Karen Neuman is a retired partner and former co-chair of Dechert’s global privacy and cybersecurity practice. She is an internationally recognized, sought-after privacy lawyer and thought leader. Recommended by The Legal 500, she was the former Chief Privacy Officer for the U.S. Department of Homeland Security (DHS) in the Obama/Biden Administration, where she was part of the DHS senior leadership team and principal privacy advisor to the DHS Secretary. 

Ms. Neuman provides sophisticated, solution-oriented advice to global organizations, including new entrants and well-established companies, boards, and management in a wide range of sectors on cutting-edge issues including the application AI/ML to personalize data- driven products, services, and content.

Ms. Neuman specifically counsels clients on commercial privacy matters, including the collection, use, processing and protection of consumer and employee data. She has deep experience advising clients on sector-specific privacy laws and regulations, including federal and state privacy and cyber security laws and frameworks, as well as industry self-regulatory codes. She also advises clients on the EU General Data Protection Regulation (GDPR), ePrivacy Directive cross-border data transfers, the California Consumer Privacy Act (CCPA)/California Consumer Privacy Rights Act (CPRA), and similar state consumer privacy laws.  She works closely with clients’ product teams to develop and implement novel solutions to thorny issues including in the ad tech ecosystem.  Ms. Neuman also partners with her clients to craft internal data handling and data governance policies and procedures and conduct privacy impact and legal risk assessments and leads sessions for corporate boards on privacy and cybersecurity risk and crisis management. Ms. Neuman also manages privacy due diligence in mergers and acquisitions, financings, and commercial transactions.

Ms. Neuman is uniquely positioned to help clients navigate their most complex privacy and cybersecurity matters. In her former role at DHS, she oversaw, implemented, and enforced the department’s privacy and data security programs and provided advice to senior leaders at DHS and other agencies concerning relevant statutes, rules, presidential orders, policies, and best practices. Appointed to President Obama’s Federal Privacy Council, Ms. Neuman spearheaded the integration of innovative privacy protections into various DHS programs and oversaw how those protections were operationalized. Notably, she worked on the department’s big data analytics program and White House initiatives for cybersecurity information sharing with commercial entities. She was also a member of theU.S. delegation that negotiated the EU – U.S. Umbrella Data Privacy Protection Agreement with the European Commission and was one of the senior officials that supported the U.S. team that negotiated the EU – U.S. Privacy Shield.

Ms. Neuman is a frequent author and sought-after speaker on a wide range of current and emerging privacy and cybersecurity issues. In 2021, Ms. Neuman was appointed to Law360's Privacy & Cybersecurity Editorial Board. Prior to joining Dechert, she was the leader of another international law firm’s privacy and cybersecurity practice in Washington, D.C.

    • A global fintech company on implementing AI driven biometric AI for consumer service.
    • A global health app on AI driven dynamic pricing.
    • A global financial software company on ethical use of AI under U.S. and EU law and industry requirements.
    • A global video optimization company on strategic development of novel CCPA/CPRA and GDPR- compliant ad tech solution for targeted advertising.
    • A global travel and leisure company on formulating and operationalizing a comprehensive CCPA compliance program.
    • A global cloud service provider on strategic planning for responding to government data requests, including under the U.S. CLOUD Act.
    • A provider of intelligence services for a video content delivery platform, a marketing management service provider, a global provider of voice recognition technology, a cybersecurity SaaS provider, and others on comprehensive GDPR readiness advice.
    • A multinational technology company regarding the privacy impact and legal risk of implementing data loss prevention technology and developed an enterprise-wide strategy for mitigating risk while achieving the company’s goals of preventing the loss of IP and other highly sensitive information.
    • A global software provider on strategic guidance regarding compliance with U.S. federal and state education law.
    • A global retailer regarding the post-acquisition integration of the acquired company’s consumer data and how to leverage the data for marketing intelligence and other purposes.
    • A provider of B2B ad tech services regarding privacy legal risks associated with the development and deployment of cutting-edge products, tools, and services to assist consumer brands with segment insights and targeting.
    • A global financial services provider regarding legal risks associated with implementing novel actions to protect company systems and customer data.
    • A global provider of education services in formulating a global privacy compliance strategy in connection with the rollout of a new product.
    • A global provider of services to the financial services sector in Board training on the evolving role of corporate boards in understanding and accountability for cyber and data security risk.
    • A global provider of cloud-based software-as-a-service to the life sciences and pharmaceutical sectors regarding compliance with EU privacy law frameworks.
    • A U.S. based university with global education programs and networks on GDPR and e-Privacy Directive compliance.
    • An EU-based multinational luxury goods company in formulating its strategy for compliance with state and federal employee privacy laws for its global employee training program.
    • A UK-based operator of child-directed, educational website, in performing a comprehensive privacy impact assessment concerning the development and implementation of a Children’s Online Privacy Protection Act (COPPA)-compliant privacy and data security program.
    • A Silicon Valley technology company concerning the development of its privacy compliance strategy during development and deployment of cutting-edge digital products and services, with a particular focus on COPPA.
    • A provider of fraud detection services regarding integration of an evolving international geolocation standard into its emerging line of products and services.
    • A global e-commerce trade association regarding the development of comprehensive, practical behavioral advertising and other online privacy guides.
    • A global industry trade group regarding the creation of electronic retail transaction contract templates with a focus on customer data management and security for call center, distribution, and order fulfillment.

