ALLISON J. BENDER
Privacy and Data Protection
Allison J. Bender is Of Counsel in the Washington, D.C., office of Wilson Sonsini Goodrich & Rosati, where her practice focuses on privacy and cybersecurity.
Allison helps clients strategically manage privacy and cybersecurity risk—before, during, and after a data breach. In private practice, she has assisted clients in swiftly responding to more than 150 data security incidents, including several high-profile, multi-jurisdiction incidents affecting millions of individuals and others involving valuable intellectual property and highly regulated data. She routinely leads privileged investigations across jurisdictions and guides crisis communications to help clients mitigate the legal, financial, and reputational harms that a data breach may cause.
Allison's data breach experience informs her approach to privacy and cybersecurity preparedness counseling. She helps companies develop and implement practical information governance programs that "fit" the organization, taking into account the nature of their data, systems, industry, and stage, as well as the laws of the jurisdictions in which they do business. She guides efforts to maximize the impact of privacy and security policies, procedures, and assessments. She has developed and facilitated executive-level incident response exercises, conducted enterprise-wide risk assessments, aided companies in preparing for certifications and audits, overseen legal issues in targeted penetration testing, and provided counsel on responses to reported vulnerabilities. Clients turn to her for advice on legal issues in high-risk vendor contracts and developing new products and services that raise privacy-by-design and security-by-design issues, among others. Her practical approach and insights at the convergence of privacy and cybersecurity law have made her a go-to resource for clients developing and updating their compliance programs to address new legal requirements, such as the California Consumer Privacy Act ("CCPA").
Allison is a noted public speaker in the field, including recently speaking at BlackHat USA 2018 and the International Association of Privacy Professionals 2018 Global Summit. She was also named one of the "Women in Cybersecurity to Follow on Twitter in 2018" by Cybercrime Magazine. She also serves an adjunct professor at Georgetown University Law Center, teaching courses on cybersecurity law and national security regulation.
Prior to joining the firm, Allison served as counsel in the Washington, D.C., office of ZwillGen PLLC, a technology and Internet law boutique firm, and previously as a senior associate in the Washington, D.C., office of Hogan Lovells US LLP, a large international law firm.
Before entering private practice, Allison spent nearly a decade at the U.S. Department of Homeland Security (DHS), most recently serving as a senior cybersecurity attorney in the Office of the General Counsel. From DHS, Allison brings key experience in incident response as well as cybersecurity policy, information sharing, liability, and incentives. She was the primary operational legal counsel for the federal response to the Heartbleed vulnerability, the USIS-KeyPoint data breach, and the Healthcare.gov data breach. She served as chair of the Automated Indicator Sharing Privacy and Compliance Working Group, provided primary legal advice for the implementation of Executive Order 13691 regarding information sharing and analysis organizations (ISAOs) and private sector clearances, advised the DHS Cyber Information Sharing and Collaboration Program (CISCP); and advised the Interagency Task Force implementing Executive Order 13636, "Improving Critical Infrastructure Cybersecurity" and Presidential Policy Directive 21, "Critical Infrastructure Security and Resilience," focusing on the "NIST Cybersecurity Framework," information sharing, liability, and incentives. Allison was also principally involved in DHS policy efforts related to cybersecurity export controls, particularly Wassenaar implementation.
Before focusing on privacy and cybersecurity, Allison spent six years at DHS negotiating complex international and domestic multimillion-dollar research and development agreements in a variety of emerging science and technology areas. She served as chief negotiator for the United States government on nine legally binding international agreements. She was responsible for the oversight of over $1 billion in DHS activities, leading compliance programs for export controls and treaty and regulatory compliance. Allison also spent four years as primary counsel for the SAFETY Act, providing legal advice on legislation that protects companies with antiterrorism technologies, laying the groundwork for many of the policies and procedures for its current operation, and reviewing more than 500 applications.EDUCATION:
- LL.M., National Security Law, Georgetown University Law Center, 2012
- J.D., Washington and Lee University School of Law, 2006
- B.A., Foreign Affairs, University of Virginia, 2003
- Certified Information Systems Security Professional, ISC2
- U.S. Certified Information Privacy Professional, International Association of Privacy Professionals (IAPP)
- Recipient, OGC Award, for response to cybersecurity incidents involving background investigator contractors, DHS Office of the General Counsel, January 2015
- Recipient, National Cybersecurity and Communications Integration Center Achievement Medal, for various incident response activities, August 2014
- Recipient, CS&C Award, for legal support in the accreditation, certification, privacy evaluation, and deployment of the first DHX TAXII server, June 2014
- Recipient, Special Act Award, for negotiating on behalf of the U.S. government for two agreements with Mexico and Israel for science and technology for homeland security and implementation of various requirements for the implementing the recommendations of the 9/11 Commission Act of 2007, July 2008
- Recipient, On-the-Spot Award, for the complex negotiation of four project arrangements with Australia concerning chemical and biological defense research and a general information sharing arrangement, January 2008
- Recipient, Special Act Award, for negotiating an administratively complex, multimillion-dollar agreement in a mere 51 business days to enable U.S. and Canadian joint efforts to upgrade Transport Canada's airport security protocols, May 2007
- Bar of the District of Columbia
- State Bar of California