Mr. Chwastyk is the Chair of the Privacy & Data Security group of McNees Wallace & Nurick LLC and practices in its Harrisburg, Pa. office. He began working on cybersecurity issues in 2005, when he represented banks to recover credit card replacement costs from national retailers who failed to safeguard such information in some of the first successful data breach lawsuits in U.S federal courts. Today, Mr. Chwastyk counsels clients on policies and procedures to limit the risk of data exposure events and advises clients on compliance with federal, state, and international privacy laws, including the California Consumer Protection Act and the EU GDPR. He also helps businesses respond to data breaches, including in rectifying and reporting those events and in limiting their potential liability for such events. Mr. Chwastyk has earned two Certified Information Privacy Professional designations (CIPP/US and CIPP/Europe) from the International Association of Privacy Professionals. He received his B.A. from The Pennsylvania State University and his J.D., cum laude, from Georgetown University Law Center.

Mr. Garfinkel is co-chair of the Privacy & Data Security group of McNees Wallace & Nurick, LLC.  He has more than 14 years of experience and expertise advising businesses on compliance with electronic data security laws, consumer privacy laws and industry standards and in responding to breaches of data security.  He counsels clients on mitigating risks and reducing exposure to investigations and litigation arising from the loss, theft, or exposure of personal data.  Sandy has handled approximately 150 data incident response matters and has a particular expertise in handling hotel breach incidents.  He is a nationally regarded authority on data security and privacy matters.  Mr. Garfinkel is regularly published and speaks at numerous industry conferences on compliance with consumer privacy laws and preparing for and responding to data breaches. He received his J.D. from Duquesne University School of Law, Law Review 1991 and his B.A. from Emory University 1986. 

Sameer Ponkshe is an incident response and data privacy attorney with experience helping organizations prepare for and respond to cybersecurity incidents, state and global data privacy regulations, and regulatory inquiries. At Octillo, Sameer works with the Incident Response team to counsel clients who have experienced a suspected or actual data breach or other cybersecurity incident. In his role as a breach coach, Sameer helps organizations navigate the complexities of responding to cyber-attacks, including ransomware, malware, business email compromise, fraudulent wire transfers, and spoofed websites. He also advises on breach notification requirements under data security and privacy regulations, such as the Global Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), and the Health Insurance Portability and Accountability Act (HIPAA). Sameer works to strengthen an organization’s cyber posture by performing data mining, conducting risk assessments, and drafting and implementing incident response plans. He also leads tabletop exercises and other trainings to help prepare information security teams for potential cybersecurity incidents. Prior to joining Octillo, Sameer served as Senior Counsel on a Cybersecurity and Data Privacy team at a large, national law firm, where he acted as a breach coach for organizations across numerous industries and jurisdictions. He has considerable experience drafting and reviewing data privacy policies and procedures and data licensing and cross-border privacy contractual agreements and advising on current data protection best practices. Sameer is a Certified Information Privacy Professional, United States (CIPP/US) as certified by the International Association of Privacy Professionals (IAPP).

Dafina Buçaj is an experienced privacy attorney with a broad background in data privacy, cybersecurity, and public policy who counsels and advises clients on the development and implementation of enterprise-wide data security and privacy programs and regulatory compliance under federal, state, and international privacy regulations. A large portion of her practice is dedicated to helping global organizations create right-sized data security and privacy programs to address compliance with numerous global regulations, including the GDPR, PIPIEDA, CASL, POPIA, LGDP, PIPL and other emerging privacy and security laws. Dafina also reviews existing data security and privacy protocols, working with clients to mitigate legal risk by identifying vulnerabilities and implementing procedures and controls using practical, cost-effective solutions. The scope of Dafina’s practice includes data privacy and security regulatory assessments, information privacy and security protocols and policies, external policies, data collection, vendor risk assessments, contract development and review, and threat mitigation plan development. Prior to joining Octillo, Dafina served as Data Privacy and Security Manager for a major not-for-profit organization, where she spearheaded the development and implementation of a large-scale global privacy program, including a vendor risk management policy and procedures for cross-border data transfers, risk mitigation, and compliance with global privacy regulations. She has served in several prominent legal positions for the Government of Kosovo, including as legal Adviser to the Deputy Prime Minister and Minister of Justice and as a Legal Professional working with international organizations (OSCE, UNDP, USAID). Dafina is currently pursuing a Doctor of Juridical Science (J.S.D.) degree from Loyola Law School with a focus in Cyber Law. Dafina is a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional for the United States (CIPP/US) as certified by the International Association of Privacy Professionals (IAPP). She is fluent in English, French, and Albanian.

Jordan is a member of the Constangy Cyber Team and brings substantial expertise and leadership to the provision of compliance advisory services.  With her extensive experience in the global intersection of law and technology, Jordan works to continually evaluating and assessing legal and business opportunities and risks in order to provide public and private sector clients with vital data privacy and cybersecurity counsel and business strategic advice. She advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she has experience with biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS). Jordan represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance. Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI)), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions. Jordan is a Cybersecurity Lecturer at the University of California, Berkeley, and a Law Professor at the Thomas R. Kline School of Law. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy. Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries. Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.