Profile
Craig works with clients to assess and mitigate privacy and security risks through the development of effective compliance programs and assisting in responding to potential data breaches.
With a focus in working with universities and health care providers, Craig frequently assists clients in the development and implementation of policies to better ensure compliance with data privacy and security laws, including GDPR, HIPAA, 42 CFR Part 2 and New York State’s SHIELD Act. He has also served as lead counsel in responding to investigations and inquiries from the Office for Civil Rights (OCR), and has coordinated with clients and IT consultants to conduct internal investigations and assessments to determine the nature and extent of data breaches. Additionally, Craig has experience in reviewing service agreements involving use, storage or processing of private and/or protected information to advise on strategies to strengthen security protocols.
