Ryan R. Gallagher is an Associate in Mullen Coughlin’s Advisory Compliance practice, counseling organizations from across virtually all industry groups with pre-incident data privacy and information security solutions. He works closely with corporate in-house privacy professionals and information security teams to develop legally- and regulatory-compliant policies, procedures and programs that help mitigate the chance of a successful data privacy and security incident, and should one occur, assist in the response to said incident. This includes:
- Development of organizational-specific incident response plans (IRPs);
- Provision of tabletop exercises;
- Privacy impact assessments;
- Development of information security programs (ISPs);
- Third-party contract and creation of vendor management programs; and
- M&A due diligence, among others.
Ryan also counsels organizations with their data privacy-related obligations related to comprehensive state privacy laws such as the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA) and the Utah Consumer Privacy Act. He also has experience in providing counsel as it relates to federal privacy laws – including, among others, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA) – as well as international privacy regulations, primarily the European Union’s General Data Protection Regulation (GDPR).
Ryan also has experience in serving as a “Breach Coach” for organizations who have experienced a data privacy and security incident. He has counseled hundreds of organizations in their response and investigation into incidents, coordinating with third-party resources to minimize business interruption and ensure statutory, contractual and regulatory compliance.
Ryan re-joined Mullen Coughlin from a full-service law firm where he advised national and multi-national organizations in data privacy program compliance and media and technology matters.
He received his M.S. in Cybersecurity Risk and Strategy in 2019 from the NYU School of Law and Tandon School of Engineering. As part of the program curriculum, Ryan engaged in the extensive study of the business, regulatory and technical aspects of data privacy compliance and cyber risk management, knowledge he uses when advising organizations on pre-incident Advisory Compliance solutions.
SPEAKING ENGAGEMENTS & PRESENTATIONS
- “Department of Insurance Data Breach Notification Requirements,” Continuing Legal Education, Nashville, TN, 2021
- “Law and Business Tech: Cybersecurity, Blockchain and Electronic Transactions,” University of Tennessee College of Law Continuing Legal Education, Nashville, TN, 2018
- “Blockchain, Ethereum and Smart Contracts,” 2016-2019
- “White House Signs Executive Order to Improve Federal Cybersecurity Posture,” June 1, 2021
- “A Case Study on Improving ICS Cyber Security Legislation,” Journal of Law and Cyber Warfare, 2019