Skip to main content

Brian H. Lam

Associate

[email protected]

+1.858.314.1583

Follow:
Share:

Brian Lam is a member of Mintz’s Privacy & Security Practice and Technology Transactions Practice. Brian focuses his practice on providing practical advice that enables companies to pursue their business in a competitive environment while reducing risk associated with the collection, use, storage, transfer, and potential loss of data. He frequently negotiates complex data-centric information technology agreements, and designs policies and corresponding controls for the implementation of best practices, compliance with state and federal law, and international considerations. He often reviews the data flows within an organization from both a senior leadership perspective as well as at the implementation level, and provides actionable recommendations to engineer such data flows in order to reduce compliance risk and engender consumer trust.

Brian frequently provides advice to clients that wish to buy or sell corporate entities whose business models leverage data and information technology, including data aggregation, analytics, and open source software.

Brian has been designated a Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals, and is also a Certified Information Privacy Professional (CIPP) (US Specialization), Certified Information Privacy Manager (CIPM), and a Certified Information Systems Security Professional (CISSP). He has a B.S. in Computer Science and an M.S. in Telecommunications from the University of Colorado at Boulder, College of Engineering and Applied Science.

He is also a member of Governor Brown’s California Cybersecurity Task Force, a statewide partnership comprised of key stakeholders, subject matter experts, and cybersecurity professionals from California's public and private sectors, academia, and law enforcement that serves as an advisory body to the State of California Senior Administration Officials in matters related to cybersecurity.

Before becoming an attorney, Brian worked at one of the country’s leading information security firms, where he focused on analyzing the existing network security controls of financial institutions, online merchants, and government organizations. He also conducted penetration tests, provided guidance on PCI-DSS compliance, and assisted federal law enforcement with digital forensics post security incident. Subsequently, he joined one of the world’s largest management consulting and information services firms, where he led efforts to design and implement large-scale information security initiatives for Fortune 500 companies, including one of the world’s largest banking and consumer credit companies.

Education

  • University of Southern California (JD)
  • University of Colorado (MS)
  • University of Colorado (BS)

Recent Insights

News & Press

Viewpoints

Viewpoint Thumbnail
Within Article 3 (pages 10-18), the regulations detail important requirements that every business must follow when providing and fulfilling consumer rights under the CCPA.
Read more
Viewpoint Thumbnail
The California Attorney General’s office (CA AG) has published the long-awaited implementing regulations to the California Consumer Privacy Act (CCPA).  In addition to the regulations, the CA AG also released a Notice of Proposed Rulemaking and Initial Statement of Reasons  to support the draft regulations. The CA AG will hold a series of public hearings as outlined in the Notice of Proposed Regulations, and will be accepting written comments from the public on the regulations until 5:00 PM PST on December 6, 2019. 
Read more
Viewpoint Thumbnail
Interested parties and privacy professionals have all been anxiously awaiting how legislative activity would shake out before the California Consumer Privacy Act (“CCPA”) is implemented January 1, 2020.  Now that the dust has settled inside the golden dome in Sacramento and the state legislature’s 2019 session has come to a close, we can see which bills passed and will be provided to Governor Gavin Newsom, who has until October 13th to either veto these bills or sign them into law. 
Read more
Viewpoint Thumbnail
Recently, California passed the California Consumer Privacy Act (“CCPA”), currently the nation’s leading state law regarding consumer privacy. The CCPA will become effective January 1, 2020. Companies that need to comply will have less than eight months to come up with a compliance plan and revise their business model, if necessary.
Read more
Viewpoint Thumbnail
While the California Consumer Protection Act (“CCPA”) is certainly one of the most important pieces of privacy legislation affecting many businesses today, we want to remind our readers of another California initiative that may affect their operations, which we are calling the “Disclose Your Bots” law.
Read more
Viewpoint Thumbnail
On the heels of the passing one of the nation’s leading pieces of privacy legislation, the California Consumer Privacy Protection Act (“CCPA”), Governor Newsom, used his first “State of the State” address, to highlight his position on data protection and privacy, by saying that technology companies “make billions of dollars collecting, curating and monetizing our personal data have a duty to protect it” and that “Consumers have a right to know and control how their data is being used.”   
Read more
Viewpoint Thumbnail
The California Attorney General’s Office (CAGO) is conducting a series of public hearings around the state to gather input on the California Consumer Privacy Act of 2018 (CCPA). We attended the CAGO’s January 25th, 2019 hearing.  The panel of CAGO staff informed those in attendance to anticipate a Notice of Proposed Regulatory Action in the fall of 2019. 
Read more
Viewpoint Thumbnail
We have been actively covering the California Consumer Privacy Act on our blog as it evolves including here and here.  Please join us on February 6th  for the first webinar in our California Consumer Privacy Act Series. 
Read more
Viewpoint Thumbnail
Recently, Oath, a wholly-owned subsidiary of Verizon Communications agreed to pay $4.95 million to settle charges from the New York attorney general’s office that the company’s online advertising business was violating federal law.
Read more
Viewpoint Thumbnail
Recently, Amazon refused (registration required) to provide data from an Amazon Echo device in a case involving the a double homicide in response to an order issued by a New Hampshire state judge.  Prosecutors believe that the Echo may have recorded data relevant to the crime; a potential perpetrator has already been charged. 
Read more

News & Press

Mintz is pleased to announce that Brian Lam has been named a Fellow of Information Privacy by the International Association of Privacy Professionals, a global community that helps practitioners develop and advance their careers and organizations manage and protect their data.
In this feature article, Brian Lam speaks on the use of data as a competitive tool for companies; he describes data dexterity as a company’s ability to interact with data in a way competitors cannot, and offers thoughts on evaluating and improving a company’s data dexterity.
Mintz attorney Brian Lam is featured in a Law360 article about proposed legislation to “give a tax credit to companies who purchase data breach insurance and implement a widely respected cybersecurity framework.”
Privacy & Security and Technology Transactions Practices attorney Brian Lam authored this Law360 column discussing the Pokémon Go app and the privacy lessons future app developers can learn from its rapid rise in popularity.