As an experienced breach coach, Ms. McCormick leads data security incident response investigations of any size and industry sector. This includes managing a network of vendors such as forensics, remediation, and public relations. It also includes counseling clients on legal and regulatory obligations resulting from the incident and guiding them through the notification process, potential regulatory investigation and claims or litigation. Ms. McCormick has managed data security incidents of varying sizes, complexities and types ranging from email compromises, social engineering attacks, wire fraud, ransom- and other malware attacks to sophisticated hacking attacks perpetrated by malicious actors. Affected clients have included industry sectors from financial, health, retail, education, service/professional service, municipal/governmental to social media. Her experience includes multi-state and large-scale international incidents including notifications of affected individuals and regulators such as Attorney General offices, other U.S. state and federal regulators and international Data Protection Authorities. If necessary or desired, Ms. McCormick stands ready to litigate commerc...

See More
  • Representative Transactions
    • Co-Founder and Chair of Data Privacy/Cyber Security practices at Boutique California and west-coast firms.
    • Handled over 200 data/cyber incidents for businesses of all sizes ranging from ransomware attacks, insider threats, loss of data, email compromises, malware attacks, hacking intrusions, managed internal and external teams including internal and forensics investigations, communication strategy, legal analysis, response strategy, notification of affected individuals regulators -state, federal or international- handled subsequent regulatory investigations (national/international) and negotiations of consent decrees, fines and settlements.
    • Defended whistleblower, retaliation and wrongful termination lawsuits by former C-suite and director level employees against employers and achieved resolutions by confidential settlements
    • Defended software company in commercial dispute over software functionality and implementation by negotiating confidential settlement.
    • Defended businesses in large scale commercial litigation stemming from data loss/data incidents or software/hardware malfunctions and reached confidential resolutions.
  • Presentations & Teaching
    • Data Privacy and Cyber Security for Lawyers, Multnomah bar Association, October 7, 2020
    • The End of Lawlessness: Your Data, Your Decision, DRI’s Women in the Law Seminar, January 22-24, 2020
    • Cyber Threats Panel Discussion at Traveler’s Cyber Symposium, Portland, October 2019
    • Cyber Threats Panel Discussion, Columbia Bank, Eugene, September 2019
    • Co-Leader at Portland IAPP KnowledgeNet Roundtable Discussion on GDPR & CCPA, July 2019
    • HIPAA Compliant Office Management, American Association of Orthodontists 2019 Annual Session, May 2019
    • Taking Cyber Security to the Next Level, OCAA, Spring Symposium, Co-Presenter with Duc Nguyen of RGL Forensics, Wilsonville, April 2018
    • Updates in Cyber Insurance, Panel Speaker at Perrin Conference, Philadelphia, April 2018
    • Legal Ethics in the Digital Age, DRI Appellate Advocacy Seminar, Las Vegas, March 2018
    • Chair of Defense Research Institute’s 2017 Cyber Security and Data Privacy Seminar, Chicago, September 2017
    • 10 Steps To Improve HIPAA Compliance at the Office, Presenter at the 2017 Annual Session of the American Association of Orthodontists (AAO), San Diego, April 2017
    • Ethics: Data Security Steps to protect Information, Speaker at DRI’s Data Privacy and Cyber Security Seminar, Atlanta, September 2016
    • Privacy, Security and Data Breaches for Law Students, Guest-Lecturer at University of San Francisco, September 2016
    • Offers to Compromise under Cal. Code Civ. Proc., section 998, Presenter at San Francisco Trial Lawyer Association, July 2016
    • Data & Cyber Security for Lawyers, Co-presenter with Winston Krone and Sylvia Johnson, Bar Association of San Francisco, CA, June 2016
    • HIPAA Audits, Webinar presentation with Anjali Kulkarni, ePlace Solutions, May 2016
    • Navigating the New, Scalable Worker Model, Moderator for panel discussion co-sponsored by DLA Piper and GABA, San Francisco, March 2016
    • Data Privacy & Cyber Security for Lawyers 101, DRI CLE-Webcast Presenter with Chris Travis and Adam Cohen, Chicago, IL, January 2016
    • Managing Cyber Risks in Healthcare, Presenter at Prosystems AG’s Medical Device Regulator’s Forum, Cupertino, CA, October 2015
    • Privacy, Security and Data Breaches for Law Students, Guest Lecturer, University of San Francisco School of Law School, September 2015
    • Privacy 101 for Businesses – Basic Steps to Protect Your Valuable Data, sponsored by the California Employment Advisory Council, San Francisco, CA, September 2015
    • Much Ado About Privacy and Security, Co-presented with Jon D. Feldhammer, sponsored by Golden Gate University and the Bay Area Young Tax Lawyers, San Francisco, CA, July 2015
    • Roundtable for Non-Profit Organizations, Co-presented with Angela Rho, Murphy, Pearson, Bradley & Feeney, San Francisco, CA, July 2015
    • Privacy and Cyber Security for Solo and Small Firm Lawyers, CLE-Webinar Presenter sponsored by Lawyers Mutual Insurance Company, Burbank, CA, July 2015
    • Discovery, Privacy & Data Breach, Co-presented with Adrian Driscoll, Murphy, Pearson, Bradley & Feeney, San Francisco, CA, July 2015
    • Managed Cyber Risks In Healthcare: How To Prepare For And Respond To A Data Breach, Guy Carpenter Medical Liability Network, San Diego, CA, April 2015 2015
    • The Year Of The Law Firm Hack: Why Preserving Privacy And Data Security Is Critical For Law Firms, co-presented with Winston Krone of Kivu Consulting and Lara Forde of ePlace Solutions, Inc., March 2015
    • Interview on Steps Law Firms Should Take Steps To Protect Private Client Data by Mari Frank of Privacy Piracy Radio Show, A Public Affairs Radio Program from The University Of California, Irvine, CA, February 2015
    • Responsibilities of Directors And Boards Regarding Privacy, Security and Data Incidents, AAOIC, St. Louis, MO, September 2014
    • Privacy and HIPAA Compliance for Orthodontist, Presenter at Defense Counsel Seminar of St. Louis, MO, August 2014
    • What Every Business Needs To Know About Privacy And Data Breach, Co-presented with James F. Monagle at Medtechfrontiers, Fremont, CA, January 2014
    • Liability Concerns Arising From The Integration Of Medical Devices Into IT Networks, co-presented with Oliver Christ of Prosystems USA LLC, May 2013
    • Best Practices in Representing the Elderly, Presenter at the Marin County Estate Planning Council, San Raphael, CA, May 2013
    • New Challenges for Medical Device Manufacturers and Hospitals, Presenter with Oliver Christ of Prosystems AG at the German-American Business Association, San Francisco, CA, October 2012
  • Honors/Academic Distinctions
    • Hugo Grotius Award for Excellence in International Law
    • Dean’s List
    • Member of Golden Gate University Law Review
    • Jessup International Moot Court Team
    • Honors Program
    • President of Golden Gate University’s International Law Society, a local chapter of ILSA
  • Publications

