Gretchen Ramos

Gretchen A. Ramos


Gretchen Ramos advises numerous multinational companies in various industries in the rapidly changing field of privacy and data security. A Certified Information Privacy Professional in both the US and Europe, she is also thoroughly knowledgeable on data protection laws in Asia Pacific. She advises clients on a wide range of compliance issues, making sure policies and procedures are in place both to protect against data breaches and to deal with them should they occur, and to make sure clients have sufficient security measures in place to protect the data and support the privacy policies. She also regularly assists companies in handling all matters relating to data incidents where personal data was accessed by unauthorized computer hackers, including attorney general and other law enforcement notifications, and customer notifications.

Gretchen currently serves as privacy counsel for several Northern California technology companies, including various genomic data companies, and assists them with addressing complicated privacy issues, improving their privacy programs and planning for EU GDPR compliance. She works with her clients to manage data so as to leverage its value in ways that meet compliance obligations and also deliver value to the business and instil consumer trust. Gretchen’s clients come from diverse business sectors, including technology, consumer products, healthcare and life sciences, manufacturing, academic institutions and non-profits. She has guided various organizations through privacy and security assessments and regularly drafts and negotiates data transfer agreements.

Gretchen has successfully litigated, mediated and arbitrated small and large commercial disputes, including class actions, at state and federal courts nationwide. Her extensive litigation background allows her to advise clients on the litigation risks they face in determining how to handle various privacy issues. In addition to providing compliance advice, Gretchen defends companies facing individual and class action claims involving privacy, information security and consumer protection.

Gretchen regularly speaks, publishes and blogs on current privacy and security issues.


  • Counsels several technology companies on how to develop and implement their privacy and security program and plan for GDPR compliance.
  • Assists various genomic data companies with developing global privacy programs by advising on and leading compliance efforts relating to GDPR, Privacy Shield certification, HIPPA, HITRUST and various other applicable regulations in the US and abroad as their business expand.
  • Guides various companies in developing develop systems that will enable their organizations to respond to data subject’s requests for erasure, correction and portability of personal data.
  • Advises various multinational corporations on international data transfer mechanisms, including Privacy Shield, Binding Corporate Rules (BCRs) and APEC’s Cross Border Privacy Rules (CBPR) system.
  • Coordinates data mapping activities and data protection impact assessments for various organizations.
  • Developed a global privacy program for a large auto parts company in Singapore with operations in more than a dozen Asian countries.
  • Inform companies on new and evolving data protection and privacy laws in the countries where they operate or plan to operate in the future, and counsel on the application of these laws to new products, services and applications. Work with security teams to ensure security in place supports procedures contained in information security and privacy policies.
  • Provide guidance to companies on cyber insurance issues and handling coverage disputes that arise with insurers.
  • Assisted numerous companies in handling all matters relating to data incidents where personal information was accessed by unauthorized computer hackers, including attorney general and other law enforcement notifications and customer notifications.


  • Northeastern University, J.D., 1996
  • Hamilton College, B.A., Phi Alpha Theta, 1993


  • California, 1998
  • Massachusetts, 1996

{{}} {{insights.source}} {{insights.type}}

  • Panelist, “Caserta & Waterline Data Discuss GDPR Compliance,” Big Data Warehouse Meetup, New York, October 11, 2017.
  • Author, “The Road to Becoming a Certified Data Privacy or Cybersecurity Professional,” American Bar Association, October 2017.
  • Presenter, “2017 Data Privacy and Security Conference: What’s Your Privacy Story?” ACC National Capital Region, McLean, September 13, 2017.
  • Presenter, “Legal Superheroes, Vol. 2, Second Annual Compliance Day,” ACC San Francisco Bay Area Chapter, Burlingame, June 8, 2017.
  • Panelist, “GDPR: Are You Ready? Mapping the Road to GDPR and ePrivacy Compliance to Avoid Significant Penalties,” Squire Patton Boggs, San Francisco, June 1, 2017.
  • Panelist, “Privacy and Genomic Data: What are the Real Risks?” IAPP Europe Data Protection Congress, Belgium, November 9, 2016.
  • Moderator, “A Collision Course or a Speedbump: IoT Vulnerabilities and Cybersecurity,” Squire Patton Boggs Autonomous Driving Series, San Francisco, November 2, 2016.
  • Moderator, “Briefing on Safe Harbor & the EU-US Privacy Shield Framework,” and Speaker, “Breach Recovery & Post Breach Steps,” Executive Women's Forum Annual Conference, Scottsdale, October 26-27, 2016.
  • Co-presenter, “The EU General Data Protection Regulation: Preparing for Substantial Changes on the Horizon,” Irish American Bar Association, San Francisco, May 2016.
  • Co-presenter, “Comparing Data Privacy and Cybersecurity Regimes,” to the l'Institut des Hautes Etudes de l'Entreprise, San Francisco, April 2016
  • Author, “Working with German Companies to Navigate Complex Litigation, Advise on Corporate Matters, and Solve Privacy and Data Security Issues,” German American Trade Quarterly, October 2015.
  • Panelist, "Your Playbook to Managing Multi-Jurisdictional Litigation", Women, Influence & Power in Law Conference, Washington DC, October 29, 2015.
  • Panelist, "Security Meets Privacy," Women in Security and Privacy, April 1, 2015.
  • Co-author, “Cybersecurity and Medical Devices: Reality Bytes,” ACC Docket, October 2014.
  • Moderator, “Big Data and the Future of Data Centers,” Big Data & Information Security – A Transatlantic Perspective, a panel series organized by the German Federal State of Saxony-Anhalt and the German American Chamber of Commerce, at Datameer, San Francisco, September 23, 2014.
  • Presenter, “The Latest on Disputes Between Primary and Excess Carriers,” American Conference Institute’s 28th Advanced Forum on Bad Faith Claims & Litigation, San Francisco, July 30, 2014.
  • Contributing Author, “Medical Device Cybersecurity: An Emerging Area of Risk,” CNA Life Sciences POV, June 2014.
  • Presenter, “The Proposed EU General Data Protection Regulation, US eDiscovery, and Best Practices in Cross­Border Discovery,” Women in eDiscovery, May 2014.
  • Author, “Federal Cybersecurity Framework Could Influence Courts,” The Recorder, April 18, 2014.
  • Co-author, “Whither Safe Harbor?,” For the Defense, DRI, April 2014.
  • Moderator, “Data Privacy & Potential Litigation,” Minority Corporate Counsel Association CLE Expo, March 12, 2014.
  • Panelist, “Stricter EU Privacy Rules: How the Proposed Regulations May Affect Your Cross­Border Business,” Roundtable Briefing, November 2013.