“I help clients navigate the ever-evolving data privacy and cybersecurity landscape with practical, informed advice that is right for their business.
Joshua R. Fattal is an associate in Morrison Foerster’s Privacy + Data Security Group. He advises clients across industries on data protection best practices, product development, complex national and international regulatory compliance, transaction diligence, incident preparedness and response, and emerging topics, such as the use of artificial intelligence (AI).
Joshua regularly counsels clients in a variety of industries on complex data privacy issues related to local, state, and federal legal frameworks, including the California Consumer Privacy Act (CCPA) and other U.S. state privacy laws; the Biometric Information Privacy Act (BIPA) and other U.S. state and local biometric laws; the Gramm-Leach-Bliley Act (GLBA); the Fair Credit Reporting Act (FCRA); the Telephone Consumer Protection Act (TCPA); the Children’s Online Privacy Protection Act (COPPA); and the Family Educational Rights and Privacy Act (FERPA). Joshua also advises clients on cybersecurity laws, regulatory requirements, and best practices, including the SEC’s cybersecurity disclosure rules for public companies, registered investment advisors, and broker-dealers; the New York State Department of Financial Services’ (NYDFS) Cybersecurity Regulation; and the NIST Cybersecurity Framework. Joshua also advises global clients on foreign privacy and security frameworks, including the General Data Protection Regulation (GDPR), the EU-U.S. Data Privacy Framework, and the EU’s e-Privacy Directive.
Joshua works with clients ranging from emerging to public companies across a variety of industries, including technology, life sciences, EdTech, Fintech, crypto, consumer services, and AdTech. Joshua assists clients in developing information security policies and procedures, standing up cybersecurity governance processes, negotiating data transfer and processing agreements, designing third-party vendor risk management programs, and product development and design. Joshua also advises clients on incident response strategy, assisting companies in investigating data breaches and preparing notifications to customers, affected individuals, and regulators. As part of his practice, Joshua performs privacy and cybersecurity due diligence and negotiates transaction documents in connection with public and private corporate deals.