Stephanie A. Reiter

Counsel

Washington, D.C.
T +1.202.861.1732
F +1.202.861.1783

Overview

Stephanie Reiter’s data security and privacy practice offers potentially business-saving support. She provides experienced advice on data breach preparation and response, cybersecurity preparedness and compliance, enterprise risk management and governance, and regulatory compliance and defense. In the context of data breach preparedness, Stephanie collaborates with clients’ executive management teams, assists in preparing briefings for boards of directors, and works with outside consultants to evaluate and develop proactive compliance programs and strategies that enhance overall cybersecurity. Leveraging her breach response and regulatory experience, she also crafts comprehensive privacy policies, written information security policies and breach response plans in a manner that addresses each client’s business needs and risk profile.

Stephanie has served as a first-responder to hundreds of first- and third-party data breach investigations, including those involving the exposure of millions of records and implicating hundreds of jurisdictions. In the wake of a potential data breach, she immediately coordinates with clients’ management and information technology staff, as well as forensic vendors, to identify and contain the source of the breach. She also facilitates the restoration of normal system operations, evaluation of legal and regulatory issues, and compliance with applicable data breach notification laws to minimize the potential for adverse actions or reputational harm. Stephanie is a Certified Information Privacy Professional (both U.S. and European law), and is trusted for her proven track record of delivering creative, effective and practical solutions to data security and privacy needs.

Select Experience

  • Responded to the largest higher education security incident, which resulted in the notification of more than 2.5 million individuals residing in over 200 jurisdictions, as well as regulators, consumer reporting agencies and others.
  • Resolved privacy and data breach investigations conducted by attorneys general, foreign data protection authorities, the Department of Justice, the FBI and other agencies without the imposition of fines, penalties or enforcement actions.
  • Advised dozens of clients, including heath systems, hospitals, medical schools, health software providers, home health providers, retirement communities, third-party administrators and related organizations regarding breach notification obligations arising under contract, as well as state, federal and international breach statutes.
More »

Experience

  • Responded to the largest higher education security incident, which resulted in the notification of more than 2.5 million individuals residing in over 200 jurisdictions, as well as regulators, consumer reporting agencies and others.
  • Resolved privacy and data breach investigations conducted by attorneys general, foreign data protection authorities, the Department of Justice, the FBI and other agencies without the imposition of fines, penalties or enforcement actions.
  • Advised dozens of clients, including heath systems, hospitals, medical schools, health software providers, home health providers, retirement communities, third-party administrators and related organizations regarding breach notification obligations arising under contract, as well as state, federal and international breach statutes.
  • Regularly responded to multi-jurisdictional security incidents, drafted notification letters to individuals, regulators and credit-reporting agencies, responded to regulatory inquiries and implemented post-breach corrective action plans.
  • Mitigated data exposures involving phishing, hacking, malware, employee negligence and malfeasance, data theft or loss, inadvertent disclosure, improper disposal practices, vendor misconduct and other violations of privacy statutes.
  • Advised clients on the legal risks and practical implications associated with cutting-edge technologies, including the deployment of web scrapers, bug bounty programs, telematics programs and consumer robots equipped with artificial intelligence.
  • Leveraged experience responding to more than 100 actual and potential data breaches to craft comprehensive incident response toolkits that included incident response intake forms, checklists, escalation diagrams, forensic vendor guidelines, decision trees based on the type of data exposure, charts with jurisdiction-specific triggers for the timing, format and content of U.S. notice obligations, and template breach notification letters, FAQs and internal communications.
  • Drafted and negotiated complex vendor contracts, including provisions that address data collection, use, ownership, sharing, protection and destruction, incident response expectations, cybersecurity training and cyber insurance.

Recognitions and Memberships

Memberships

  • International Association of Privacy Professionals
    • Certified Information Privacy Professional (CIPP/US)
    • Certified Information Privacy Professional (CIPP/E)
  • American Bar Association: Section of Science and Technology
    • E-Privacy Committee: Vice Chair
  • U.S. Secret Service Chicago Electronic Crimes Task Force
  • The Sedona Conference: Working Group 11 on Data Security and Privacy Liability

Prior Positions

  • The Honorable James D. Egan, Circuit Court of Cook County: Law Clerk (2009)

Admissions

  • U.S. District Court, Northern District of Illinois
  • Illinois
  • District of Columbia

Education

  • J.D., Chicago-Kent College of Law, Illinois Institute of Technology, 2010, cum laude; Journal of International and Comparative Law, Editor
  • B.A., University of Wisconsin-Madison, 2007, with distinction