Region Area

Lawyers

Al Saikali

Al Saikali

Work Department

Business Litigation

Position

Partner and Co-Chair, Privacy and Data Security Practice

Career

As chair of Shook's Privacy and Data Security Practice, Al has gained the trust of clients challenged by data incident response, privacy litigation, and compliance with the myriad laws governing sensitive information.  Al believes that client service, deep experience and proactive thinking are what separates him from other privacy and data security lawyers. These values are illustrated by the fact that Chambers USA ranked him as a national leader in privacy and data security law for the last four years in a row. Al has also been recognized in The Best Lawyers in America for privacy and data security law. He has been named a Cybersecurity Trailblazer by the National Law Journal and has received the Client Choice Award from Lexology. Under Al’s leadership, Legal 500 has named Shook a Top Cyber Law Firm the last two years in a row.

“Top-notch work should be a given from any law firm," Al says. "I believe what separates Shook’s privacy and data security team from the competition is client service. This means we listen closely to our clients’ needs, ask questions, understand their business and learn their industry. We are incredibly responsive and we apply the Golden Rule 24/7. Doing all of this helps us better monitor and proactively advise our clients on ways to address applicable legal trends. In this area of law, if you’re not preparing you’re responding, which is not the optimal place to be.”

The Wall Street Journal and Law360, among others, frequently interview him when they need insight into the legal implications of data breaches, emerging technological trends, biometric privacy, and other data security and privacy issues. Al often speaks to business professionals and teaches fellow attorneys about meeting the challenges associated with the proliferation of sensitive electronic information.

Outside his client practice, Al is Chair Emeritus of The Sedona Conference® Working Group 11: Data Security and Privacy Liability. Tasked with developing guides to help organizations minimize their privacy and data security liability risks, the working group includes leading practitioners in privacy and data security law, regulatory authorities and information security experts.

Incident Preparation and Response

For clients experiencing a data incident, Al directs the forensic investigation under privilege and work product protection; advises as to legal obligations to notify affected consumers, business partners and regulators; oversees the notification of third parties; communicates with law enforcement; prepares communications about the incident; responds to regulatory inquiries; and represents companies in litigation and enforcement actions arising from the incident or breach.

Al’s incident response experience includes:

a cyberattack exploiting the vulnerability of a website that allowed access to the personal information of several million individuals; a network intrusion affecting the payment card information of an online retailer’s consumers in every U.S. state and overseas; a cyberattack involving an Advanced Persistent Threat that put the intellectual property of a multinational science and technology company at risk; the insertion of malware into a company’s website, affecting the payment card information of more than 100,000 individuals; the theft of personally identifiable information from a professional services company by an employee involved in a nationwide identity-theft crime ring; lost mobile devices used to store protected health information by covered entities and business associates; and a vendor’s theft of consumer information from a national financial services company.

Litigation

Al regularly represents companies in class action lawsuits arising from data breaches and alleged privacy incidents. Al and the rest of Shook’s Biometric Privacy Task Force currently represent more companies in class action lawsuits arising from alleged violations of the Illinois Biometric Information Privacy Act (BIPA) than almost any other firm in the country. Al has defended and brought claims against companies in relation to data breaches—defending companies in consumer class actions and bringing claims against third parties to recover losses clients experienced from data breaches. Al has successfully challenged PCI assessments levied by card brands against merchants. He also represents companies in enforcement actions brought by state and federal regulatory authorities.

Al’s litigation experience includes:

Representing major health care systems in class action lawsuits arising from ransomware attacks, the loss of medical records, and other data breaches; Defending national retailers in lawsuits relating to the Illinois Biometric Information Privacy Act; Counseling financial services companies in lawsuits relating to the use of consumer data for new business operations; Prosecuting claims against a vendor whose vulnerability led to a data breach that resulted in losses to our client; and Representing a national manufacturing company and retailer in multi-district litigation arising from a payment card data breach.

Compliance

Al believes that the proliferation of privacy and data security laws provides companies an opportunity to shine. Clients need advice that adds value beyond a recitation of the letter of the law. Al and his team draw from their deep experience working with some of the most sophisticated companies in the world to help operationalize legal requirements that may seem like a moving target and can be quite challenging.

Al’s compliance experience includes:

building a global biometric technology program for a multinational company in compliance with state and international biometric privacy laws; counseling covered entities and business associates to comply with HIPAA/HITECH, preparing risk assessments, drafting internal and consumer-facing privacy policies and notices, performing employee training, and negotiating business associate agreements; designing and drafting incident response plans for companies in all industries; helping companies comply with the General Data Protection Regulation (GDPR) and the patchwork of state privacy laws including, more recently, the California Consumer Privacy Act, the NY SHIELD Act and the NY Department of Financial Services’ Cybersecurity Requirements; providing counsel on the Payment Card Industry’s Data Security Standards and negotiating merchant agreements and subcontractor agreements to ensure compliance with the standards; designing vendor management programs, along with the drafting and negotiation of agreements, to minimize the risks of service-provider access to sensitive information. This also encompasses the drafting and negotiation of agreements that address incident response, indemnification, notification, data ownership and the implementation and auditing of security safeguards; directing an information-security assessment for a Fortune 50 company to identify legal risks associated with its procedures for collecting, storing, using and disposing of sensitive information; training employees of covered entities, business associates and insurance companies about the proper handling of protected health information; and advising Fortune 100 companies about their obligations under federal data privacy laws, such as the Gramm-Leach-Bliley Act, HIPAA/HITECH, CAN-SPAM, and Section 5 of the FTC Act.

Memberships

American Bar Association, Section of Science and Technology, Cloud Computing and E-Privacy Committees International Association of Privacy Professionals Certified Information Privacy Professional Education Advisory Board South Florida KnowledgeNet, Co-Chair (2013) Law360, Privacy and Consumer Protection, Editorial Advisory Board Law360, Cybersecurity and Privacy, Editorial Advisory Board (2020) The Florida Bar Technology Committee (2015-Present) Civil Procedure Rules Committee, Vice Chair (2012-2013) Code and Rules of Evidence Committee, Vice Chair (2006-2007) The Sedona Conference, Working Group 11: Data Security and Privacy Liability, Chair U.S. Secret Service, Electronic Crimes Task Force

Education

J.D., Boston University School of Law, 1999 B.A., University of Florida, 1996

Personal

Al is a Fellow of Information Privacy, a Certified Information Privacy Technologist, a Certified Information Privacy Professional/US and a Certified Information Privacy Professional/Europe, accredited by the International Association of Privacy Professionals. He maintains a blog, Data Security Law Journal, where he regularly posts about legal developments and trends in data security and privacy law. He was a founding member of the IAPP’s Privacy Bar Section Board and is an active member of the U.S. Secret Service's Electronic Crimes Task Force.

Faculty Position Adjunct Professor, St. Thomas University School of Business (Cybersecurity Law)

 

Mentions