- Represented a national auto lender in reporting a data security event to the New York Department of Financial Services in the context of licensing and in the wake of the department’s new cybersecurity rules.
- Assisted a large cable and telecommunications system in achieving global Tier 1 PCI-DSS compliance.
- Assisted a leading entertainment company with devising and harmonizing information security policies for the holding corporation and across all operating divisions. Facilitated deeply technical discussions to marry policy/compliance efforts with IT operations.
- Negotiated for businesses on privacy, cybersecurity, and Internet governance issues within international bodies, including the World Wide Web Consortium (WC3) and the Internet Corporation for Assigned Names and Numbers (ICANN).
- Served clients in a virtual consultancy role as CISO or chief privacy officer as clients needed interim assistance.
- Phone: +1 202 239 3791
- Email: amy.mushahwar@alston.com
Amy Mushahwar is a partner on the Privacy, Cyber & Data Strategy team. Amy has over 20 years of experience in the technology space and focuses her practice on data security, cyber risk, privacy, and emerging technologies.
Amy advises clients on proactive data security practices, data breach incident response, and regulatory compliance. She handles security incidents and has interacted with federal and state agencies and forensic service providers, overseen investigations, and designed post-incident response notification and remediation plans. In addition to her incident response work, Amy provides compliance support on applicable security laws, PCI-DSS, and security audit standards such as NIST. She also facilitates in-depth security incident simulations.
Amy regularly advises clients on conducting practical assessments for cyber risk when working with vendors and other business partners, including review of applicable insurance policies and riders.
Amy assists clients in compliance with numerous privacy laws, such as the CCPA, TCPA, COPPA, GLBA, and FCRA, as well as in federal and state unfair and deceptive trade practices law pertaining to privacy.
Amy counsels clients on the process of digital transformation, implementing technologies such as automation, cloud computing, virtualization, virtualized networking, containerized environments, Big Data (data warehouses and data lakes), and artificial intelligence.
Amy is a former technology consultant and chief information security officer (CISO), and previously owned and operated a technology consulting company.
Bar Admissions
- Virginia
- District of Columbia
Education
- The Catholic University of America (J.D., 2005)
- The George Washington University (B.A., 2001)
Memberships
- American Bar Association
- International Association of Privacy Professionals
- InfraGard National Capital Region
- White Hat Gala, Children’s Hospital Charity Dinner Committee
- Executive Women’s Forum: Information Security, Risk Management & Privacy, contributor
- CISO Executive Network, contributor (2009–2014)
- Federal Communications Bar Association (2001–2014)
Court Admissions
- U.S. Supreme Court
- U.S. District Court for the Eastern District of Virginia
- Privacy, Cyber & Data Strategy
- Technology
- White Collar, Government & Internal Investigations
- Payments & Fintech
- State Attorneys General Practice Team
- Connected & Autonomous Vehicles
- National Security & Digital Crimes
- Committee on Foreign Investment in the United States (CFIUS)
- Insurance
- Retail
- Consumer Financial Services
- Consumer Protection/FTC
- Cybersecurity & Risk Management
- California Privacy & the CCPA
- Litigation
- Crisis & Data Breach Response
- Blockchain & Digital Assets
- Artificial Intelligence