FacultyFaculty/Author Profile

Steven B. Roosa

Holland & Knight LLP

New York, NY, USA


Steven B. Roosa is a partner in Holland & Knight's New York office and co-chair of the Data Privacy and Security Team. He is also a fellow emeritus at the Center for Information Technology Policy (CITP) at Princeton University. His practice focuses on advising companies on a wide spectrum of technology and legal issues pertaining to privacy and data security. Representative issues include: mobile app privacy compliance; leveraging anonymity solutions to help clients safely unlock the value of large data sets; Internet tracking; web security; geo-fencing; data breach and incident response; Children's Online Privacy Protection Act (COPPA); Computer Fraud and Abuse Act (CFAA); FTC compliance; privacy considerations of modified network protocols; California best practices for websites and mobile apps; compliance with wiretap statutes and the Electronic Communications Privacy Act (ECPA); public-key infrastructure (PKI); certification authority matters pertaining to online trust; and web-based reputation and defamation issues.

Mr. Roosa's day-to-day practice includes helping companies better understand the privacy profile of their websites and mobile apps and translating that knowledge into actionable risk management options. He has helped infuse the Holland & Knight Team with a tech-focused approach in which law firm privacy counseling to clients includes:

  • proxying network traffic
  • analyzing the use of unique device identifiers for iOS, Android, and Windows 8 platforms
  • reviewing the privacy profiles of websites and mobile apps;
  • cataloging and evaluating the privacy characteristics and risks associated with third party hosted solutions, advertisers, and analytics companies
  • using specialized software and tools to understand the tracking implications of local storage
  • conducting cookie audits
  • providing advice on offensive and defensive cybersecurity measures

Because privacy and security matters often relate directly to a company's industry-specific, core business model or threat landscape, Mr. Roosa actively partners with Holland & Knight's national caliber attorneys and professionals in the following areas:

  •  intellectual property
  • energy
  • venture capital funding
  • legislative affairs
  • mergers and acquisitions
  • healthcare and life sciences
  • crisis communications
  • financial services industry

In the courtroom, Mr. Roosa represents a diverse array of companies in matters relating to consumer protection, online defamation, commercial disputes, and state and federal administrative law. He also works extensively on defending putative class actions involving Flash cookies and has been instrumental in obtaining voluntary dismissals for three large clients in these recent proceedings.

Typical clients include Fortune 500 corporations, privately held companies, large retailers, technology companies and nonprofit entities.

Mr. Roosa is the co-author of "Trust Darknet: Control and Compromise in the Internet's Certificate Authority Model," appearing in the May 2013 issue of the IEEE's Internet Computing. He is also a regular contributor to Holland & Knight's Privacy Blog.

 

Experience
Privacy-Related Class Action Litigation Defense and Regulatory Defense: represented companies in relation to FTC inquiries, Civil Investigative Demands (CIDs), subpoenas and investigations

Privacy-Related Class Action Litigation Defense and Regulatory Defense: represented companies in litigation resulting from data breach and security incidents

Privacy-Related Class Action Litigation Defense and Regulatory Defense: represented companies in relation to state attorneys general inquiries, Civil Investigative Demands (CIDs), subpoenas and investigations

Privacy-Related Class Action Litigation Defense and Regulatory Defense: represented mobile app companies in relation to privacy-related class action

Technical and Specialized Engagements: for large communications company, conducted quarterly website reviews, analyzing network traffic and assist in developing controls and revising disclosures

Technical and Specialized Engagements: for numerous companies including mobile app developers, conducted deep-dive mobile app privacy reviews, analyzing network traffic and assisted in developing controls and disclosures

Privacy-Related Class Action Litigation Defense and Regulatory Defense: represented several companies in class action litigation related to the use of cookies and flash cookies General Compliance and Corporate Governance: provided advice to large retailers with respect to geo-fencing projects

General Compliance and Corporate Governance: provided strategic advice and counsel on local, national and international privacy and data protection and data transfer laws for numerous companies

Contracting and Due Diligence: for numerous companies, negotiated service level agreements in a range of privacy and security-related circumstances, including those related to data centers,  cloud computing services, IT outsourcing and PCI-DSS compliance

General Compliance and Corporate Governance: assisted numerous companies in drafting,

design and implementation of internal company policies, including information security, data and records management and retention, data classification and handling, device management and Bring Your Own Device policies, codes of conduct, white papers, marketing materials, vendor white lists and internal policies on Internet tracking

General Compliance and Corporate Governance: provided counseling for large communication provider, software companies and mobile app developers with respect to issues pertaining to security, encryption and authentication

