Michael Young focuses his practice on data privacy advising. As Chair of the Cybersecurity & Privacy Practice, his primary areas of concentration include managing complex technologies and sensitive, confidential, or personal data. Michael works with legal and business teams to create legal architecture related to the development of new products or services, such as processes, notices, contracts, compliance guidelines, and diligence. He also advises on data management in highly regulated contexts, technology contracting and procurement, and drafting internal and external privacy policies and notices under Gramm Leach Bliley, the Fair Credit Reporting Act, the California Consumer Privacy Act, and other laws and regulations.
Prior to joining MMM, Michael worked at an AmLaw 100 firm where he assisted global organizations in navigating crucial issues such as international data transfers, information security regulations, cloud services deployments, and complex privacy and information security compliance in relation to financial, consumer privacy, children’s privacy, and other laws.
- Developed data sharing compliance framework to support multi-branded digital platform initiative for large international bank.
- Provided privacy due diligence support for mobile tech support application for device warranties and insurance.
- Supported compliance project planning for numerous in response to the California Consumer Privacy Act.
- Assisted a U.S. national provider of insurance and investment services in support of a major IT project to consolidate customer service functions across the organization, including identification of applicable data use restrictions, revisions to Gramm-Leach-Bliley and online privacy notices, and related data management advice.
- Support negotiation of privacy and data management provisions in complex service contracts worth billions of dollars.
*Conducted while at another firm.
International Association of Privacy Professionals
CIPP/US and CIPP/EU