Robin Campbell is senior advisor for our Data Privacy, Cybersecurity & Digital Assets Practice and is a member of our Healthcare Group. Robin brings first-hand understanding of the day-to-day issues faced by clients, having been seconded to clients to manage privacy in-house three times: twice in the automotive sector and once in healthcare. Robin’s practice focuses on a wide array of privacy and security issues, including the development and implementation of information management strategies for the handling of personal information.

    Robin focuses on providing practical solutions for data security and privacy risk management. She works closely with clients to analyze the risks associated with new technologies, data use or transfers and to develop appropriate controls to reduce those risks. She focuses on the automotive industry, including connected cars and autonomous vehicles (AV), as well as on the IoT space more generally. She covers both US and international laws, including an in-depth knowledge of the EU Data Protection Directive, the General Data Protection Regulation (GDPR) and international data transfers.

    Robin has worked with clients to structure complex data consolidation plans and large outsourcing agreements. She drafts and negotiates contractual agreements concerning the use of personal and protected health information, security and confidentiality, as well as the privacy and security components of more general contractual agreements. She also focuses on state and HITECH breach notification statutes, advising clients on both safeguard protocols and response plans in advance of a breach and notification procedures and best practices after a security breach. Robin also provides privacy-related training for clients.

    Robin’s experience also includes serving as a special consultant to Hewlett Packard (HP) Europe in Geneva, Switzerland, while the European Data Protection Directive was in the early stages of implementation. While at HP, Robin worked with a cross-functional task force to develop a global compliance strategy under both the EU Directive and the Safe Harbor requirements. The task force acted as a European advisory body on the new privacy legislation, a central point of contact for all questions related to privacy and data protection, and it promoted a detailed policy framework within the company for handling personal data in its daily business.

    Robin was selected by the US Department of Commerce and the European Commission as an Arbitrator for the EU-US Privacy Shield and is a member of Law360’s Cybersecurity & Privacy Editorial Advisory Board, as well as Cognomotiv, an automotive and transportation data services company. She has earned her CIPP/US and CIPM certifications and was a member of IAPP’s Professional Privacy faculty. Robin regularly publishes and presents on current privacy and security issues.

    Award Mouse thought multimedia interface book medal screen monitor
    • After a five-month secondment to a major automobile manufacturer, continues to advise on establishing policies and procedures to address next generation technology, developing and releasing mobile applications and best practices for data usage. Assisting the autonomous vehicles team in assessing the risks associated with AV technology and utilizing privacy by design to reduce those risks.
    • Defended a national health plan after a 2 million-person security breach from initial investigation and response through numerous regulator enforcement actions and class action lawsuits. Defended client against multiple State Attorneys General investigations and enforcement actions and received a rare “no HIPAA violation” finding from the HHS Office of Civil Rights after a two-year post-incident investigation.


    • University of Texas School of Law, J.D., 1990
    • University of London, International Law, 1989
    • Angelo State University, B.A., cum laude, 1987


    • District of Columbia, 2005
    • California, 1990
    • Selected to serve on Law360’s 2018 Cybersecurity & Privacy Editorial Advisory Board
    • Named as a Cybersecurity & Data Privacy Trailblazer by National Law Journal 2016

    {{}} {{insights.source}} {{insights.type}}
    {{blog.title}} {{blog.source}}

    • Presenter, “Finding the Balance When Putting Your Data to Work – Best Practices for Information Governance,” ACC National Capital Region, McLean, VA, November 13, 2018.
    • Presenter, “Cybersecurity Risk Assessment: The Roles of Legal and IT,” Privacy + Security Forum, Washington DC, October 5, 2018.
    • Moderator, “Challenges and Benefits of Autonomous Vehicle Innovation,” Infrastructure Week 2018: The State of Autonomous Vehicle Innovation and Infrastructure Resiliency, Washington DC, May 15, 2018.
    • Speaker, “Privacy and Data Security Forum: GDPR Readiness Check and Ways to Jumpstart your Compliance,” ACC National Capital Region, McLean, VA, March 9, 2018.
    • Speaker, “Embracing Technology: Autonomous Vehicles are Driving Smart Cities,” Urban Land Institute Arizona, Trends Day 2018, Phoenix, AZ, February 23, 2018.
    • Presenter, “Autonomous Vehicles,” Cyber Security Workshop for Smart Mobility, Beersheba, Israel, October 30, 2017.
    • Presenter, “The Connected Place,” 2017 Greater Phoenix Economic Council Executive Mission, Washington DC, May 3, 2017.
    • Presenter, “Role of the Compliance Officer in Privacy Compliance,” Society of Corporate Compliance and Ethics (SCCE), Washington DC Regional Conference, September 2016.
    • Presenter, “A Primer on Cyber Damages and How to Avoid Them,” American Bar Association, National Legal Malpractice Conference, April 8-10, 2015.

    Award Mouse thought multimedia interface book medal screen monitor