Steve Millendorf headshot.

Steven M. Millendorf

Partner

Steve Millendorf is a seasoned privacy and cybersecurity attorney with over two decades of experience as an engineer. Steve’s practice focuses on counseling a broad range of clients on privacy, cybersecurity, and intellectual property matters. He is a partner in the firm’s Technology Transactions, Cybersecurity, and Privacy Practice and is recognized by the International Association of Privacy Professionals (IAPP) as a Fellow of Information Privacy. He holds certifications from the IAPP as a Certified Information Privacy Professional in the United States and European privacy laws (CIPP/US and CIPP/E), as well as a Certified Information Privacy Manager (CIPM).

Privacy and Cybersecurity

Steve is a privacy and cybersecurity lawyer with a broad range of experience assisting clients with their privacy and cybersecurity issues, including data mapping activities, data ownership and monetization, data incident management, breach response and recovery, data subject request policies and form responses, privacy notices, and the development and maintenance of various privacy and cybersecurity policies and procedures that include industry best practices and guidance together with evolving legal requirements.

Steve’s experience includes all aspects of developing and maintaining compliance programs for many U.S. and international general privacy and security laws, including:

  • EU General Data Privacy Rights Act (GDPR)
  • UK General Data Protection Regulation and the Data Protection Act of 2018 (UK-GDPR)
  • California Consumer Privacy Act of 2018 (CCPA) and California Privacy Rights Act (CPRA)
  • Virginia Consumer Data Privacy Act (Virginia CDPA)
  • Colorado Consumer Privacy Act (Colorado CPA)
  • Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada’s Anti-SPAM Law (CASL)
  • Other state legal requirements to privacy, data security, data breach notification, and consumer protection. In addition, Steve also has expertise in other U.S. sectoral privacy laws, such as CAN-SPAM, COPPA, TCPA, and the New York Cybersecurity Regulation.

Technology Transactions and Intellectual Property Counselling

Technology transactions and intellectual property counseling are also a major focus of Steve’s practice. He regularly advises clients on open source software license issues, and prepares and negotiates data processing agreements, data sharing agreements, open source policies and procedures, protection of intellectual property policies and procedures, professional service agreements, software license agreements, software as a service agreements, development agreements, website and application terms of use and end user license agreements (EULA), cloud agreements, artificial intelligence & machine learning development and use agreements, patent license agreements, and many other types of technology agreements, policies, and procedures.

Steve regularly leverages his breadth and depth in these areas to address the complexities of privacy and cybersecurity issues that are present in almost every technology transaction, as well as to support various M&A activities in the areas of privacy, cybersecurity, intellectual property, and information technology.

Trusted, Practical, and Actionable Advice

With more than two decades of engineering experience on the cutting edge of technology, Steve is regularly viewed as a “trusted advisor” to his clients and regularly collaborates with R&D, IT, risk, forensics, dark web, communications, and other professionals together with senior management, c-suite, and board members to bring a practical, multidisciplinary approach help his clients navigate today’s complex legal framework and solve our client’s complex technology and business problems.

Prior Experience

Steve’s engineering experience prior to his legal career spans over two decades. While attending law school, Steve was a senior staff hardware security engineer at Qualcomm, where he led the design and development activities for the security features for most of Qualcomm’s chip devices used in smartphones, tablets, cellular modems, and other personal computing devices. He was also recognized as a Subject Matter Expert (SME) by Qualcomm’s Government Technologies Division, where he previously held U.S. security clearance and supported the company’s federal, state, and local government partners in understanding the security of mobile devices.

Before his employment at Qualcomm, Steve worked as an ASIC design engineer in various ground-breaking technologies, such as network security processors for HIFN, some of the first broadband modems for General Instruments (now ARRIS), tape and floppy disk storage as a consultant for iOmega, and text terminals for the Applied Digital Data Systems division of NCR/AT&T. Steve is an inventor on over 10 U.S. and international patents in the areas of cryptography and security.

