Boris Segalis

Boris Segalis is a partner in Goodwin’s Data, Privacy & Cybersecurity practice. For over a dozen years, he has counseled clients on a range of data, privacy, and cybersecurity issues in the context of business and product strategy, compliance with privacy and cybersecurity requirements, technology transactions, breach preparedness and response, disputes and regulatory investigations, and legislative and regulatory strategy.

Boris regularly advises clients on the development and implementation of data-driven products and services (including those involving machine learning and biometric data processing), compliance with global privacy and cybersecurity requirements, cross-border data transfers, and third-party cyber risk management. He also advises clients on handling cyber incidents affecting companies and users globally, and defends companies in US state, federal and foreign privacy and cybersecurity investigations. His work on data and cyber issues in tech transactions has encompassed M&A, private equity, buyouts, public offerings, and bankruptcy.

Boris has been consistently recognized by Chambers USA, Chambers Global and Legal 500.

Boris advises clients across industries including financial services, fintech, insurtech, technology, big data and data brokerage, life sciences, cybersecurity, consumer product and services, e-commercial, media and entertainment, gaming, hospitality, transportation, prop tech, government, and others.

His recent representative experience includes advising:

Strategic Counseling

• Advise multiple companies on the development and implementation of digital contact tracing and facility access solutions designed to mitigate the effects of COVID-19
• Advise an enterprise solutions provider on the implementation of biometric identification for call recording and use of data for machine learning
• Advise a business intelligence company on the collection of business contact information in the US and Europe
• Advise a global cybersecurity software company on compliance with CCPA in connection with threat intelligence data collection
• Advise clinical stage life sciences companies on collection and cross-border transfer of clinical trial data, and engagement with vendors, CRO and other partners
• Advise a connected medical device company on engagement with clinical trial partners
• Advise a fintech company on the implementation of a comprehensive information security program, compliance with the FCRA Red Flags Rule, compliance with NY DFS cybersecurity regulations and implementation of a third party risk management process
• Advise a transportation authority on the implementation of the development and implementation of a vendor management program
• Advise a proptech company on the establishment of a consumer reporting agency, subject to FCRA
• Advise multiple fintech and insurech companies on compliance with the CCPA and the delineation of CCPA and GLBA data.
• Advise a global media company on the implementation of online marketing programs and attribution tracking.
• Advise a financial services and payment company on the establishment of data collection and sharing relationships with merchants and issuers
• Advise a restaurant mobile ordering platform on compliance with CCPA and GLBA in connection with engagement with restaurants globally
• Advise a focus group provider on privacy practice in connection with biometric data collection for product evaluation
• Advise a data analytics company on the development of a variety of data analytics products and services leveraging clinical trial data
• Advise a digital health company on the collection and processing of user and coach data
• Advise a European financial services company on compliance with GDPR in connection with a service providing background checks for fund managers globally
• Advise a digital identity company on the development and implementation of digital identity products and partnerships
• Advise a global travel agency on compliance with the GDPR, including to facilitate engagement with customers
• Advise a global media company on compliance with GDPR and CCPA

Incidents and Investigations

• Advise large retailers on the handling of consequences of the Shopify data incident, including notification of regulators and over 10 million consumer globally, and follow-up regulatory inquiries
• Advise a business process software companies on a data incident that affected over 600K users globally
• Advise a global travel company on payment card incident that affected over 1 million consumers globally
• Represent an AI photo editing app in an FTC privacy inquiry, and resolve the inquiry with the investigation closed
• Represent a local threat information provider in an FTC privacy inquiry, and resolve the inquiry with the investigation closed
• Represent a transportation authority in connection with a vendor cyber incident involving emergency communications
• Serve as the court-appointed consumer privacy ombudsman in the CraftWorks bankruptcy proceedings
• Advise a IoT crib manufacturer in connection with attempts to publicize false allegations of the device’s cyber vulnerabilities
• Advise a life sciences company on several cyber incidents affecting clinical trial data
• Advise a leading fintech company on a cyber fraud investigation

Transactions

• Advise BroadCom on the acquisition of Symantec
• Advise a privacy equity firm on the acquisition of a biometric interviewing platform
• Advise a fintech company on the development of white label / API lead generation platform for financial institutions
• 4C Insights on its agreement to sell to software advertising provider Mediaocean, a portfolio company of Vista Equity Partners*
• SevenRooms, a data-driven guest experience platform for the hospitality industry, on its $50 million Series B funding round*
• Aircall on its $65 million Series C financing*
• PeopleDoc, a cloud-based HR company, on its agreement to sell to Ultimate Software, a provider of human capital management software solutions, for approximately $300 million*
• Arlo Technologies, the leading internet-connected camera brand, on its agreement to enter into a strategic partnership with Verisure Sàrl*

*Denotes experience prior to joining Goodwin.

Prior to joining to Goodwin, Boris was most recently the Vice Chair of the Cyber/Data/Privacy practice at Cooley LLP in New York.

