Cam[bell Robin

Robin B. Campbell

Partner

Robin Campbell co-leads our Data Privacy & Cybersecurity Group and is a member of our Healthcare Practice. Robin brings first-hand understanding of the day-to-day issues faced by clients, having been seconded to clients to manage privacy in-house three times, twice in the automotive sector and once in healthcare. Robin’s practice focuses on a wide array of privacy and security issues, including the development and implementation of information management strategies for the handling of personal information.

Robin focuses on providing practical solutions for data security and privacy risk management. She works closely with clients to analyze the risks associated with new technologies, data use or transfers and to develop appropriate controls to reduce those risks. She focuses on the automotive industry, including connected cars and autonomous vehicles (AV), as well as on the IoT space more generally. She covers both US and international laws, including an in-depth knowledge of the EU Data Protection Directive, the General Data Protection Regulation (GDPR) and international data transfers.

Robin has worked with clients to structure complex data consolidation plans and large outsourcing agreements. She drafts and negotiates contractual agreements concerning the use of personal and protected health information, security and confidentiality, as well as the privacy and security components of more general contractual agreements. She also focuses on state and HITECH breach notification statutes, advising clients on both safeguard protocols and response plans in advance of a breach and notification procedures and best practices after a security breach. Robin also provides privacy-related training for clients.

Robin’s experience also includes serving as a special consultant to Hewlett Packard (HP) Europe in Geneva, Switzerland, while the European Data Protection Directive was in the early stages of implementation. While at HP, Robin worked with a cross-functional task force to develop a global compliance strategy under both the EU Directive and the Safe Harbor requirements. The task force acted as a European advisory body on the new privacy legislation, a central point of contact for all questions related to privacy and data protection, and it promoted a detailed policy framework within the company for handling personal data in its daily business.

Robin regularly publishes and presents on current privacy and security issues. Additionally, she is a member of IAPP’s Professional Privacy faculty and has earned her CIPP/US and CIPM certifications.

Explore

  • After a five-month secondment to a major automobile manufacturer, Robin continues to advise on establishing policies and procedures to address next generation technology, developing and releasing mobile applications and best practices for data usage. She is assisting the autonomous vehicles team in assessing the risks associated with AV technology and utilizing privacy by design to reduce those risks.
  • Defended a national health plan after a 2 million person security breach from initial investigation and response through numerous regulator enforcement actions and class action lawsuits. She defended the client against multiple state Attorneys General investigations and enforcement actions and received a rare “no HIPAA violation” finding from the HHS Office of Civil Rights after a two-year post-incident investigation.

Education

  • Angelo State University, B.A., cum laude, 1987
  • University of London, International Law, 1989
  • University of Texas School of Law, J.D., 1990

Admissions

  • District of Columbia, 2005
  • California
  • Named as a Cybersecurity & Data Privacy Trailblazer by National Law Journal 2016

{{insights.date}} {{insights.source}} {{insights.type}}

  • Presenter, “Autonomous Vehicles,” Cyber Security Workshop for Smart Mobility, Beersheba, Israel, October 30, 2017.
  • Presenter, “The Connected Place,” 2017 Greater Phoenix Economic Council Executive Mission, Washington DC, May 3, 2017.
  • Presenter, “Role of the Compliance Officer in Privacy Compliance,” Society of Corporate Compliance and Ethics (SCCE), DC Regional Conference, September 2016.
  • Presenter, “A Primer on Cyber Damages and How to Avoid Them,” American Bar Association, National Legal Malpractice Conference, April 8-10, 2015.
  • Presenter, “Guess What? Youre Now Subject to HIPAA (Yes, You!): The Broad Reach of HIPAA over Business Associates,” AllClear ID Data Breach Response Services Webinar, November 2013.
  • Presenter, “Whos on First? And Second? And Third?: The Enforcement Interplay between Federal and State Regulators and Private Lawsuits When a Breach Happens,” Blue National Summit, Orlando, Florida, September 2012.
  • Presenter, “Navigating the Landmines of Data Security Breaches: Practical Lessons Learned in Unearthing, Disarming, and Avoiding Cyber Threats and Digital Disasters,” ABA SciTech Homeland Security and PCL Cybersecurity CommitteesProgram, Washington DC, April 2012.
  • Presenter, “Security Breach and Records Management Best Practices,” Records Management Association (ARMA), February 2012.