Sue Ross is based in Norton Rose Fulbright's New York Office with a practice focused on technology and US privacy matters.
Sue's extensive experience with technology and technology contracts includes negotiating, drafting, and interpreting over 10,000 computer hardware and software, SaaS, consulting, outsourcing, Internet, electronic signatures, web hosting, application service providers and non-disclosure agreements, many of which were for a federal government contractor. She is also experienced with preparing website terms and conditions and privacy policies. Sue is part of the firm's FinTech team, frequently speaking and writing on cryptocurrency and blockchain issues. Sue has assisted clients with artificial intelligence matters, including policies for the use of generative AI, as well as issues with using artificial intelligence in retail business as well as in technology agreements.
Sue also handles US privacy matters, including security breach laws, as well as assisting clients with their questions and compliance efforts relating to Red Flag Rule, Health Insurance Portability and Accountability Act ("HIPAA") Privacy and Security Rules, Gramm-Leach-Bliley, Telephone Consumer Protection Act, CAN-SPAM, California Consumer Privacy Act ("CCPA"), and Fair and Accurate Credit Transactions Act ("FACTA"). Sue has assisted clients with privacy and information security questions relating to the Payment Card Industry standards (PCI-DSS), provided counseling on a wide variety of matters that raised privacy issues, and created privacy policies (including Binding Corporate Rules) for corporations, as well as for web sites. Sue has experience counseling clients on advertising and contests and sweepstakes matters.
Sue's data breach experience has ranged from assisting clients in determining whether a breach, in fact, occurred; to working with third-party forensic investigators; to preparing the consumer and law enforcement notifications; to drafting the 8-K or similar public announcement. She has also participated in mock data breach exercises and assisted with "lessons learned" to help clients fill any gaps identified during those exercises.
JD, cum laude, University of Illinois, 1985
MBA, cum laude, University of Illinois, 1985
AB, magna cum laude, Duke University, 1981