Christian Martin is an Associate in Mullen Coughlin’s Advisory Compliance practice group, counseling organizations across all industry groups with data privacy, information security and incident response preparedness solutions.

He routinely advises organizations on the development of comprehensive data privacy and information security compliance programs tailored to their industry sector and geographic scope of operations in compliance with numerous U.S. federal and state data privacy and security statutes and regulations, including the Health Insurance Portability and Accountability Act (HIPAA); the Gramm-Leach-Bliley Act (GLBA); the California Consumer Privacy Act (CCPA) and other comprehensive state consumer data privacy frameworks; the Defense Federal Acquisition Regulation Supplement’s (DFARS) Cybersecurity Maturity Model Certification (CMMC); and the European Union’s General Data Protection Regulation (GDPR), among others. Initiatives in developing these data privacy and information security programs include:

• preparing policies relating to the collection, handling and sharing of legally-protected information;
• developing website and mobile application privacy policies and terms-of-use;
• conducting vendor due diligence and negotiating contracts for vendor management programs;
• establishing processes, policies and technological infrastructure for verifying and responding to consumer requests to delete personal data;
• evaluating and modifying business processes relating to consent management and financial incentives; and
• analysis of cross-border data transfer issues, among others.

Christian also counsels organizations through information security preparedness tailored to his clients’ industry sector and geographic location, in compliance with applicable federal and state laws and industry best practices, including HIPAA; GLBA; New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) and Department of Financial Services (NYDFS) Cybersecurity Regulation; the Massachusetts Information Security Standard; and the National Association of Insurance Commissioners (NAIC) standards. These initiatives include:

• preparing and updating information security programs and Incident Response Plans (IRPs);
• directing data and network infrastructure mapping exercises and security assessments;
• conducting mock data privacy and security incident preparedness tabletop exercises; and
• assessing contracts and vendor management programs to ensure that risks, rights and obligations relating to data privacy and security are crafted to appropriately allocate risks and protect clients’ interests.

Additionally, Christian counsels organizations who may be experiencing any manner of a data privacy and security incident, including ransomware; business email compromises (BEC); Payment Card Industry (PCI) incidents; inadvertent disclosures; and device theft. In this role, he manages the full lifecycle of the incident response, including:

• identifying the nature and scope of the incident;
• managing, and communicating with, external third-party incident response vendors;
• reporting to law enforcement;
• analyzing contractual and statutory notification obligations;
• effectuating notification to consumers, regulatory authorities and business partners; and
• interfacing with regulatory authorities during informal and formal investigations into an incident.

SPEAKING ENGAGEMENTS & PRESENTATIONS

• “Colorado Privacy Act and Virginia Consumer Data Protection Act,” Continuing Legal Education, Devon, PA

PUBLICATIONS

• “Where is the Justice in Criminal Justice,” Chapter in International Handbook on Human Trafficking: An Interdisciplinary and Applied Approach, 2020