General Compliance and Corporate Governance: provided advice to numerous companies with respect to the use of geo-location information

General Compliance and Corporate Governance: developed privacy training programs

 

Honors & Awards
Outstanding Lawyer, Nightingale's Healthcare News, 2009 Top 40 Under 40, New Jersey Law Journal, 2008

 

Publications
The Most Important Issue Involving Superfish Isn’t Superfish, Holland & Knight Privacy Blog, February 26, 2015

Lab Tuesday - How Not to Use iOS’s Identifier for Advertising (IDFA/IFA), Holland & Knight Privacy Blog, February 10, 2015

BBB Issues OBA Warning: What You Should Know and What to Do About It, Holland & Knight Privacy Blog, December 19, 2014

EU Cookie Sweep Initiative, Holland & Knight Privacy Blog, September 23, 2014

Why Are Companies Getting Sued Under the Video Privacy Protection Act?, Holland & Knight Alert, September 16, 2014

Why Are Companies Getting Sued Under the Video Privacy Protection Act?, September 16, 2014 Getting to the Real Issue on the Senate Subcommittee's Advertising Report, Holland & Knight Privacy Blog, May 15, 2014

Getting a Handle on VPPA Risk - A Data Driven Approach, Holland & Knight Privacy Blog, May 12, 2014

FTC Changes COPPA FAQ to Provide New Guidance on Consent and Data Collection in Educational Settings, Holland & Knight Privacy Blog, April 24, 2014

More Permissive Standard for Standing in Plaintiffs' Data Breach Suits, Holland & Knight Privacy Blog, April 23, 2014

FTC Provides Guidance on Obtaining Parental Consent under COPPA, Holland & Knight Privacy Blog, April 14, 2014

Heartbleed - A Picture is Worth a Thousand Words, Holland & Knight Privacy Blog, April 11, 2014 Heartbleed SSL/TLS Vulnerability, Holland & Knight Privacy Blog, April 10, 2014

Three Important TCPA Developments, Holland & Knight Privacy Blog, April 10, 2014

How Much Does Cybercrime Threaten Latin American Companies?, Inter-American Dialogue Financial Services Advisor, March 20-April 2, 2014

Where the Real Danger Lies: Media Focuses on a Real Concern But Misses the Key Point on "Flashlight Free" FTC Settlement, Holland & Knight Privacy Blog, December 9, 2013

The New COPPA FAQ's Clarify "Actual Notice" and the Responsibilities of 3rd Parties, Holland & Knight Privacy Blog, July 26, 2013

The FTC’s HTC Action: The Most Significant FTC Case in 5 Years, Co-Author, Holland & Knight Privacy Blog, March 1, 2013

Nothing Personal: Multiple Mobile Best Practices, and the Many Changing Faces of Personal Information, Co-Author, Holland & Knight Privacy Blog, February 19, 2013

Mobile App Privacy: The Hidden Risks, Co-Author, Practical Law Company, January 31, 2013 A Critical Appraisal of California AG’s "Privacy to Go" Best Practices for Mobile Apps, Holland & Knight Privacy Blog, January 14, 2013

The New COPPA Rule Announced Today: Big Changes Handed Down by the FTC, Co-Author,

Holland & Knight Privacy Blog, December 19, 2012

The Center for Digital Democracy Urges FTC to File Complaint Against Mobbles, Holland & Knight Privacy Blog, December 12, 2012

FTC Announces COPPA Enforcement Campaign with Second Report on Kids' Apps, Holland & Knight Privacy Blog, December 10, 2012

The NSA and Cybersecurity, Holland & Knight Privacy Blog, December 5, 2012

Study Criticizing Android Apps Was Pretty Lame, Co-Author, Law360, December 3, 2012

Safe Prediction for 2013: Significant Expansion of Mobile App Regulation (FDA and COPPA), Co- Author, Holland & Knight Privacy Blog, November 28, 2012

Tough Cop at the FTC: Commissioner Brill Gives Insight On COPPA Rule and Enforcement,

Holland & Knight Privacy Blog, November 21, 2012

Privacy Candy From Apple, Holland & Knight Privacy Blog, November 19, 2012

FTC Publishes New Privacy Guidelines for Mobile Apps, Co-Author, Holland & Knight Digital Technology & E-Commerce Blog, November 15, 2012

Insights From A Scandal: The Fundamentals Of On-Line Security And Privacy, Holland & Knight Privacy Blog, November 14, 2012

Study Criticizing Android Apps Was, Well, Pretty Lame, Holland & Knight Privacy Blog, November 12, 2012

