Tracy is co-chair of the firm's cybersecurity and data privacy practice, deputy chair of the health care practice, and a member of the higher education practice. In seeking solutions to her clients’ business, legal and strategic goals, Tracy draws upon her experience as outside counsel, former general counsel of a health system, and policy maker.
Tracy advises colleges and universities, health care clients, and other not-for-profit organizations about corporate governance and transactions, complex contracts, regulatory affairs, and cybersecurity and data privacy. In relation to cybersecurity and data privacy, she assists clients proactively to develop effective cybersecurity programs, prepares cybersecurity and privacy policies, and identifies legal vulnerabilities. Tracy also trains and advises boards about their oversight duty, provides workforce training, advises about breach preparedness and response, prepares third party agreements, and advises about the full range of laws and regulations that apply to higher education institutions, including state breach notification laws. In relation to information privacy, she advises clients about FERPA, HIPAA, state privacy laws, and the interplay of those legal obligations.
Tracy writes and speaks extensively about cybersecurity and data privacy, corporate governance, and regulatory affairs.