Ilya Smith provides counsel to clients related to privacy, data security, and regulatory compliance that clients can implement.
Ilya appreciates the long-term impact and disruption a data breach and regulatory agency investigation causes an organization and its customers. Her experience includes managing hundreds of data security incidents and representing clients before regulators. From lost devices to major cyberattacks, Ilya is skilled at conducting investigations, leveraging forensics, deploying remediation plans, drafting notices, and advising clients’ response to impacted individuals’ concerns.
Recognizing that the best defense to a data breach is the proactive mitigation of risk, Ilya advises clients in policy, procedures, and preventative measures to maintain the trust of organizational constituents and customers including establishing privacy and data governance programs, conducting Data Protection Impact Assessments, and addressing evolving global regulatory compliance requirements. Ilya has extensive experience assisting clients manage and transfer privacy, data security and regulatory risk to third-parties in contracting and in implementing vendor management programs to minimize privacy and data security risks associated with the collection, processing, use, monetization, protection of personal data. Understanding technology, organizational systems, and how to navigate complex organizational structures, Ilya speaks the language of CISOs and clients’ business development teams. Clients value Ilya’s distinctive ability to quarterback cross-functional privacy and data protection strategies to support business objectives.
Beyond Privacy and Data Security, Ilya’s expansive regulatory compliance and program-building experience as a former Chief Compliance Officer and Chief Privacy Officer two public organizations, provides Ilya with a deep foundation for advising clients in a full array of compliance matters, policy, and conducting organizational risk-based assessments.
Ilya is proficient in privacy and data security regulations including the European Union’s General Data Protection Regulation (GDPR,) the California Consumer Privacy Act (CCPA), Family Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the Children’s Online Privacy Protection Act, among others.
State Bar Licenses
- Successfully managed three class action lawsuits following a major, enterprise-wide security incident while advising client on the implementation of proactive risk mitigation strategies contributing to a favorable settlement with plaintiffs and recognition by regulators of best in class incident response and vendor management programs.
- Effectively managed a cross-functional team to perform enterprise-wide GDPR gap assessments and designed and implemented policies, processes, notices, and consent frameworks for clients in the clinical research, health services, education services, and professional services industries.
- Designed and implemented inaugural Privacy Program and Privacy and Data Governance frameworks fora major public R1 research Higher Education Institution.
- Successfully negotiated hundreds of negotiations with client vendors leading to robust Privacy and Cyber Security protections of client data and the inclusion of terms transferring risks to vendors.
*Experience completed prior to joining Clark Hill.