With a background in both business and law, Joe has a unique understanding of the challenges his clients face, and he crafts data privacy and security programs for real-world applications.

Joe has more than 30 years of experience in the areas of data use, privacy, and cybersecurity. He regularly advises technology and healthcare companies and government entities, helping to identify their data privacy and cybersecurity risks. Joe also designs and manages programs and policies that minimize those risks.

He defends clients against state and federal governmental agency enforcement investigations, and assists with data breach response and data privacy assessments, information security compliance audits, and cyber investigations, including managing third-party forensic investigations. Joe also has led diligence efforts on all levels of business transactions that have identified and managed data-related issues having 7-figure potential impacts representing buyers, sellers, and investors. 

Joe’s experience covers multiple privacy and security issues facing entities in the private and public sectors. He has worked with clients in the development of data privacy and cybersecurity programs, global data breach response, cross-border data transfers, HIPAA, GDPR, CAN-SPAM, and CCPA compliance, technology licensing, and transfer agreements, contracts involving data flows, and management of the related legal risks and obligations, intellectual property and information technology, governmental privacy-related investigations, and internal investigations related to corporate compliance.

Working closely with each client to build tailored programs and policies appropriate for the business, industry, and stage of development, Joe also assists with IoT risks, cloud services, and big data analytics. Joe evaluates the software development process, privacy by design, and counsels clients on responding to software audit requests and advising on the risks associated with the use of the Internet across international jurisdictions.

Before re-entering private practice, Joe served in-house as Chief Privacy and Chief Information Security Officer for a large Midwest academic medical system. He also managed the legal issues associated with global data sharing for a Big 4 accounting/consulting firm.

A recognized thought leader on data privacy, cybersecurity, and healthcare topics, Joe is Certified in Healthcare Privacy Compliance (CHPC®).

Community & Professional

  • Board of Advisors, North Carolina Technology Association
  • Member, Duke Law Center for Judicial Studies - North Carolina Thought Leadership Committee
  • Member, International Association of Privacy Professionals
  • Member, Health Care Compliance Association
  • Certified in Health Care Privacy Compliance (CHPC®)
  • Data Privacy and Security Committee, University HealthSystem Consortium
  • Cleveland-Marshall College of Law
  • National Advisory Board, Center for Cybersecurity and Privacy Protection
  • Advisory Council, Center for Health Law & Policy
  • The Sedona Conference®
  • Working Group Series Program, Data Security and Privacy Liability - Working Group 11
  • Member, American Health Lawyers Association
  • Member, Association of Corporate Counsel, Northeast Ohio Chapter
  • Member, North Carolina Bar Association, Privacy & Data Security Section
  • Member, Cleveland Metropolitan Bar Association, Healthcare Practice Group
  • Member, Ohio State Bar Association
  • Member, American Bar Association
  • Member, National Asian Pacific American Bar Association


  • Advised a private equity fund and its healthcare solutions portfolio company in the acquisition of consulting, and data management company.
  • Managed a global data breach involving 27 countries and more than 500 data servers.
  • Lead the response teams for hundreds of national and international data incidents and breaches.
  • Leads engagements for breach analysis, notification obligations, incident investigations, and regulatory compliance.
  • Coordinates forensic investigations.
  • Leads post-breach privacy and security gap remediation.
  • Oversees the buy-side and sell-side privacy/cybersecurity due diligence efforts for multi-million-dollar transactions.
  • Leads incident response preparations and tabletop exercises.
  • Develops and leads privileged forensic investigations, vulnerability assessments, and compliance reviews.
  • Assesses and operationalizes international data processing and data transfer protocols.



Speaker, “Like Healthcare Providers, Credit Unions are High Priority Targets for Hackers”, Carolinas Credit Union League (CCUL), LAUNCH 2023

Speaker, “Information Blocking: Chaos, Confusion, and Non-Compliance”, American Health Law Association (AHLA), Physicians and Hospitals Law Institute, January 2023

Speaker, “Data Privacy & Security Ethics”, 21st Annual Maynard Nexsen In-House Counsel Ethics CLE, October 2022

Speaker, "The Privacy Mindset of the U.S. v. EU: Implications for U.S. Businesses in a Post-COVID Era", Federal Bar Association Annual Meeting& Convention, September 2022

Speaker, To Infinity and Beyond: Coordinating Incident Response Obligations–HIPAA, State Law, International Law, and Beyond”, American Health Law Association Fraud & Compliance Forum, September 2022

Webinar Panelist, “Cybersecurity in the Age of COVID-19,” Curi – A Medical Mutual Co. Webinar, December 8, 2020

Presenter, “GDPR/Data Privacy,” NCACPA 81st Annual Virtual Conference, November 18, 2020

Presenter, “Incident Response,” NCACPA 81st Annual Virtual Conference, November 16, 2020

Co-Panelist, "Health Care Sector Deep Dive," Cleveland-Marshall College of Law Cybersecurity & Privacy Protection Virtual Conference 2020, September 18, 2020

Webinar, Co-Presenter, "Managing Remote Access & Incident Response Remotely Workshop," NC TECH Webinar in Partnership with TCDI, June 17, 2020

Co-Presenter, "Cyber Security," NCACPA's Business & Industry Spring Conference, May 20, 2020

Co-Presenter, "The Role of Cyber-Insurance," WSJ Pro Cybersecurity Symposium, March 9, 2020

Co-Presenter, "Data Privacy, Cybersecurity, & HIPAA for Practitioners," NCACPA's 80th Annual Symposium, November 19, 2019

Co-Presenter, "Cyber Security and Health Care Privacy," HCCA 2019 Healthcare Enforcement Conference, November 3, 2019

Panelist, "Cybersecurity Panel Discussion," Total Computer Solutions, Greensboro, N.C., October 17, 2019

Panelist, "Pathways to Employment in International Law," Duke University School of Law, September 25, 2019

Speaker, "Overview of Data Privacy/Cybersecurity and Practical Implications," CED Accelerate Series, Research Triangle Park, N.C., June 25, 2019

Co-Speaker, "What Do Carnegie Hall and Good Security Incident Response Plans Have in Common?" HCCA's 23rd Annual Compliance Institute, April 8, 2019

Panelist, "General Data Protection Regulation (GDPR) – Info and Impacts," Visit North Carolina 365 Conference, April 1, 2019




  • State Bar: North Carolina, Ohio
  • U.S. District Court: Ohio (Northern)
Jump to Page