Data Privacy & Information Management

Green fingerprint with digital pixel effect on a black background.

Patrick Burke began his privacy law career in Europe in 2006, advising on the E.U. Data Protection Directive—years before U.S. privacy laws emerged. As European counsel for a cybersecurity software company, he created corporate frameworks that met the Directive’s novel requirements, later evolving into GDPR compliance. He went on to teach data privacy at Cardozo Law School and lead the New York State Department of Financial Services’ initiatives protecting consumers’ personal and financial data.

Today, Burke guides global organizations in building mature privacy programs aligned with GDPR, CCPA, and emerging U.S. and international privacy regulations. He oversaw just such a program as Chief Data & Privacy Officer for a health-oriented adtech operation. He writes and speaks regularly on cutting-edge issues, recently serving on the drafting committee for the for the ANA/4As 2024 “Responsible Privacy in Advertising Initiative.”

Data Privacy Programs for US, UK, GDPR and Canadian Compliance

We design and implement privacy compliance programs tailored to local or global legal or industry-sector frameworks, including:

  • U.S. federal (e.g. GLBA, HIPAA/HITECH, SEC Cybersecurity Disclosure)

  • U.S. state privacy and data breach laws and regulations (e.g. California, Colorado, Virginia, Washington, etc.)

  • European and UK GDPR

  • Canadian PIPEDA and provincial laws (e.g. Quebec)

  • NIST and Security Organization Control (SOC)

  • Sector-specific frameworks (e.g.

From data mapping to policy drafting, we ensure that your organization’s practices are not only legally defensible but operationally sustainable.   

Deep hands-on experience in adtech, pharma, financial institutions, manufacturing, airlines, casinos, entertainment and fintech startups, often companies processing personal information globally.

Sensitive Personal Data, and Privacy-by-Design

Handling sensitive categories of personal data requires heightened care. We help clients build privacy-by-design frameworks that integrate safeguards into products, systems, and business processes from day one.
Our work ensures compliance with special requirements for:

  • Health and biometric data

  • Financial information

  • Consumer personal information

  • Geolocation

  • Children’s data

  • Employee monitoring

Contractual Obligations

Burke understands that contracts are at the heart of data relationships, and the details of corporate data protection obligations are set in contractual agreements among controller, processors and third parties.

As a Chief Data & Privacy Officer for a global health-focused adtech agency, Burke introduced and implemented a programmatic approach to negotiation and redlining of agreements and schedules for hundreds of client, vendor and partnership agreements, among many others:

  • Data Processing Agreements (DPAs)

  • Standard Contractual Clauses (SCCs)

  • Business Associate Agreements (BAAs)

  • Vendor and client data-sharing agreements

Burke focuses on striking the best practicable balance between protecting data assets and maintaining commercial flexibility and innovation. He does not hesitate to dig down into technology details, to fully understand and assess data protection risks, and recommend business-savvy controls.

Documenting Compliance: DPIAs, PIAs, Risk Assessments, Regulatory Investigations

Burke D&PL helps organizations anticipate and mitigate risk by conducting:

  • Data Protection Impact Assessments (DPIAs)

  • Privacy Impact Assessments (PIAs)

  • Cyber and privacy risk assessments

  • Third-party data protection due diligence

We also guide clients through regulator inquiries, investigations, and enforcement actions with the steady hand of a former NYS DFS Deputy Superintendent familiar with the regulatory perspective.