Matthew Berger, CIPP/US
Matthew Berger is an Associate in the Health Care and Life Sciences practice, in the Washington, DC, office of Epstein Becker Green. A Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals, Mr. Berger has extensive experience in international data transfer standards and protocols, supply chain data vulnerabilities, and data breach management due to his work as a privacy professional supporting the U.S. Department of Energy’s Privacy Program and other federal agencies’ privacy programs and as a data privacy and security attorney.
Mr. Berger’s experience includes:• Counseling health care companies, private equity firms, hedge funds, and other private-sector and public-sector entities on matters involving cybersecurity, data privacy, data center consolidation, privacy compliance, high-capacity computing, and breach responses/wargames• Working with corporate or department leadership to build cross-vertical collaboration in cybersecurity matters• Providing advice to government contractors and to businesses with international clientele or Internet-based advertising or services on issues pertaining to U.S. federal privacy and transnational border data transfer protocols, the Health Insurance Portability and Privacy Act (HIPAA), and the new Office for Civil Rights’ “Audit Protocol”• Advising clients on compliance with HIPAA Privacy and Security Rules, and other relevant privacy laws, rules, and regulations regarding protected health information, during mergers, acquisitions, and divestitures• Drafting and reviewing vendor and data processor agreements for compliance with international data transfer standards, including General Data Protection Regulation (GDPR) model clauses, binding corporate rules (BCRs), and APEC Cross-Border Privacy Rules (CBPRs)• Counseling clients on emerging European Union data privacy issues, including “the right to be forgotten” and GDPR
Before joining Epstein Becker Green, Mr. Berger worked at several technology companies, where he was assigned to serve as the Team Lead and Highest-Level Privacy Advisor to the U.S. Department of Energy’s Chief Privacy Officer, as the Lead Data Privacy Incident Associate to the Federal Deposit Insurance Corporation’s Chief Information Officer Office, and as a Privacy Advisor to the National Nuclear Security Administration. Earlier in his career, he was a data privacy and security attorney at a national law firm.