Heather Egan Sussman, CIPP/US


Ropes & Gray

Co-Head, Privacy and Cybersecurity Practice Group

 Heather Egan Sussman is a privacy & data security partner based in Ropes & Gray’s Boston office. Her practice focuses on privacy, information security and consumer protection and she is ranked by Chambers USA and The Legal 500 United States as a leader in her field.

Heather routinely guides clients through the existing patchwork of U.S. federal and state laws, including FCRA, ECPA, TCPA, HIPAA, CAN-SPAM, GLBA and California’s Online Privacy Protection Act, state breach notification laws, state information security laws, as well as existing self-regulatory frameworks, including those covering online advertising and payment card processing. She manages teams of talented local counsel around the world to deliver seamless advice for clients that operate across many jurisdictional lines.

Heather also helps clients manage information and leverage the incredible value of data and digital technologies in ways that not only meet compliance obligations, but also support innovation, deliver value to the business, and solidify brand and consumer trust. 

She drafts and negotiates contracts concerning data-related vendors and arrangements, guides clients through privacy and security assessments, and vets privacy and security risks in corporate transactions. She regularly counsels businesses on how to mitigate the risk associated with the collection, use, retention, disclosure, transfer and disposal of personal information. In the event of a privacy or security breach, she helps clients respond and remediate. Heather also helps clients protect themselves from – and respond to – incidents of doxing (doxxing).

Heather has successfully litigated, mediated and arbitrated both small and large-scale disputes at state and federal agencies and in courts nationwide. Companies routinely rely on her to manage their response to catastrophes, investigations and government probes involving conduct by employees, contractors and third parties. She represents clients during investigations by regulatory authorities in connection with data security breaches and complaints regarding privacy and security practices. She defends companies facing individual and class action claims involving privacy, information security and consumer protection.




Contributions by Heather Egan Sussman

  • Managing EU Employee Data for U.S. Companies in the GDPR Era
    Speaker at Privacy. Security. Risk. 2018
  • Latest Developments in Digital Advertising
    Moderator at Global Privacy Summit 2017
  • Firestarter Session: The Shifting Consent Paradigm
    Speaker at Practical Privacy Series 2016
  • How to Win Friends and Influence Budget: Making the Case for Change
    Moderator at Global Privacy Summit 2016
  • Everything You Need (and Want) to Know about Digital Advertising of Today
    Speaker at Global Privacy Summit 2016
  • Speaker at IAPP Academy 2012
  • Speaker at IAPP Global Privacy Summit 2012
  • 2011 Practical Privacy Series Boston
  • Speaker at Global Privacy Summit 2014