Lee Merreot, Esq., CIPM, CIPP/US, CIPP/E, CDPO, is a seasoned data privacy and security attorney who creates, implements, and oversees privacy and security compliance programs for businesses of all sizes. Her work aims to ensure that data privacy and security considerations are embedded from the outset of new partnerships, vendor relationships, projects, products, and initiatives. She is experienced in contract management, advising on business risk and opportunity, and helping organizations respond to data incidents and breaches. Her strategic insights have driven cost reductions, streamlined processes, and resolved complex disputes.

PRIVACY

Lee’s privacy practice includes designing, building, and maintaining sophisticated privacy and security compliance programs across industries. She helps to ensure that organizations incorporate privacy safeguards into partnerships, products, and internal systems, conducts data protection impact assessments, drafts policies, negotiates data security and privacy contracts and addendums, facilitates trainings, and leads compliance initiatives aligned with global frameworks. Lee is a certified privacy professional with CIPP/US, CIPP/E, CIPM, and CDPO credentials, reflecting her deep experience with U.S. and worldwide data privacy and protection laws.

INCIDENT RESPONSE

Lee assists in guiding organizations through the full lifecycle of incident response, including forensic investigations, data mining, notification workflows, and compliance with state and federal breach laws. She regularly advises clients on addressing potentially impacted persons including notification letters, offering of credit-monitoring, and communications plans. She also works with organizations on addressing regulatory inquires and investigations following data incidents, whether state regulators or the HHS/OCR and others. She supports our clients and cyber insurance carrier partners to keep them abreast of all stages of the incident response lifecycle.

LITIGATION

Lee represents clients in federal and state litigation, arbitration, and mediation. She assists clients to mitigate risk before, during, and after a dispute. Her cases address technology disputes, post data breach matters, ADA Accessibility claims, and other privacy, wrongful collection, data security, and contractual controversies.