Kristen Bertch, CIPP/US, leverages her technical experience and knowledge of the data security and privacy legal landscape to help clients across a spectrum of industries on cybersecurity and privacy issues and related regulatory compliance matters. Kristen advises clients on complex and cutting edge technologies used for the collection, processing, and storage of data.
Her practice also includes providing advice on complying with data security standards such as ISO 27001 and SOC 2 Type 2, and data protection laws relevant to U.S. organizations, such as the HIPAA Security Rule. She further assists clients with data breach response, developing appropriate external policies and procedures, and performing risk assessments.
Security standard compliance and data breach response
Assessed clients' current policies and procedures against relevant security standard requirements. Worked with clients to address and recover from a range of data incidents including ransomware attacks, business email compromise incidents and inadvertent disclosures of personal information.
Advised clients on compliance with privacy regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California Consumer Protection Act (CCPA), General Data Protection Regulation (GDPR), Children's Online Privacy Protection Act (COPPA), and Family Educational Rights and Privacy Act (FERPA).
Privacy and data security provisions
Drafted appropriate privacy and data security provisions in contracts with third parties by working with clients to better understand their business, data handling practice, privacy and data security needs, and how third parties will access and handle any client data.
Admitted to Practice
District of Columbia, 2017
J.D., University of Maryland School of Law, 2016
- University of Maryland Law Journal of Race, Religion, Gender, and Class
- Research Assistant
B.A., Criminal Justice, University of Pittsburgh, 2012, magna cum laude
Memberships & Affiliations
- CIPP/US, International Association of Privacy Professionals
- Selected to a list of "Ones to Watch" in Privacy and Data Security Law (Washington, D.C.), Best Lawyers, 2023
- Associate, Whiteford, Taylor, & Preston LLP, Baltimore, 2019-2021
- Attorney, Eversheds Sutherland (US) LLP, Washington, D.C., 2016-2019
- Contract Attorney, FHLBanks Office of Finance, Reston, Va., 2016
- Legal Intern, Division of Privacy and Identity Protection, Bureau of Consumer Protection, Federal Trade Commission, Washington, D.C., 2015
- Legal Intern, Future of Privacy Forum, Washington, D.C., 2015