Joseph Santiesteban

Joseph Santiesteban is a trusted cyber law advisor. He regularly advises clients regarding incident response, as well as litigation and government enforcement that commonly arise from privacy and cybersecurity incidents. He uses this experience to offer clients practical advice regarding their data innovation and incident preparedness strategies. He also provides strategic advice to cybersecurity companies, including those looking to push technological boundaries in cyber defense, incident response, and threat intelligence. Joseph regularly advises companies regarding privacy and cybersecurity incident response, including directing incident investigations, analyzing potential claims and defenses, examining potential notification obligations, and advising regarding communications strategies. He also advises clients regarding regulatory investigations, class actions, and contract disputes that frequently flow from privacy and cybersecurity incidents. Joseph uses his experience to help clients leverage the value of data and digital technologies in ways that not only meet compliance obligations, but also support innovation, deliver value to the business, meet security needs, and solidify brand and consumer trust. This includes guiding clients through the complexity of federal privacy and cybersecurity laws and regulations, including the Electronic Communications Privacy Act (ECPA), the Federal Trade Commission Act (FTC Act), the Gramm-Leach-Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA), state privacy and cybersecurity laws, including the California’s Consumer Privacy Act (CCPA), international laws such as the European Union General Data Protection Regulation (GDPR), and self-regulatory frameworks, including those covering online advertising and payment card processing. It also includes assisting clients to practically evaluate legal risk of security decisions in a variety of transactions and across the product lifecycle. He also provides strategic advice to cybersecurity companies, including those looking to push technological and defense boundaries in cyber defense, incident response, and threat intelligence. This includes helping companies maximize their security offerings by navigating the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and the Federal Wiretap Act, as well as state law analogs.