Karen Neuman is a partner and co-chair of Dechert’s global privacy & cybersecurity practice. She is an internationally recognized, sought after privacy lawyer and thought leader. Recommended by The Legal 500, she was the former Chief Privacy Officer with the U.S. Department of Homeland Security (DHS) in the Obama/Biden Administration, where she was part of the DHS senior leadership team and principal privacy advisor to the DHS Secretary. Ms. Neuman provides sophisticated, solution-oriented advice to global organizations, including new entrants and well-established companies, boards and management in a wide range of sectors on cutting edge issues involving the application of new technologies to data-driven products, tools and services.
Ms. Neuman focuses on counseling clients on commercial privacy matters, including the collection, use, processing and protection of consumer and employee data. She has deep experience advising clients on sector-specific privacy laws and regulations, including federal and state privacy and cyber security laws and frameworks, as well as industry self-regulatory codes. Ms. Neuman also has extensive experience advising clients on the EU General Data Protection Regulation (GDPR), cross-border data transfers, the California Consumer Privacy Act (CCPA)/California Consumer Privacy Rights Act (CPRA). In addition, she works closely with clients to craft internal data handling and incident response policies, conduct privacy and cyber security impact and legal risk assessments and leads sessions for corporate boards on privacy and cybersecurity risk, and crisis management. Ms. Neuman also manages privacy due diligence in connection with mergers and acquisitions, financings and commercial transactions.
Ms. Neuman is uniquely positioned to help clients navigate their most complex privacy and cybersecurity matters. In her former role at DHS, she oversaw, implemented and enforced the department’s privacy and data security program and provided advice to senior leaders at DHS and other agencies concerning relevant statutes, rules, presidential orders, policies and best practices. Appointed to President Obama’s Federal Privacy Council, Ms. Neuman spearheaded the integration of innovative privacy protections into various DHS programs and oversaw how those protections were operationalized. Notably, she worked on the department’s big data analytics program and White House initiatives for cybersecurity information sharing with commercial entities. She was also a member of the U.S. delegation that negotiated the EU – U.S. Umbrella Data Privacy Protection Agreement with the European Commission and was one of the senior officials that supported the U.S. team that negotiated the EU – U.S. Privacy Shield.
Recommended by The Legal 500 United States as a key lawyer in Cyber Law (including Data Privacy and Data Protection) and Fintech, Ms. Neuman is a frequent author and sought-after speaker on a wide range of current and emerging privacy and cybersecurity issues. In 2021, Ms. Neuman was appointed to Law360's Privacy & Cybersecurity Editorial Board. Prior to joining Dechert, she was the leader of another international law firm’s privacy and cybersecurity practice in Washington, D.C.
- A global travel and leisure company on formulating and operationalizing a comprehensive CCPA compliance program.
- A global cloud service provider on strategic planning for responding to government data requests, including under the U.S. CLOUD Act.
- A provider of intelligence services for a video content delivery platform, a marketing management service provider, a global provider of voice recognition technology, a cybersecurity SaaS provider and others on comprehensive GDPR readiness advice.
- A multinational technology company regarding the privacy impact and legal risk of implementing data loss prevention technology and developed an enterprise-wide strategy for mitigating risk while achieving the company’s goals of preventing the loss of IP and other highly sensitive information.
- A global provider of financial services software on formulating and implementing a CCPA program for current and contemplated products and services.
- A global software provider on strategic guidance regarding compliance with U.S. federal and state education law.
- A global retailer regarding the post-acquisition integration of the acquired company’s consumer data and how to leverage the data for marketing intelligence and other purposes.
- A provider of B2B ad tech services regarding privacy legal risks associated with the development and deployment of cutting-edge products, tools and services to assist consumer brands with segment insights and targeting.
- A global financial services provider regarding legal risks associated with implementing novel actions to protect company systems and customer data.
- A global provider of education services in formulating a global privacy compliance strategy in connection with the rollout of a new product.
- A global provider of services to the financial services sector in Board training on the evolving role of corporate boards in understanding and accountability for cyber and data security risk.
- A global provider of cloud-based software-as-a-service to the life sciences and pharmaceutical sectors regarding compliance with EU privacy law frameworks.
- An EU-based multinational luxury goods company in formulating its strategy for compliance with state and federal employee privacy laws for its global employee training program.
- A UK-based operator of child-directed, educational website, in performing a comprehensive privacy impact assessment concerning the development and implementation of a Children’s Online Privacy Protection Act (COPPA)-compliant privacy and data security program.
- A Silicon Valley technology company concerning the development of its privacy compliance strategy during development and deployment of cutting-edge digital products and services, with a particular focus on COPPA.
- A provider of fraud detection services regarding integration of an evolving international geolocation standard into its emerging line of products and services.
- A global e-commerce trade association regarding the development of comprehensive, practical behavioral advertising and other online privacy guides.
- A global industry trade group regarding the creation of electronic retail transaction contract templates with a focus on customer data management and security for call center, distribution and order fulfillment.
Includes matters handled at Dechert or prior to joining the firm.
- University of California, Santa Cruz, B.A., 1978
- Antioch School of Law, J.D., 1984