Skip to main content

Brian H. Lam

Special Counsel – Privacy, Cybersecurity and Technology Transactions

[email protected]



Brian Lam is a member of Mintz’s Privacy & Security Practice and Technology Transactions Practice. Brian focuses his practice on providing practical advice that enables companies to pursue their business in a competitive environment while reducing risk associated with the collection, use, storage, transfer, and potential loss of data. He frequently negotiates complex data-centric information technology agreements, and designs policies and corresponding controls for the implementation of best practices, compliance with state and federal law, and international considerations. He often reviews the data flows within an organization from both a senior leadership perspective as well as at the implementation level, and provides actionable recommendations to engineer such data flows in order to reduce compliance risk and engender consumer trust.

Brian frequently provides advice to clients that wish to buy or sell corporate entities whose business models leverage data and information technology, including data aggregation, analytics, and open source software.

Brian has been designated a Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals, and is also a Certified Information Privacy Professional (CIPP) (US Specialization), Certified Information Privacy Manager (CIPM), and a Certified Information Systems Security Professional (CISSP). He has a B.S. in Computer Science and an M.S. in Telecommunications from the University of Colorado at Boulder, College of Engineering and Applied Science.

He is also a member of Governor Brown’s California Cybersecurity Task Force, a statewide partnership comprised of key stakeholders, subject matter experts, and cybersecurity professionals from California's public and private sectors, academia, and law enforcement that serves as an advisory body to the State of California Senior Administration Officials in matters related to cybersecurity.

Before becoming an attorney, Brian worked at one of the country’s leading information security firms, where he focused on analyzing the existing network security controls of financial institutions, online merchants, and government organizations. He also conducted penetration tests, provided guidance on PCI-DSS compliance, and assisted federal law enforcement with digital forensics post security incident. Subsequently, he joined one of the world’s largest management consulting and information services firms, where he led efforts to design and implement large-scale information security initiatives for Fortune 500 companies, including one of the world’s largest banking and consumer credit companies.


  • University of Southern California (JD)
  • University of Colorado (MS)
  • University of Colorado (BS)

Recent Insights

News & Press


Viewpoint Thumbnail

2019 CCPA Amendment Process Comes to a Close

September 20, 2019 | Blog | By Cynthia Larose, Brian Lam

Interested parties and privacy professionals have all been anxiously awaiting how legislative activity would shake out before the California Consumer Privacy Act (“CCPA”) is implemented January 1, 2020.  Now that the dust has settled inside the golden dome in Sacramento and the state legislature’s 2019 session has come to a close, we can see which bills passed and will be provided to Governor Gavin Newsom, who has until October 13th to either veto these bills or sign them into law. 
Read more
Viewpoint Thumbnail
Recently, California passed the California Consumer Privacy Act (“CCPA”), currently the nation’s leading state law regarding consumer privacy. The CCPA will become effective January 1, 2020. Companies that need to comply will have less than eight months to come up with a compliance plan and revise their business model, if necessary.
Read more
Viewpoint Thumbnail

Are You Talking To A Bot? New CA Law Makes Disclosure the Best Option

July 1, 2019 | Blog | By Cynthia Larose, Brian Lam

While the California Consumer Protection Act (“CCPA”) is certainly one of the most important pieces of privacy legislation affecting many businesses today, we want to remind our readers of another California initiative that may affect their operations, which we are calling the “Disclose Your Bots” law.
Read more
Viewpoint Thumbnail

California Governor Floats “Data Dividend” Proposal

February 16, 2019 | Blog | By Brian Lam

On the heels of the passing one of the nation’s leading pieces of privacy legislation, the California Consumer Privacy Protection Act (“CCPA”), Governor Newsom, used his first “State of the State” address, to highlight his position on data protection and privacy, by saying that technology companies “make billions of dollars collecting, curating and monetizing our personal data have a duty to protect it” and that “Consumers have a right to know and control how their data is being used.”   
Read more
Viewpoint Thumbnail

California AG’s Office Gets Public Input on CCPA

January 29, 2019 | Blog | By Brian Lam

The California Attorney General’s Office (CAGO) is conducting a series of public hearings around the state to gather input on the California Consumer Privacy Act of 2018 (CCPA). We attended the CAGO’s January 25th, 2019 hearing.  The panel of CAGO staff informed those in attendance to anticipate a Notice of Proposed Regulatory Action in the fall of 2019. 
Read more
Viewpoint Thumbnail

WEBINAR – The California Consumer Privacy Law is Here. Get Prepared.

January 17, 2019 | Blog | By Cynthia Larose, Brian Lam

We have been actively covering the California Consumer Privacy Act on our blog as it evolves including here and here.  Please join us on February 6th  for the first webinar in our California Consumer Privacy Act Series. 
Read more
Viewpoint Thumbnail

Oath (f/k/a AOL) Agrees to Pay Record Settlement over COPPA Violations

December 12, 2018 | Blog | By Cynthia Larose, Brian Lam

Recently, Oath, a wholly-owned subsidiary of Verizon Communications agreed to pay $4.95 million to settle charges from the New York attorney general’s office that the company’s online advertising business was violating federal law.
Read more
Viewpoint Thumbnail
Recently, Amazon refused (registration required) to provide data from an Amazon Echo device in a case involving the a double homicide in response to an order issued by a New Hampshire state judge.  Prosecutors believe that the Echo may have recorded data relevant to the crime; a potential perpetrator has already been charged. 
Read more
Viewpoint Thumbnail

“Hey Alexa – Tell Me About Your Security Measures”

October 4, 2018 | Blog | By Brian Lam, Cynthia Larose

California continues to lead the nation in cybersecurity and privacy legislation on the heels of the recent California Consumer Privacy Act of 2018 (“CCPA”).  Governor Brown recently signed into law two nearly identical bills, Assembly Bill No. 1906 and Senate Bill No. 327 (the “Legislation”) each of which required the signing of the other to become law, on September 28th, 2018.
Read more
June 28, 2018 will be a watershed day in the history of U.S. data privacy legislation.   California has become the first state to move away from the U.S. approach of legislating data privacy in slow bits.  
Read more

News & Press

News Thumbnail
In an article published by Law360, Mintz Special Counsel – Privacy, Cybersecurity and Technology Transactions Brian Lam was quoted on how businesses should prepare to comply with the final regulations of the California Consumer Privacy Act (CCPA) in advance of its July 1 enforcement date.
Press Release Thumbnail
Mintz is pleased to announce that Brian Lam has been named a Fellow of Information Privacy by the International Association of Privacy Professionals, a global community that helps practitioners develop and advance their careers and organizations manage and protect their data.
In this feature article, Brian Lam speaks on the use of data as a competitive tool for companies; he describes data dexterity as a company’s ability to interact with data in a way competitors cannot, and offers thoughts on evaluating and improving a company’s data dexterity.
Mintz attorney Brian Lam is featured in a Law360 article about proposed legislation to “give a tax credit to companies who purchase data breach insurance and implement a widely respected cybersecurity framework.”
Privacy & Security and Technology Transactions Practices attorney Brian Lam authored this Law360 column discussing the Pokémon Go app and the privacy lessons future app developers can learn from its rapid rise in popularity.