    Select Publications

    • Inclusion Provides Opportunities to Build the Strongest, Most Resilient & Creative Workforce for Future Success, LBBS Grindstone Blog, October 8, 2020
    • A Human Resources Challenge – The Insider Threat to Data Assets, LBBS Grindstone Blog, June 2019
    • CCPA Requirements in Flux (Co-Author) (Three Parts/White Paper), LBBS Digital Insights Blog, June 2019
    • Legislative Alert: Maryland Amends its Breach Notification Law To Improve Incident Response (Co-Author), LBBS Digital Insights Blog, May 2019
    • Social Media and the Workplace – Why and How Employers Should Limit the use of Social Media in the Workplace (Co-Author), LBBS Digital Insights Blog, November 2018
    • Law firms must take steps to protect private client data, Daily Journal, Nov. 27, 2014
    • Anti-SLAPP in the Employment Investigation Context, Daily Journal, Oct. 22, 2013
    • ASEM – A Promising Attempt to Overcome Protective Regionalism and Facilitate the Globalization of Trade, Annual Survey of International and Comparative Law, Volume X, 233 (2004



Palo AltoSeattle

Simone McCormick


[email protected]








Golden Gate University School of Law

Kiel University, teaching degree, Masters Degree Linguistics

Certified Information Privacy Professional for the United States (CIPP/US) by the International Association of Privacy Professionals (IAPP)

Prior Law Firm Experience

Lewis Brisbois Bisgaard & Smith

Practice Areas