Andrea Bland is counsel at the firm’s Chicago office and a member of the Technology Transactions and Sourcing practice group. Andrea focuses her practice on data protection, data privacy, and information security matters. Andrea’s unique experiences supporting corporate and government clients allows her to provide companies with guidance from multiple perspectives.
Andrea takes a practical approach to advising clients on privacy and technology issues and understands the importance of providing timely legal guidance that aligns with business objectives and organizational risk tolerance. Andrea interprets new laws and helps companies comply with emerging legal requirements. Additionally, she regularly manages due diligence processes analyzing data privacy and information security issues that arise in complex commercial transactions.
Andrea routinely counsels companies of all sizes across a variety of industries, including health care, financial services, technology, and others, on strategic privacy and cybersecurity incident response and preparedness matters. In this capacity, she helps clients build compliant privacy and cybersecurity programs that harmonize with the NIST Cybersecurity Framework. Andrea also represents and defends companies responding to security incidents and breaches.
Furthermore, Andrea helps companies navigate compliance issues with evolving laws related to privacy and data security, including California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), Gramm-Leach-Bliley Act (GLBA), European Union (EU) General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH), the Children’s Online Privacy Protection Act (COPPA), and others.
Prior to joining the firm, Andrea served as a lawyer at a full service commercial law firm. Through this role, Andrea counseled and defended clients responding to data security incidents and regulatory investigations, both domestic and abroad, with the following primary objectives: protect the business, minimize exposure and opportunities for litigation, and preserve the business reputation.