Alexandra Belton, a Partner at Mullen Coughlin, focuses her practice exclusively on data privacy and security incident response and pre-incident Advisory Compliance. With experience handling over 1,000 different types of incidents, she works hand-in-hand with organizations who have become the victim of a data privacy and security incident, guiding them through the full incident response lifecycle and any related formal regulatory investigation or inquiries thereafter. When a data privacy and security incident occurs, she coordinates with various incident response stakeholders to first determine the nature and scope of the incident and then works to identify any potential affected populations and any specific legal, regulatory or contractual obligations stemming from the incident. She then works closely with the affected organization to ensure their compliance with any identified obligations.
Alex works with organizations across all industry group sectors, providing guidance and expertise in data privacy and security incident response and pre-incident Advisory Compliance services. She has primarily represented organizations from the healthcare and life sciences and financial services industries.
Should an incident lead to regulatory follow-up inquiries, Alex has experience in responding to these types of investigation. She has navigated and responded to post-incident regulatory follow-up from a range of regulatory bodies, including state Attorneys Generals; the U.S. Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR); and state departments of insurance. Her experience also includes managing large incident investigations, including on behalf of managed service providers (MSP) and other third-party vendor common events that affect large numbers of organizations and individuals. Alex’s experience further includes the frequent representation of both state and local public entities, as well as government contractors and subcontractors.
Alex often presents with, and to, industry stakeholders, including cyber insurance industry professionals and public/private sector IT and risk management leadership teams.
SPEAKING ENGAGEMENTS & PRESENTATIONS
- “Cyber Resiliency – Navigating a Cyber Breach,” Iowa MGMA 2022 Spring Conference, Des Moines, IA, May 5, 2022
- “HIPAA 101,” Kairos 2021 Education Conference & Exhibit, Manheim, PA, September 23, 2021
- “Cyber Security Law & Insurance,” Burns & McDonnell In-House Counsel EPC-CLE, Virtual, May 2020
- “Contract Review,” Continuing Legal Education, Wayne, PA. October 31, 2018
- “Cyber Incident Response/The Ransomware Scenario,” Marsh/ FINPRO Power & Utility Cyber Conference, New York, NY, October 22, 2018
- “Cyber Liability: The Claim Perspective,” National Conference of Insurance Guaranty Funds (NCIGF) Fall Workshop, Fort Lauderdale, FL, October 3-4, 2018
- “GDPR,” The Conference Board HR M&A Council Meeting, Armonk, NY, May 15, 2018
- “Canada’s Digital Privacy Act,” Continuing Legal Education, Wayne, PA, December 13, 2017