Michelle's cross-disciplinary practice focuses on proactive privacy and cybersecurity counseling, data breach incident response, and post-breach civil litigation and government investigations.
Proactively, Michelle helps clients understand their obligations under privacy laws such as the California Privacy Rights Act (CPRA) and the General Data Protection Regulation (GDPR). She is also versed in the active and defensive applications of cybersecurity laws such as the Computer Fraud and Abuse Act (CFAA), Electronic Communications Privacy Act (ECPA), and Section 230 of the Communications Decency Act (CDA).
Michelle partners with clients to build strategic cyber and privacy programs - including by drafting relevant policies and procedures, developing incident response plans, and conducting tailored tabletop exercises to simulate breaches.
In the event of a data breach, Michelle guides clients through effective incident response including containment, remediation, forensic analysis, threat actor negotiations, stakeholder communications, and potential notice obligations. She also represents clients in post-breach civil litigation and government investigations.
Michelle is a Certified Information Privacy Professional in United States privacy law (CIPP/US).
Prior to joining the firm, Michelle worked in San Francisco to represent and advise clients across all sizes and industries on privacy and cybersecurity matters.
She has also worked in various arms of the public sector, including the Computer Hacking and Intellectual Property Unit (CHIP) at the U.S. Attorney's Office for the Northern District of California; the Department of Justice's Office of International Affairs (OIA) in Washington, D.C.; and the U.S. Embassy in Vilnius, Lithuania.