Overview

Chris Taylor is an Associate at McDonald Hopkins and part of the firm’s national Data Privacy and Cybersecurity team. He is accredited by the International Association of Privacy Professionals as a Certified Information Privacy Professional (CIPP) for the United States, the gold standard certification for information privacy professionals.

Chris's practice covers a wide variety of data privacy and cybersecurity matters for companies at all stages, including regulatory defense and compliance obligations, risk mitigation, and best practices within regulatory frameworks, including HIPAA, CCPA, and GDPR and emerging federal and state regulations around artificial intelligence. He advises clients on data protection and data asset management, helping organizations identify, manage, and maximize the value of their data. He also provides pre-breach services that include drafting and negotiating data protection agreements for both vendors and covered entities, developing internal privacy and security policies and procedures, and advising on website privacy policies and compliance.

His expertise also includes helping clients navigate incident response, including engaging forensic providers and cyber consultants, coordinating breach notifications, drafting internal and external communications, and monitoring threat actor activity on the dark web.  

Chris's experience in policy and politics before practicing law provides him with a unique perspective on navigating the ever-evolving data privacy and cybersecurity space. He previously served in the U.S. House of Representatives as the legislative director for a member of the U.S. House Energy and Commerce Committee, managing a team of legislative and communications staff to implement the Congressman’s legislative policies and priorities.

Chris earned his J.D. from the George Washington University Law School. He also earned a Master of Public Administration from St. Mary's University and his Bachelor of Arts from Vanguard University. After earning his undergraduate degree, Chris spent several years coaching NCAA Division I and Division II men’s and women’s tennis teams, where he oversaw all aspects of the programs, including recruitment, player management, team operations, budget management, and compliance. 

Representative Cases & Matters

 

  • Analyzed a U.S. professional sports league’s collective bargaining agreement to advise a league franchise on its cybersecurity and privacy obligations with respect to player data.
  • Guided a pharmaceutical manufacturing in registering with the U.S. Department of Commerce under the EU-U.S. Data Privacy Framework to facilitate cross-border personal data transfers from the European Economic Area.
  • Counseled a medical device start-up on structuring its data collection practices to comply with GDPR when conducting device demonstrations in EU physician offices.
  • Counseled an academic research center on its obligations to de-identify PHI pursuant to HIPAA and further guidance from California’s Department of Health Care Services.
  • Counseled a U.S. medical association on meeting its obligations regarding CMS’ cell-suppression requirements.
  • Counseled a large resort company on its registration obligations under various state telemarketing laws.
  • Created an AI governance policy framework and evaluation methodology to guide a surgical services provider in the development, acquisition, and implementation of AI tools in administrative and clinical settings.
  • Assisted a digital marketing agency in successfully responding to a Civil Investigative Demand from the Federal Trade Commission regarding the use of third-party tracking pixels.
  • Counseled a global EHR company on complying with the ONC’s information blocking rule and assisted in preparing for an anticipated OIG enforcement action.
  • Assisted a national pharmacy platform in mapping internal data flows and documenting the collection, use, and disclosure of data to inform compliance obligations.

Credentials

Education

George Washington University Law School (J.D.)

St. Mary’s University (M.P.A.)

Vanguard University (B.A.)

Admissions – State

  • District of Columbia
  • Illinois

Professional & Civic

Accreditation

Certified Information Privacy Professional – United States (CIPP/US)

News & Insights

External News & Publications

Cybersecurity in the Age of Industry 4.0 (Part 1, Part 2), September 2024

SEC Tightens Cybersecurity Requirements with Regulation S-P Amendments, June 2024

NIST Publishes Final "Cybersecurity Resource Guide" on Implementing the HIPAA Security Rule, February 2024

California Appellate Court Empowers Agency to Immediately Enforce CPRA Regulations, February 2024

Nevada Joins Washington and Connecticut to Protect Consumer Health Data Privacy, June 2023

No More Expectations: What to Do When the California Privacy Exemptions for Employee, Applicant, and B2B Data Expire, September 2022

Hacking Healthcare: Cyberattack Contingency Planning and Response, May 2022

Under Pressure: California Clarifies Cyber Risk Management Best Practices for Healthcare Sector, September 2021

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.