court settled a hotly-contested debate over the definition of “automatic telephone dialing system” (or “autodialer”) under the 1991 Telephone Consumer Privacy Act (“TCPA”). The...
Read More ->
Data Counsel
California OAG Proposes New CCPA Regs Two Weeks Before Voters Decide on the Fate of CCPA 2.0
By Shea M. Leitch, Andrew M. Serrao, Patrick R. Waldrop
October 20, 2020
On Monday, Oct. 12, the California Office of the Attorney General (the Attorney General or OAG) released a third set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations (the Regulations). The full text can...
Read More ->