Amber Mulcare is an associate in the Data Privacy, Cybersecurity & Digital Assets Practice. Her experience spans a wide range of complex privacy, cybersecurity, technology and emerging company matters across an array of sectors.

    Amber has assisted with various data breaches of information, including PII, PHI and CUI; coordinated multijurisdictional notifications, including state attorneys general and the FTC, when necessary; crafted internal and external communication for clients to deliver; and coordinated with forensic specialists and other consultants, as needed. She has also conducted assessments of cybersecurity risks, including for an emerging health IT company that had PHI at risk; assessments including the review of the clients systems, evaluating IT, HR, engineering, development, and security employee processes and role-based access; reviewed vendor relationships and contracts; met with the aforementioned teams to conduct interviews; and developed remediation plans for compliance with the appropriate laws and security best practices.

    Amber’s practice also extends to assessing and reviewing compliance with global, federal, and state laws, including GDPR, the Brazilian Protection of Personal Data Law, the India Right to Privacy Law, HIPAA, CAN-SPAM, COPPA, CCPA, CA IoT law, and state biometric laws.

    Award Mouse thought multimedia interface book medal screen monitor
    • Advising on cross-border data transfer matters.
    • Reviewing and drafting privacy policies, as well as letters to users that violate such terms.
    • Working on complex litigations, including drafting dispositive motions, conducting research, assisting with damages calculations, and drafting interview outlines to prepare for fact and 30(b)(6) depositions.
    • Advising clients on digital health matters, including health applications, HIPAA, remote patient monitoring and reimbursement, telehealth, artificial intelligence, medical data cyberattacks, application interface programming requirements in Federal Rules, information blocking, product counseling and health plan advising.
    • Advising a well-known anti-virus company on whether its encryption standards followed industry best practices.
    • Supporting a number of Incident Response Planning and activities, including drafting Incident Response Plans, and drafting and coordinating tabletop exercises.
    • Reviewing numerous Federal Proposed and Final Rules, drafting comment letters and presenting summaries to clients to demonstrate the impact on their businesses.
    • Conducting reviews of Government Contractor System Security Plans (SSPs) and Plan of Actions and Milestones/Mitigation (POAMs) prior to submission to the federal government to ensure compliance with DFARS and NIST SP 800-171 requirements.


    • The George Washington University Law School, J.D., 2018
    • University of Maryland, B.A., 2010


    • District of Columbia, 2018

    {{}} {{insights.source}} {{insights.type}}
    Award Mouse thought multimedia interface book medal screen monitor