Dana Holmstrand assists with clients' most pressing privacy and cybersecurity matters. Dana counsels clients to help them understand and comply with federal, state, and international privacy laws and regulations as well as state data breach notification laws. As part of her compliance practice, she has updated privacy representations, advised on the privacy aspects of corporate transactions and agreements, and coordinated multijurisdictional privacy compliance reviews. Dana has also worked on complex multistate settlements and government enforcement actions.
In her privacy and data security practice, Dana counsels clients on matters related to the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the European Union’s General Data Protection Regulation (GDPR), the Fair Credit Reporting Act (FCRA), and the Gramm-Leach-Bliley Act (GLBA).
During law school, Dana served as a student advocate in the Federal Legislation Clinic, where she supported a privacy and technology think tank by surveying the landscape of enacted and proposed laws related to face recognition technology, critiqued bills, and prepared staff for related lobbying in several states. Previously at a leading audit, tax, and advisory services firm, Dana served as a consultant to the U.S. Department of Veterans Affairs (VA), where she facilitated development of the publicly released VA Comprehensive IT Plan, which resulted in the Government Accountability Office (GAO) declaring the agency no longer at high risk of failure for IT project planning.