Samuel D. Goldstick

Senior Counsel

Samuel D. Goldstick

Senior Counsel

Samuel (Sam) Goldstick is a data privacy and cybersecurity attorney, advising clients across a broad range of industries on all aspects of compliance with international, federal, and state data privacy and security laws. He is a senior counsel in the firm’s Technology Transactions, Cybersecurity, and Privacy Practice, and a member of the Sports & Entertainment Industry Team and Innovative Technology Sector.

Sam counsels companies in nearly every sector of the economy — including the retail, hospitality, manufacturing, financial services, health care, insurance, sports, aerospace, energy, government contracting, education, information technology, transportation, and travel industries — on a full array of data privacy and security compliance issues, such as those involving:

  • Data breach notification requirements at the state, federal, and international level
  • EU and UK General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and other similar comprehensive U.S. state consumer privacy laws
  • Gramm-Leach-Bliley Act (GLBA)
  • The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation
  • State insurance data security laws (including those modeled after the NAIC model law)
  • Illinois’ Biometric Information Privacy Act (BIPA) and other state biometric privacy laws
  • Telephone Consumer Protection Act (TCPA) and state law equivalents
  • Health Insurance Portability and Accountability Act (HIPAA) and state law equivalents
  • Department of Defense (DoD) cybersecurity requirements for federal contractors, including DFARS 252.204-7012, NIST SP 800-171, and CMMC

Sam assists clients of all sizes with their incident preparedness, such as reviewing and updating incident response (IR) policies and procedures, negotiating three-party agreements with forensics and other third-party IR providers to help maintain attorney-client privilege and work product protections during an incident, and running tabletop exercises that simulate real-life cyber-attacks.

On the reactive front, Sam frequently guides clients through the entire incident response process, from the early stages of the investigation to the notification of affected individuals and government regulators, as well as through any resulting enforcement actions or regulatory investigations. To date, Sam has handled hundreds of data breaches and security incidents for clients, and his depth of experience in this area allows him to provide clients with practical and business-oriented solutions in the event of a data incident and its aftermath.

Representative Experience

  • Negotiated more than 50 different vendors’ GDPR DPAs on behalf of a large financial institutional client.
  • Advised a Fortune 10 company on the applicability of new U.S. state comprehensive consumer privacy laws and recommended measures for compliance in connection with a myriad of business initiatives.
  • Updated website terms of use and general online and offline privacy policies with jurisdiction-specific addendums (i.e., GDPR, CCPA/CPRA, VCDPA, and CPA) for global retailers, sports clubs, and manufacturers, among many others.
  • Developed a practical handbook for a large insurer to use in responding to consumer rights requests under the CCPA/CPRA (with model templates).
  • Updated an extensive set of information security policies for a mutual insurance company to align with applicable requirements under HIPAA, PCI DSS, and relevant state insurance data security laws.
  • Updated IR and crisis communications policies for, proactively entered into a three-party forensic agreement with an IR provider (to maintain privilege and work product protections) on behalf of and helped facilitate separate tabletop exercises simulating mock breaches for, a global electronics manufacturing services company.
  • Counseled a global aerospace defense contractor through a DoD-reportable “cyber incident” involving controlled unclassified information (CUI) and handled regulatory follow-ups on their behalf.
  • Guided a self-funded employee health plan through a complex OCR investigation and prepared a sophisticated response with over 20 exhibits to an OCR data request, in connection with a HIPAA breach that affected over 2,000 individuals.
  • Guided an insurance vendor through a data breach affecting over 4 million individuals and managed the entire notification process from start to finish (including interfacing with regulators).

Awards and Recognition

  • Best Lawyers: Ones to Watch in America™ – Technology Law (2021-2025)

Affiliations

  • Certified Information Privacy Professional – United States (CIPP/US)
  • Certified Information Privacy Professional – Europe (CIPP/E)
  • Member, International Association of Privacy Professionals (IAPP)
  • Member, American Bar Association (ABA)
  • Member, Chicago Bar Association Cyber Law & Data Privacy Committee
  • Member, Midwest Cyber Security Alliance (MCSA)

Presentations and Publications

  • Moderator, “Masterclass: Supply Chain Due Diligence” Panel, Lexology Live: Cyber Risk, New York, NY (June 20, 2024)
  • Co-presenter, “Episode 7: Data Privacy Deadline for Colorado and Connecticut,” Innovative Technology Insights Podcast (July 13, 2023)
  • Panelist, “Risky Business,” University of Notre Dame’s IDEA Week (April 20, 2023)
  • Co-presenter, “Deadlines Fast Approaching For Compliance with New U.S. Consumer Privacy Laws and Latest Cybersecurity Legal Developments,” Foley’s CLE Weeks (November 16, 2022, and December 14, 2022)
  • Co-presenter, “Cybersecurity: Ransomware Update & Anatomy of A Tabletop Exercise” Original Equipment Suppliers Association (OESA) Chief Financial Officers Council Meeting (June 8, 2022)
  • Co-presenter, “The Evolving State of Cybersecurity & Consumer Data Privacy Laws in the US and Related Vendor Contract Negotiation Tips,” Foley’s CLE Week (November 18, 2021, and December 15, 2021)
  • Co-author, “Appellate Court ruling on limitation periods for biometric data-related claims,” article published by OneTrust DataGuidance (November 2021)
18 October 2024 In the News

Samuel Goldstick Discusses Emerging Cybersecurity Concerns for Connected Vehicles

Foley & Lardner LLP senior counsel Samuel Goldstick offered insight on the growing regulatory scrutiny on connected vehicles in the Automotive Dive article, "The auto industry’s cybersecurity challenges are mounting, experts say."
01 September 2024 Honors and Awards

Steven Millendorf and Samuel Goldstick Appointed to American Bar Association Leadership Positions

Foley & Lardner LLP partner Steven Millendorf and senior counsel Samuel Goldstick have been appointed to multiple leadership positions within the American Bar Association's Science & Technology Law Section.
27 August 2024 In the News

Samuel Goldstick Assesses Data Privacy Challenges for Automakers

Foley & Lardner LLP senior counsel Samuel Goldstick underscored how disclosure can help automakers reduce legal risk in the Automotive Dive article, "Automakers face growing data privacy challenges, experts say."
23 August 2024 Innovative Technology Insights

National Public Data Hack Exposes Millions: Essential Steps to Safeguard Your Identity and Combat Fraud

The recent massive data breach at National Public Data, a background check company, has potentially compromised the personal information of millions, if not billions, of individuals, including their Social Security numbers, dates of birth, phone numbers, current and past addresses, the names of siblings and parents, and other information.
09 April 2024 Manufacturing Industry Advisor

Combatting Supply Chain Cyber Threats: Safeguarding Data and Protecting Digital Supply Chains

As supply chains have become more digitized and interconnected, they have also become more vulnerable to a range of cyber threats.
21 September 2023 Deals and Wins

Foley Advises Knowles Corporation in Acquisition of Cornell Dubilier

Foley & Lardner LLP served as legal adviser to Knowles Corporation, a leading global supplier of high performance components and solutions, including ceramic capacitors and radio frequency filters, advanced medtech microphones, balanced armature speakers, and audio solutions, in entering a definitive agreement to acquire Cornell Dubilier.