Sarah L. Bruno

Bruno, a partner in Reed Smith’s data protection, privacy and cybersecurity group, works with clients in the retail, technology, entertainment, gaming, automotive and association spaces. She provides counsel on the legal requirements for the development and launch of their platforms, products and services.

She moved to Reed Smith in November 2019 after a lengthy career at Arent Fox LLP in Washington, D.C., and San Francisco, where she headed the privacy, cybersecurity and data protection group. “The move has been great,” Bruno said. “Data moves globally, and it’s very nice to have colleagues in offices around the world to consult with.”

Among her publicly identified clients are LG Electronics Inc., the International Association of Amusement Parks & Attractions and Benefit Cosmetics LLC.

Also, Bruno represents a major cable and entertainment corporation and its streaming service subsidiary in an audit of its data security practices and legal requirements in the United States, Canada, Australia, the United Kingdom, Europe and Mexico related to its integration plans for the expansion of new service offerings for adults and children and the internal data integration and management systems that would be required in order to streamline processes lawfully.

And she provides on-going data privacy support to a global manufacturer of confectionery, pet food and other food products related to cross-border data collection and use; loyalty card programs and consumer offers; and preparation for and assistance with data breach and incident response.

“In California, I work with a lot of tech companies looking for fast, practical advice,” Bruno said. “Every company has a different risk tolerance, because businesses need a lot of data to function and maintain value, and the laws can present big hurdles. Some companies may feel more willing to take more risks if the data they possess isn’t sensitive; others, like the health care industry, have to be very careful.”

The health care industry presents tricky challenges as some sectors must balance their compliance obligations under the Health Insurance Portability and Accountability Act with the need to move boldly while seeking solutions in the coronavirus era, she said. On a smaller scale, companies that began screening their retail workers with daily temperature checks to ensure safe stores came to realize they were collecting possibly medically sensitive data that had never before been a concern. “Suddenly, they may be facing a different set of regulations,” Bruno said.

Then there are malicious threats. She recently advised a multinational life sciences company on a ransomware attack, part of a disturbing trend in which hackers increasingly target health care companies. “They may be seeking value associated with Covid data, or simply kicking a dog when it’s down by going after overwhelmed hospital systems at a time when they’re more vulnerable,” she said.

— John Roemer