Timothy R. Stienstraw

Associate

Seattle
T +1.206.332.1380
F +1.206.624.7317

Overview

Tim Stienstraw’s practice focuses on advising clients on domestic and international privacy, security, and data protection issues. He assists organizations with responses to complex data breaches and other security and privacy incidents, beginning with triage immediately after incident discovery and continuing through forensic investigation, communications, and regulatory notice and defense. In addition to helping clients understand and comply with various state, federal, and foreign data protection laws, Tim advises stakeholders throughout organizations on matters such as internal and external communications strategies, vendor management issues, and creation of incident documentation. He has experience with organizations in various sectors, including financial institutions, professional services firms, educational institutions, and a variety of other clients, both large and small. Tim also frequently advises clients on incidents involving international data or systems, developing strategies for cross-border data transfers, international notifications, and investigations by foreign data protection regulators.

Proactively, Tim assists clients with the development of a range of privacy and security policies and procedures. In addition to evaluating and revising enterprise security programs, he drafts incident response policies, incident response runbooks, and other compliance documents. He also assesses privacy programs for compliance with a variety of regulations, including the California Consumer Privacy Act.

Tim is a Certified Information Privacy Professional (CIPP/US).* Prior to joining Baker’s Digital Assets and Data Management Practice Group, Tim gained wide-ranging experience from years as a litigator, including practice as a criminal prosecutor and as a civil litigator primarily working on commercial disputes and professional liability matters. His background in litigation provides the ability to navigate the constantly changing data protection field and provide creative solutions to complex problems. Tim particularly enjoys advising startups and other emerging businesses on critical privacy and data protection issues, drawing on his commercial litigation experience to help clients navigate and resolve disputes between organizations and among partners and corporate shareholders, and collaborate with the firms’ business teams to address privacy and data security issues in M&A and investment transactions.

*The Washington Supreme Court does not recognize certifications, and certifications are not a requirement to practice law in the state of Washington.

Select Experience

  • Advised clients in connection with forensic investigations associated with more than 50 ransomware incidents, including ransomware variants such as Dharma, LockBit, Sodinokibi, Ragnar Locker, Mamba, Ryuk, Netwalker, Wasted Locker, Maze, and others.
  • Prepares incident response plans to help prepare organizations to prevent, detect, and quickly address data breaches and security incidents.
  • Assists companies with the investigation of business email compromise incidents related to phishing and brute force account intrusions, including advice on recovery of fraudulent transfers of funds.
More »

Experience

  • Advised clients in connection with forensic investigations associated with more than 50 ransomware incidents, including ransomware variants such as Dharma, LockBit, Sodinokibi, Ragnar Locker, Mamba, Ryuk, Netwalker, Wasted Locker, Maze, and others.
  • Prepares incident response plans to help prepare organizations to prevent, detect, and quickly address data breaches and security incidents.
  • Assists companies with the investigation of business email compromise incidents related to phishing and brute force account intrusions, including advice on recovery of fraudulent transfers of funds.
  • Advises on compliance with domestic and international data protection regulations, including the EU’s General Data Protection Regulation, the California Consumer Privacy Act, the New York SHIELD Act, NYDFS Cybersecurity Regulation, Canada’s Personal Information Protection and Electronic Documents Act, and other similar regulations.
  • Develops written information security programs, including policies and procedures for physical, technical and administrative security controls designed to comply with legal obligations, industry standards, security frameworks, and best practices.
  • Oversees penetration tests and prepares legal analysis of findings to assist clients with assessment of legal and regulatory risks.

Recognitions and Memberships

Recognitions

  • Certified Information Privacy Professional – United States (CIPP/US)*

*The Supreme Court of Washington does not recognize certification of specialties and the certificate is not required to practice law in the state of Washington.

Memberships

  • King County Bar Association
    • Young Lawyers Division, Board of Trustees: Vice Chair
  • QLaw: The LGBT Bar Association of Washington
  • Washington State Bar Association
  • Federal Bar Association of the Western District of Washington

Community

  • Anti-Defamation League: Glass Leadership Initiative Member (2018 to 2019)
  • Northwest Children's Foundation
    • Board of Directors: Secretary

Pro Bono

  • Volunteer attorney at Wayfind Advocates Program, providing legal advice to community nonprofit organizations regarding entity formation and tax-exempt status.

Prior Positions

  • Allegheny County District Attorney's Office: Assistant District Attorney

Admissions

  • U.S. District Court, Western District of Washington
  • U.S. District Court, Western District of Pennsylvania
  • U.S. Court of Appeals, Third Circuit
  • Washington
  • Pennsylvania

Education

  • J.D., University of Pittsburgh School of Law, 2010; Certificate in International and Comparative Law; University of Pittsburgh Law Review Research Editor
  • B.A., University of Pittsburgh, 2007