Think You Won’t be Covered by the New COPPA Rule? Think Again!, Holland & Knight Privacy Blog, November 9, 2012

Corporate Privacy Compliance Becomes More Tech-Focused, Holland & Knight Privacy Blog, November 5, 2012

Complying with the California Attorney General's Statement on Mobile Apps: Don't Rely on Website Privacy Policies, Holland & Knight Alert, November 2, 2012

Complying with the California Attorney General's Statement on Mobile Apps, Holland & Knight Privacy Blog, November 2, 2012

Privacy and Security in Mobile Apps, the Cloud, and the Internet of Things: The Role of In-House Counsel in Mitigating New Class Action and Regulatory Risks, Co-Author, October 1, 2012

COPPA May Now Apply to You: FTC Proposes Additional Revisions to Children's Online Privacy Protection Rule and Seeks Public Comment, Holland & Knight Alert, August 9, 2012

The New Corporate Approach To Privacy Compliance, Co-Author, Law360, July 31, 2012

SSL Hacked: 2011 Proved That The Enterprise Can't Rely On Encrypted Communications; But Corporate Counsel Can Champion a Fix, Corporate Counsel, law.com, September 28, 2011

Information Security and Privacy: A Practical Guide for Global Executives, Lawyers, and Technologists, Science and Technology Law Section, American Bar Association, February 17, 2011

The Flawed Legal Architecture of the Certificate Authority Trust Model, Freedom to Tinker Blog, December 15, 2010

The Devil Is in the Indemnity Agreements: A Critique of the Certificate Authority Trust Model's Putative Legal Foundation, Presentation to the Center for Information Technology Policy at Princeton University, December 9, 2010

The 'Certificate Authority' Trust Model for SSL: A Defective Foundation for Encrypted Web Traffic and a Legal Quagmire, Intellectual Property & Technology Law Journal, Vol. 22, No. 11, November 2010

Encryption Is Not Enough: Why It's Time for General Counsel to Weigh In on Authentication Practices Associated With Secure Communications, e-Commerce Law Report, Vol. 12, Issue 11, West Publications, November 2010

The Next Generation of Artificial Intelligence in Light of In re Bilski, The Intellectual Property & Technology Law Journal, Vol. 21, No. 3, March 2009

 

Speaking Engagements
Mobile Apps and Network-Aware Devices: Legal Exposure in the Collection of Data and What to Do About It, AdvaMed Webinar, November 4, 2014

IP Trademark, Copyright & Licensing Counsel Forum, Cyber Security Risks that Threaten Corporate Intellectual Property and Client Confidentiality, October 28-29, 2014

Financial Services IT – Avoidance of Risks, Information Security Issues, Practising Law Institute, May 21, 2014

IP Trademark, Copyright & Licensing Counsel Forum, Moderator, Mobile Apps and Privacy: The Hidden Risks, October 22, 2013

Compromise and Control at the Perimeter of the Network: Online Trust, Mobile Security and Mitigating Risk in Mergers and Acquisitions, Moderator, North Virginia Technology Council General Counsel Committee Event, June 7, 2013

How to Prepare for New Corporate Cybersecurity Risks, Holland & Knight Webinar, May 15, 2013 Mobile Privacy and Security, The Current Regulatory Landscape and New Risk Threat Model, April 16, 2013

Mobile Privacy and Monetization: Risks and Opportunities in the Era of Networked Data, L2 Blog Social CRM Clinic, April 4, 2013

Data Security and Data Breaches: How to Avoid an Attack and Be Prepared When One Strikes & Observations from a Fortune 500 General Counsel, ACC and Holland & Knight Panel, March 20, 2013

COPPA Boot Camp - Practical Steps Towards Compliance, January 28, 2013

Privacy and Security in Mobile Apps, the Cloud, and the Internet of Things: The Role of In-House Counsel In Mitigating New Risks, Association of Corporate Counsel, Northeast Chapter, October 3, 2012

Mobile Security & Privacy Best Practices, Online Trust Alliance's Forum, October 1-4, 2012

 

Education
Rutgers University School of Law-Camden, J.D. Cornell University, B.A.


Bar Admissions
New Jersey New York

District of Columbia

Share
Email

  • FOLLOW PLI:
  • twitter
  • LinkedIn
  • GooglePlus
  • RSS

All Contents Copyright © 1996-2017 Practising Law Institute. Continuing Legal Education since 1933.

© 2017 PLI PRACTISING LAW INSTITUTE. All rights reserved. The PLI logo is a service mark of PLI.