- Advised a prominent investment management firm with multiple affiliates in developing and implementing an enterprise-wide information security program, assessing its practices for managing and securing sensitive information and identifying artifacts of compliance to demonstrate comprehensive cybersecurity compliance using CIS 20 Critical Controls, NIST SP 800-171, the Gramm Leach Bliley Act Safeguards Rule, the New York Department of Financial Services cybersecurity requirements, the Massachusetts Data Security Law, and the California Consumer Protection Act reasonable security requirements.
- Advised a prominent telecommunications provider in developing a comprehensive information security program.
- Provided ongoing analysis and advice to a leading auto information and technology platform in compliance with the California Consumer Protection Act and security incident response.
- Advised a critical infrastructure client on developing its cybersecurity governance program, evaluating privacy and security practices, and drafting and operationalizing policies.
- Advised multiple Fortune 500 and 1000 companies involved in business email compromises and ransomware attacks, requiring complex forensic investigation, and extensive data review and restoration processes, as well as in follow-on regulatory inquiries.
- Advised multiple SEC-registered investment advisers, broker-dealers, and public companies on their cybersecurity policies and procedures, including their cyber disclosures.
- Assisted a global payment solutions retailer evaluating its cybersecurity maturity and prepare for multi-state financial examination, assessing its IT infrastructure and practices against the New York State Department of Financial Services cybersecurity requirements.
- Assisted health care plans and business associates in their incident response efforts and follow-on federal and state regulatory investigations.
- Advised multiple global payment processors on compliance with Payment Card Industry Data Security Standard requirements.
- Assisted health care and financial services companies in tabletop exercises of clients’ incident response plans.
Alysa Austin
Senior Associate,
- Phone: +1 202 239 3130
- Email: alysa.austin@alston.com
Alysa’s experience with the Department of Homeland Security and background in the privacy and cybersecurity space offers her key experience to call upon for handling clients’ data security needs.
- Represented multiple Fortune 500 companies in data privacy and security due diligence and assessing potential risk during the merger & acquisition process.
- Represented clients in state regulatory inquiries involving compliance with the California Consumer Protection Act.
- Advised leading global brands on multinational technology initiatives.
- Represented a large manufacturing company involved in an attempted ransomware attack that required a subsequent forensic investigation, advising on relevant legal obligations and strategy and handling several government investigations related to the incident.
Alysa Austin is a senior associate on Alston & Bird’s Privacy, Cyber & Data Strategy team. She provides security, privacy, and compliance counseling to clients across a variety of industries including the financial services, health care, communications, retail, and emerging tech sectors. Alysa has experience working with clients to structure their information governance programs and processes and has partnered with in-house legal teams to provide advice on privacy and security issues. She regularly advises on complex investigations of cybersecurity incidents including ransomware attacks, vulnerability disclosures, and other cyber crises. She also advises on compliance and transactional issues at the state, federal, and international levels.
Alysa obtained her LL.M. from Georgetown University Law School in cyber and national security law, and served as a law clerk, and then special counsel, to Chief Judge Robert E. Morin of the Superior Court of the District of Columbia. Alysa also externed for the U.S. Department of Homeland Security’s Intellectual Property Group, where she focused her work on technology transactions and global privacy matters.
Alysa is a member of the International Association of Privacy Professionals and is a Certified Information Privacy Professional (CIPP) in the U.S. She has also been named a “Rising Star” by the American Bar Association’s Science & Technology Law Section and currently serves as vice chair of the section’s Homeland Security Committee.
Bar Admissions
- California
- District of Columbia
- Virginia
Education
- Georgetown University (LL.M., 2015)
- University of San Diego (J.D., 2014)
- Point Loma Nazarene University (B.A., 2009)
Memberships
- American Bar Association, Science & Technology Law Section, Homeland Security Committee, vice chair; Nominating Committee
- Certified Information Privacy Professional (CIPP-US)
Healthy Byte | OCR Seeks Comment on Recognized Security Practices, Penalties, and HIPAA Settlement Sharing
Alysa Austin and Lance Taubin discuss OCR expectations for implementing recognized security practices, the steps covered entities should be taking now, what should constitute a compensable “harm,” and payment methodologies to determine settlement sharing.- Technology
- Privacy, Cyber & Data Strategy
- Litigation
- California Privacy & the CCPA
- Crisis & Data Breach Response
- Board Governance & Cyber Risk Management
- AI Cybersecurity & Privacy
- HIPAA/Health Information Privacy, Security & Breach Response
- National Security & Digital Crimes
- Privacy & Cyber Regulatory Enforcement
- Privacy & Cybersecurity Litigation
- Ransomware Fusion Center