Representative Experience

  • Counsel clients in the area of compliance with omnibus state privacy and data security laws, including CCPA/CPRA, CalOPPA, Colorado CPA, and Virginia CDPA.
  • Advise clients on compliance with international privacy and data security laws with impacts to entities in the United States, such as EU GDPR, UK-GDPR, CASL, and PIPEDA.
  • Counsel clients for compliance with NYDFS, NAIC model laws, CAN-SPAM, COPPA, CFAA, GLBA, and other similar sector-specific regulations.
  • Advise on complex data ownership and data governance issues, including data licensing, data ownership, and ownership of intellectual property related to the use of AI technology.
  • Draft information security and privacy policies and procedures based on client’s needs and resources, such as privacy notices and information security, incident response, BYOD, document retention, social media, and other similar policies and procedures.
  • Draft and negotiate data protection agreements between data controllers and data processors as required by various privacy laws.
  • Review, draft, and negotiate a wide range of technology and intellectual property transaction agreements and documents, such as website terms of use (TOU), software license, SaaS, cloud, confidentiality, invention and IP ownership, and service agreements as well as other types of patent, copyright, and trademark development and license agreements.
  • Draft security requirements for cloud and other similar service agreements to ensure appropriate protection of data by service providers.
  • Provide training to clients regarding information security and privacy obligations.
  • Manage the relationship between strategic partners and forensics experts to assist clients through the investigation of security events and advise clients regarding notification obligations to individuals and regulators.
  • Draft and facilitate tabletop incident response exercises.

Awards and Recognition

  • Selected by San Diego Business Journal, Finalist for Cybersecurity Stewardship Awards (2024)
  • Selected by San Diego Business Journal as one of the Leaders of Influence in Technology (2024)

Affiliations

  • Member, American Bar Association
  • Member, International Association of Privacy Professionals (IAPP)
  • Member, California Lawyers Association, Privacy Section
  • Member of Executive Committee, Privacy Section of California Lawyers Association (as of September 24, 2023)
  • Co-chair, Information Security Committee, Section of Science & Technology Law, American Bar Association
  • Co-vice-chair, Privacy and Computer Crime Committee, Section of Science & Technology Law, American Bar Association
  • Fellow of Information Privacy (FIP) through the International Association of Privacy Professionals
  • Certified Information Privacy Professional – United States and Europe (CIPP/US and CIPP/E) through the International Association of Privacy Professionals
  • Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals
  • Licensed Professional Engineer (State of California)

Community Involvement

Steve serves on the editorial board of the firm’s Innovative Technology Insights blog, and regularly writes and speaks on data privacy and cybersecurity issues. He is also a co-chair of the American Bar Association’s Information Security Committee and regularly hosts and speaks at that committee’s pre-RSA meeting. Steve is also on the Executive Committee for the Privacy Law Section of the California Lawyers Association.

Steve is an active member in his community, including providing pro-bono legal services for Helen Woodward Animal Center as well as actively volunteering in that organization’s telethon and other fundraising activities.

11 November 2024 Foley Viewpoints

California Privacy Protection Agency Approves Regulations for Data Broker Registration and Advances Other Updates to Formal Rulemaking

The California Privacy Protection Agency (CPPA) made some big moves at its November 8 meeting, voting to approve draft regulations for...
05 November 2024 Foley Viewpoints

Federal Agencies Issue Joint Statement Regarding Election Interference by Foreign Actors

The Office of the Director of National Intelligence, Federal Bureau of Investigation, and the Cybersecurity and Infrastructure Security...
18 October 2024 Honors and Awards

Steven Millendorf Finalist for San Diego Business Journal's 2024 Cybersecurity Stewardship Awards

Foley & Lardner LLP partner Steven Millendorf has been named a finalist for the 2024 Cybersecurity Stewardship Awards by the San Diego Business Journal.
25 September 2024 Foley Viewpoints

California Governor Gavin Newsom Signs Two AI Bills to Protect Entertainment Industry Performers

With a little less than two weeks to go in this year's signature or veto frenzy, California Governor Gavin Newsom signed two bills on...
22 September 2024 Foley Viewpoints

California Governor Newsom Vetoes Bill That Would Require Browser Developers to Implement Opt-Out Preference Signal

California Governor Gavin Newsom has vetoed the proposed (and somewhat controversial) AB 3048. The bill would have required web browser...
13 September 2024 Foley Viewpoints

European Commission Announces New Initiative for an Additional Type of Standard Contractual Clauses

The European Commission has announced the launch of a new initiative to develop an additional type of standard contractual clauses (SCCs)...