    Includes matters handled at Dechert or prior to joining the firm.

    • Cybersecurity and Privacy — Virtual California Investment Management Symposium, Dechert LLP, Webinar (October 27, 2021)
    • Presentations on privacy and cybersecurity topics at numerous client legal offsite workshops, including for companies in the financial services and technology industries.
    • A Practical Approach for Implementing Europe’s New Standard Contractual Clauses in a Post-Schrems II World - Speaker, Dechert Webinar (September 2021)
    • FinTech 2021 - Practising Law Institute, Webcast (August 2021)
    • Cybersecurity - Speaker, Dechert's Sovereign Counsel Series (April 2021)
    • Hot Topics In Cybersecurity: “Not ‘If,’ But ‘When’” - Practical Tips to Reduce Risk - Speaker, Dechert's Q2 Directors' Forum Panel (April 2021)
    • A Conversation With the Experts: The CPRA and What It Means for Your Business - Speaker, Dechert's fintechNEXT Webinar Series (March 2021)
    • Understanding the Impact of Brazil's New Data Protection Laws and Agency - Speaker, Dechert Webinar (February 2021)
    • Coffee Break Compliance Broadcast Series | Episode Ten: A Conversation With The Experts - Hot Topics in Privacy & Cybersecurity - Speaker, Dechert Podcast (January 2021)
    • Hot Topics In Cybersecurity: “Not ‘If,’ But ‘When’” - What Keeps In-House Counsel Up At Night - Speaker, Greater Philadelphia Association of Corporate Counsel Webinar (January 2021)
    • Hot Topics In Data Privacy – PLI Program (September 2020)
    • GDPR + CCPA, What You Need to Know - Panelist (December 2019)
    • Privacy + Cybersecurity Readiness: What every real estate company needs to know - Webinar (February 26, 2019)
    • Topics in Privacy Webinar – Western Bankers Association (November 2018)
    • Leadership Visions on Privacy – U.S. Department of Homeland Security, Washington, D.C. (June 2018)
    • Privacy & Cybersecurity Trends – New York Angels Breakfast Series, New York City (September 2017)
    • What Exactly is GDPR and What Does it Mean for Data Privacy Protection at Your Agency? -- Hubspot INBOUND, Boston, MA (September 2017)
    • SoftTechVC GDPR Roundtable – (September 6, 2017)
    • What’s Ahead for 2017 – Boston Bar Association’s Privacy and Cybersecurity Conference, Boston, MA (May 2017)
    • Privacy and Cybersecurity Trends in 2017 - Higher Education Symposium, Boston, MA (April 13, 2017)
    • Living in the Future: Hot Privacy & Cybersecurity Trends – International Association of Privacy Professionals Global Privacy Summit, Washington, D.C. (April 2017)
    • Privacy Laws and the New Administration…What now? – Association of Corporate Counsel, National Capital Region: Privacy & Data Security Forum, McLean, Virginia (March 2017)
    • Law School for the CFO – Boston CFO Leadership Council, Waltham, MA (March 2017)
    • Panel Discussion on CISA Privacy & Civil Liberties Guidelines - Subcommittee on Cyber Security, Data Protection, & Privacy of the ABA Section of Public Contract Law, Washington, D.C. (April 2016)
    • Privacy Across Borders: 5 Maintaining Global Trust in Overseas Data Sharing - International Association of Privacy Professionals Global Privacy Summit, Washington, D.C. (April 5, 2016)
    • Panel Discussion on CISA Privacy & Civil Liberties Guidelines - Subcommittee on Cyber Security, Data Protection, & Privacy of the ABA Section of Public Contract Law, Washington, D.C. (April 2, 2016)
