Tim Stienstraw’s practice focuses on advising clients on domestic and international privacy, security, and data protection issues. He assists organizations with responses to complex data breaches and other security and privacy incidents, beginning with triage immediately after incident discovery and continuing through forensic investigation, communications, and regulatory notice and defense. In addition to helping clients understand and comply with various state, federal, and foreign data protection laws, Tim advises stakeholders throughout organizations on matters such as internal and external communications strategies, vendor management issues, and creation of incident documentation. He has experience with organizations in various sectors, including financial institutions, professional services firms, educational institutions, and a variety of other clients, both large and small. Tim also frequently advises clients on incidents involving international data or systems, developing strategies for cross-border data transfers, international notifications, and investigations by foreign data protection regulators.
Proactively, Tim assists clients with the development of a range of privacy and security policies and procedures. In addition to evaluating and revising enterprise security programs, he drafts incident response policies, incident response runbooks, and other compliance documents. He also assesses privacy programs for compliance with a variety of regulations, including the California Consumer Privacy Act.
Tim is a Certified Information Privacy Professional (CIPP/US).* Prior to joining Baker’s Digital Assets and Data Management Practice Group, Tim gained wide-ranging experience from years as a litigator, including practice as a criminal prosecutor and as a civil litigator primarily working on commercial disputes and professional liability matters. His background in litigation provides the ability to navigate the constantly changing data protection field and provide creative solutions to complex problems. Tim particularly enjoys advising startups and other emerging businesses on critical privacy and data protection issues, drawing on his commercial litigation experience to help clients navigate and resolve disputes between organizations and among partners and corporate shareholders, and collaborate with the firms’ business teams to address privacy and data security issues in M&A and investment transactions.
*The Washington Supreme Court does not recognize certifications, and certifications are not a requirement to practice law in the state of Washington.