skip to main content
Experience List
  • Email Page
  • Create PDF
  • Print Page

Amy Mushahwar

Amy S. Mushahwar is an experienced data privacy, security, and management attorney with more than 20 years of experience in the technology industry in both legal and technical capacities. She focuses on data security, cyber risk, and privacy issues. As both a lawyer and former technologist, Amy is adept at helping clients unravel complex systems to fully understand legal and regulatory risk.

Data Security: Amy advises clients regarding proactive data security measures, data breach incident response, and regulatory inquiries. She provides security guidance advice to clients in the following industries: financial services, energy, telecommunications, health care, retailers, and e-commerce companies. As a frequent incident response counsel, Amy has interacted with federal and state agencies, overseen forensics services and grey hat intelligence providers, prepared consumer notifications, and helped companies with remediation efforts after incidents. In addition to the incident response work, Amy provides compliance advice on applicable security laws, payment card brand security standards (the PCI-DSS), and security audit standards (i.e., the SANS Institute Center for Internet Security Critical Information Security Controls, SSAE-16, ISO, COBIT and NIST 800-53). Amy has also prepared and facilitated in-depth security incident simulations for her clients.

Cyber Risk: She regularly provides advice on how to conduct practical assessments of cyber risk when contracting with vendors, clients, and business partners. Amy continually drafts security clauses for a wide variety of services that address how companies can appropriately shift risk, monitor grey areas, or subject a party to ongoing due diligence. Amy’s contractual and risk management program guidance is also informed by her understanding of applicable insurance policies, such as those covering data breach incidents, cyber liability, and technical errors and omissions, as well as common insurance riders.

Privacy: Amy has assisted clients with complying with a number of privacy laws, such as the Telephone Consumer Protection Act (TCPA), Consumer Proprietary Network Information (CPNI) regulations, the Children’s Online Privacy Protection Act (COPPA), the Graham Leach Bliley Act (GLB), and the Fair Credit Reporting Act (FCRA), as well as in federal and state unfair and deceptive trade practices laws pertaining to privacy.

Amy’s data security and privacy advice is informed by her experience negotiating for businesses on privacy, cybersecurity, and Internet governance issues within international bodies, including the World Wide Web Consortium (WC3) and the Internet Corporation for Assigned Names and Numbers (ICANN). She has attended past ICANN meetings in Prague, Toronto, Beijing, and Durban.

Before entering the law, Amy spent several years as a technology consultant, performing network security design and implementation. From 1997 to 2001, she owned and operated a technology consulting company.

Representative Experience

National auto lender*

Reporting data security event to the New York Department of Financial Services in the context of licensing and in the wake of the Department’s new cybersecurity rules.

Cable and telecommunications system*

Assisted a large cable and telecommunications system in achieving global Tier 1 PCI-DSS compliance.

Global entertainment corporation*

Assisted the corporation with devising and harmonizing information security policies for the holding corporation and all operating divisions. Facilitated deeply technical discussions to marry policy/compliance efforts with IT operations.
* Denotes experience completed at a prior firm

Additional Qualifications

  • Counsel & Chief Information Security Officer, ZwillGen PLLC, Washington, D.C.
  • Counsel, Ballard Spahr LLP, Washington, D.C.
  • Senior Associate, Reed Smith, Washington, D.C.

Professional & Community Activities

  • International Association of Privacy Professionals, Member 2005-Present
  • American Bar Association, Member 2001-Present
  • CISO Executive Network, Contributor 2009-2014
  • Executive Women’s Forum: Information Security, Risk Management & Privacy, Contributor 2014-Present
  • Federal Communications Bar Association, Member 2001-2014
  • InfraGuard National Capital Region, Member 2009-Present
  • White Hat Gala, Children’s Hospital Charity Dinner Committee 2015-Present