    • Privacy & Cyber Security Symposium in celebration of Global Data Privacy Protection Day - International Association of Privacy Professionals/Federal Communications Bar Association, Jacksonville, Florida (January 2016)
    • Keynote: DHS Big Data Solution & Privacy - MeriTalk Big Data Brainstorm - Washington D.C. (November 2015)
    • Podcast interview: Big Data & Privacy - Federal News Radio, Washington, D.C. (November 2015)
    • Cyber Security as a Boardroom Investment: Business Speaks - RSA Conference, San Francisco, California (April 2015)
    • Privacy Panel - American Bar Association Spring Meeting, Washington, D.C. (April 2015)
    • GW Law School Privacy Salon - Washington, D.C. (September 2015)
    • The Job of Protecting Both the Nation's Security and Privacy - International Association of Privacy Professionals Global Privacy Summit, Washington, D.C. (March 2015)
    • Seminar on Information Sharing - ABA Federal Procurement Institute, Annapolis, Maryland (March 2015)
    • Decade of Excellence - DHS Privacy Office, Washington, D.C (May 2014)
    • Annual Privacy Workshop - DHS Privacy Office, Washington, D.C. (June 2014)
    • Privacy & Security - Conference Board of Canada, Ottawa, Ontario (June 2014)
    • Improving Government Performance in the Era of Big Data: Opportunities and Challenges for Federal Agencies - The White House Office of Science & Technology Policy and Georgetown University Workshop, Washington, D.C. (June 2014)
    • Privacy and Cyber Security - Canada 2020 Conference, Ottawa, Canada (October 2014)
    • Protecting Privacy Under the Cyber Security Microscope - International Association of Privacy Professionals Global Privacy Summit, Washington, D.C. (March 2014)
    • Watching the Watchers: The New Privacy Officers Inside the U.S. Government - RSA Conference, San Francisco, California (February 2014)
    • DHS Office of General Counsel Intelligence and National Security Law Conference - Washington, D.C. (December 2013)
    • Breakout Session Leader: Privacy: How to Acquire Customers, Make Money and Not Get Sued - Open Mobile Summit (AppCelerate Program), San Francisco, California (November 2011)
    • Consumer Privacy – Is There an App for That? - Federal Communications Bar Association Subcommittee on Privacy & Data Security/D.C. Bar Computer & Telecommunications Law Section, Washington, D.C. (May 2011)
    • There’s an App for That! Local Government Use of Mobile Apps: Some Legal Considerations - e-NATOA Webinar (February 2011)
    • Media Future Now: The FTC’s Privacy Report: What it Means for Business - Podcast, Washington, D.C. (December 2010)
    • Privacy Issues Associated with the Use of Biometrics in Higher Education: Risks and Best Practices: Privacy & Biometrics in Higher Education: Strategies for Minimizing Legal Risks - Educause Live! Webinar, Washington D.C. (November 2010)
    • Legal 6 Issues Associated with Local Government Use of Social Media: Risks & Best Practices - 30th Annual Conference of the National Association of Telecommunications Officers & Advisors, Washington, D.C. (September 29, 2010)
    • Moderator, FCBA Privacy & Data Security Committee Program: Privacy and Data Security Issues Involving Marketing to Minors - Washington, D.C. (May 2010)
    • Mobile is here - Now What: Recent Legal & Regulatory Developments - ERA Great Ideas Summit, New Orleans (February 2010)

     

    • International Association of Privacy Professionals
    • American Bar Association