Boris is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP), has previously served as co-chair of NYC IAPP KnowledgeNet and served on the IAPP’s Research Board. Boris also serves as one of the leaders of the UJA privacy and cybersecurity group.

For seven consecutive years, Boris has been individually recognized by Chambers USA in the Privacy & Data Security category, and is recognized by Chambers Global for Privacy & Data Security — USA. He has also been recognized by Legal 500 as a leading lawyer in cyber law (including data privacy and data protection). Crain’s New York Business has previously included him in its 40 Under 40 list, and New York Metro has recognized Boris as both a Super Lawyer and a Rising Star.

Boris regularly contributes to thought leadership. His recent publications include:

• Quoted, “European Court Ruling Opens Door for Privacy Action Ramp-Up,” Bloomberg Law, June 16, 2021
• Co-Author, “Collaborative Contracting Can Help Combat Bias In AI,” Law360, June 1, 2021
• Quoted, “State Privacy Laws Pose Compliance Headaches For Banks,” American Banker, March 8, 2021
• Quoted, “Cybersecurity Resolutions for 2021,” Cybersecurity Law Report, January 13, 2021
• Quoted, “Thermal Imaging Adoption Poised to Take Off as COVID-19 Persists,” Hewlett Packard Enterprise, July 16, 2020
• Co-Author, “Road Map For A Cautious Approach To Contact Tracing,” Law360, April 30, 2020
• Co-Author, “Risk of Foreign Access to U.S. Data Spur Government To Act, But Economic Concerns Loom,” New York Law Journal, February 28, 2020

Boris also regularly speaks on Fox News Live as an authority on privacy and data security issues. His other recent speaking engagements include:

• Speaker, “Privacy Matters: Data Protection Strategies for B2B Marketers,” Enterprise Growth Alliance Webinar, September 19, 2023
• Speaker, “Fireside Chat with Yaron Ben David,” UJA Tech & Venture Capital, September 19, 2023
• Panelist, "What Businesses Need to Know – and Do – About the New EU-U.S. Data Privacy Framework for Cross-Border Data Transfers," Webinar, July 2023
• Panelist, “Overcoming Common GRC Challenges: Best Practices and Solutions,” Global GRC Data, Privacy & Cyber Security ConfEx, May 2023
• Speaker, “GenAI in Finance - Risks, Opportunities, Use Cases,” Founders Circle Capital, June 2023
• Panelist, “Privacy & Cybersecurity in the Boardroom,” TechGC FullStack Conference, May 2023
• Speaker, “Dealing with Dobbs: Considerations for Employers,” Webinar, September 14, 2022
• Guest, Caveat, The Cyberwire Podcast, July 21, 2022
• Speaker, “Playing on a Global Stage: Understanding Cyber Trends and Making the Big Deals,” Cyber Week Tel Aviv, June 29, 2022
• Speaker, “How Law Firms and Clients Handle Operational Privacy and Cybersecurity Requirements in Legal Engagements,” IAPP Global Privacy Summit, April 2022
• Speaker, “Navigating Consent Obligations and Advertising IDs in the US and Europe,” TechGC, February 2022
• Speaker, The Israel Economic Mission to North America, “Cybersecurity for Critical Infrastructure Roundtable Discussion,” October 21, 2021
• Speaker, AIPLA, “Recent Developments in Israeli Privacy Law” Webinar, October 19, 2021
• Speaker, UJA, “Regulatory Changes and the FTC” Webinar, October 7, 2021
• Speaker, SIFMA, “Privacy & Data Webinar Series: Privacy, Cookies & Adtech for Financial Services,” Webinar, September 23, 2021
• Speaker, Goodwin “NYDFS Cybersecurity Regulation: Focus on Proactive Cybersecurity and Incident Reporting,” Webinar, September 22, 2021
• Speaker, Future Privacy Forum, “The Future of Ad Tech,” Webinar, June 30, 2021
• Speaker, Goodwin “Europe Chooses Pragmatism With New Standard Contractual Clauses”, Webinar, June 17, 2021
• Speaker, UJA Cybersecurity & Data Privacy Group “The Future of Privacy,” Webinar, May 6, 2021
• Speaker, Goodwin Webinar “Data Transfer Impact Assessments: Getting to a YES!” May 4, 2021
• Speaker, TechGC, “A Privacy-Focused Approach to Contact Tracing,” Webinar, June 9, 2020
• Speaker, UJA Cybersecurity & Data Privacy Group, “Contact Tracing and Data Privacy: A Response to COVID-19?,” Webinar, June 2, 2020
• Speaker, “Reopening the Workplace: Social Distancing, Testing, Contact Tracing, Liability & More,” Webinar, May 21, 2020
• Speaker, UJA Cybersecurity & Data Privacy Group, “A Conversation on Emerging US Restrictions on Cross-Border Data Sharing,” Webinar, March 19, 2020
• Speaker, “New Year, New Rules: Navigating CCPA in 2020,” Webinar, January 2, 2020