Ilya Smith provides counsel to higher education and corporate clients related to regulatory compliance, complex transactions involving technology and data sharing, privacy, and data security.
Ilya’s expansive regulatory compliance and program-building experience as a former Chief Compliance Officer and Chief Privacy Officer at two public higher education institutions provides Ilya with a deep foundation for advising clients in a full array of compliance matters, policy, and conducting organizational risk-based assessments.
Ilya appreciates the long-term impact and disruption a regulatory agency investigation or a data breach causes by an organization and its constituents. Her experience includes advising executives and boards in regulatory and transactional matters, managing hundreds of data security incidents, and representing clients before regulators. From whistleblower claims related to compliance matters and policy violations to major cyberattacks, Ilya is skilled at conducting investigations, leveraging forensics, deploying remediation plans, drafting notices, and advising clients’ responses to impacted individuals’ concerns.
Recognizing that the best defense to a regulatory investigation is the proactive mitigation of risk, Ilya advises clients in policy, procedures, and preventative measures to maintain the trust of organizational constituents and customers including establishing privacy and data governance programs business impact assessments, and addressing evolving global regulatory compliance requirements. Ilya has extensive experience assisting clients manage and transfer privacy, data security, and regulatory risk to third-parties in contracting and in implementing vendor management programs to minimize privacy and data security risks associated with the collection, processing, use, monetization, and protection of personal data.
Understanding systems, change management strategies, and complex organizational structures, Ilya is adept at navigating organizational interdependencies when assisting clients to operationalize policy and best practices. Clients value Ilya’s distinctive ability to quarterback cross-functional regulatory compliance and legal strategies to support business objectives.
In addition to the full array of regulations that institutions of higher education are subject to, Ilya is proficient in privacy and data security regulations including the European Union’s General Data Protection Regulation (GDPR,) the California Consumer Privacy Act (CCPA), Family Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the Children’s Online Privacy Protection Act, among others.
State Bar Licenses
- Successfully managed three class action lawsuits following a major, enterprise-wide security incident while advising client on the implementation of proactive risk mitigation strategies contributing to a favorable settlement with plaintiffs and recognition by regulators of best in class incident response and vendor management programs.*
- Effectively managed a cross-functional team to perform enterprise-wide GDPR gap assessments and designed and implemented policies, processes, notices, and consent frameworks for clients in the clinical research, health services, education services, and professional services industries.
- Designed and implemented inaugural Privacy Program and Privacy and Data Governance frameworks fora major public R1 research Higher Education Institution.
- Successfully negotiated hundreds of negotiations with client vendors leading to robust Privacy and Cyber Security protections of client data and the inclusion of terms transferring risks to vendors.
*Experience completed prior to joining Clark Hill.