Heather Egan Sussman, CIPP/US

McDermott Will & Emery, LLP

Heather Egan Sussman is a partner in the law firm of McDermott Will & Emery LLP and Co-Chair of the Firm’s Global Privacy and Data Protection Group. She is ranked by Chambers USA and The Legal 500 United States as a leader in her field.

Privacy, Information Security and Consumer Protection

Heather’s practice focuses on privacy, information security and consumer protection.  She routinely advises on laws in these areas, including GLBA, HIPAA, COPPA, FCRA, and CAN-SPAM, as well as the Federal Privacy Act of 1974.  She guides clients through the existing patchwork of U.S. state laws, including California’s Online Privacy Protection Act, state breach notification laws, state information security laws, as well as existing self-regulatory frameworks, including those covering online advertising and payment card processing. She manages teams of talented local counsel around the world to deliver seamless advice for clients that operate across many jurisdictional lines. 

Heather also helps clients manage information and leverage the incredible value of data and digital technologies in way that not only meets compliance obligations, but also drives innovation, delivers value to the business, and solidifies brand and consumer trust. 

She drafts and negotiates contracts concerning data-related vendors and arrangements, guides clients through privacy and security assessments, and vets privacy and security risks in corporate transactions.  She regularly counsels businesses on how to mitigate the risk associated with the collection, use, retention, disclosure, transfer and disposal of personal information.  In the event of a privacy or security breach, she helps clients respond and remediate.  

Having begun her career as an employment lawyer, Heather draws on this foundation when conducting internal investigations stemming from data incidents, and when drafting comprehensive privacy and security programs for businesses operating across multiple jurisdictions and industry lines.  Clients praise her ability to address cultural and geographical nuances within the workforce in a way helps to drive positive change, particularly on issues impacting privacy and security.  

Litigation and Government Investigations

Heather has successfully litigated, mediated and arbitrated both small and large-scale disputes at state and federal agencies and in courts nationwide. Companies routinely rely on her to manage their response to catastrophes, investigations and government probes involving conduct by employees, contractors and third parties. She represents clients during investigations by regulatory authorities in connection with data security breaches and complaints regarding privacy and security practices.  She defends companies facing individual and class action claims involving privacy, information security and consumer protection.