Alessandra Swanson
Partner
Co-Chair, Global Privacy & Data Security Practice
Alessandra is a co-chair of Winston’s Global Privacy and Data Security Practice and counsels clients on significant matters related to the collection, processing, and protection of personal information.
Alessandra is a former federal privacy regulator and primarily focuses her practice in the area of privacy and data security, which includes counseling on compliance with privacy laws, security breach response and regulatory defense, corporate advisory service and outsourcing, and large-scale commercial contracting. Alessandra has spent the entirety of her career working in the privacy space. Prior to joining Winston, Alessandra spent five years with the U.S. Department of Health and Human Services – Office for Civil Rights, where she was involved in a number of high-profile privacy investigations and settlements.
KEY CAPABILITIES
Privacy and Data Security Counseling: Alessandra counsels some of the country’s most well-known health care companies, brands, retailers, media companies, and e-commerce platforms regarding their compliance with privacy and data security laws. She has helped clients develop privacy compliance programs, employee training, and security incident response plans; undertake information security assessments; implement privacy-by-design processes; create internal and consumer-facing privacy disclosures; assess software platforms and new technologies for privacy and security issues; and leverage new technologies to reach consumers. In particular, Alessandra has extensive experience with the California Consumer Privacy Act (CCPA), the Illinois Biometric Information Privacy Act (BIPA), the California Invasion of Privacy Act (CIPA), and other United States state privacy laws. She also has experience with the Video Privacy Protection Act (VPPA), Telephone Consumer Privacy Act (TCPA), the Health Insurance Portability and Accountability Act (HIPAA), CAN-SPAM, the Children’s Online Privacy Protection Act (COPPA) and other laws related to telematics and vehicle data, biometric information, online advertising, children’s privacy, privacy policies, personal information protection, and consumer outreach.
Security Breach Response and Regulatory Defense: When clients experience security breaches, Alessandra provides practical and business-focused guidance to help navigate the investigation and remediation of the breach, assess legal and contractual notification obligations following the incident, and defend clients in related regulatory inquiries. Alessandra has led teams of Winston lawyers worldwide to assist clients who suffer multi-jurisdiction incidents, and, in particular, has deep experience working with clients in the health care sector.
Corporate Advisory Services: Alessandra advises on privacy and data security matters associated with mergers, acquisitions, investments, and other significant corporate transactions. For these matters, Alessandra helps private equity and corporate clients quantify the risks associated with acquiring or merging with targets and develop strategies for entering new service lines. She also handles post-closing remediation issues that implicate privacy and security and advises portfolio companies on an on-going basis.
Outsourcing and Commercial Contracting: Alessandra works with clients to develop and negotiate large-scale contracts that implicate privacy and data-security issues. In particular, she has worked with clients on both sides of the table to address agreements related to data storage, facial recognition and other biometrics platforms, e-commerce operations, software and mobile application development, clinical trial agreements, end-user licenses and website terms of use, the large-scale use of aggregated personal information, and the use of personal information for advertising and marketing purposes.
Recent Experience
- Recognized in The Legal 500 US (2021–2023)
Alessandra is the Executive Director of the Thatcher James Swanson Memorial Foundation, which was established to honor her late son by helping children in Chicago have access to a wonderful education, a comfortable home in which to live, and a really fun place to play.
Capabilities
Recent Experience
Credentials
Education
Alessandra received her J.D. from DePaul University College of Law in 2009. She received her B.A., with a double major in history and international studies, from Northwestern University in 2005.
Admissions
- Illinois
Related Insights & News
Publications
- “Montana, Tennessee Data Privacy Laws Further Boost 'De Facto Standard' in US,” ALM LegalTech News, Media Mention, May 4, 2023
- “Big Law Firms are Launching New Groups Dedicated to Data Privacy...” Business Insider, Media Mention, Sept. 24, 2020
- “Privacy and Cybersecurity Issues in M&A,” Today’s General Counsel, Co-author, Spring 2018
- “A Perilous Patchwork: Data Privacy and Civil Liability in the Era of Data Breach,” U.S. Chamber Institute for Legal Reform, Co-author, Oct. 2015
Speaking Engagements
- “Mastering Contracts: Navigating Privacy Requirements and Negotiations for Organizational Protection,” Winston & Strawn Webinar, Panelist, Aug. 15, 2023
- “Closing the Deal: Addressing HIPAA Issues from Both Sides of the Transaction,” 27thAnnual HIPAA Summit, Mar. 28, 2018
- “HIPAA For Employer-Sponsored Health Plans,” Illinois State Bar Association Webinar, Sept. 27, 2017
- “HIPAA and How it Applies to You,” Winston & Strawn LLP eLunch, Feb. 8, 2017
- “Employee Benefits & Human Resources – The Year in Review and a Look at What’s Ahead,” Winston & Strawn LLP eLunch, Dec. 7, 2016
- “HIPAA Enforcement in the Post-Omnibus Era,” Privacy and Security Forum, Jun. 2015
- “Healthcare and Data Security: OCR, HHS, and HIPAA Cyber Security and Data Privacy and Protection,” ACI 16th Advanced Global Legal & Compliance Forum on Cyber Security and Data Privacy & Protection, Jun. 2015
- “Cyber Security and the Current State of HIPAA Enforcement,” HIMSS15, Apr. 2015
May 5, 2023
March 10, 2023