Michael La Marca
About Michael
Mike focuses on privacy, cybersecurity and AI issues, with a particular concentration on helping clients navigate legal issues associated with developing and deploying emerging technologies. He advises clients on global privacy and information security issues and works with organizations – from multinational companies to startups – to evaluate and manage privacy, cybersecurity and AI risks and policy issues. Much of his work has centered on navigating complex legal issues on behalf of companies in the financial services industry as well as companies engaged in developing and deploying AI and other pioneering technologies and information practices, such as biometrics, geolocation tracking and Internet of Things devices.
Mike advises his clients on compliance with federal, state, and international privacy and data security laws. He regularly partners with companies to build and implement their privacy and information security programs and address related governance issues, including developing written policies and procedures, designing incident response programs and conducting breach response preparedness activities, developing cross-border data transfer solutions, preparing data protection impact assessments, and developing and enhancing vendor management programs. Mike also advises clients on negotiating commercial transactions, including privacy, cybersecurity and data monetization issues in commercial contracts and M&A transactions.
In addition, Mike advises on managing AI-related legal risks at each stage of the AI life cycle, including issues related to privacy and cybersecurity, the protection of proprietary information and other commercial assets, fairness and bias, and regulatory compliance. He counsels clients on structuring and implementing cross-functional AI governance and risk management programs and negotiating AI agreements.
A significant part of Mike’s practice focuses on helping clients manage large-scale cybersecurity incidents, including advising on data breach response and notification obligations, providing advice regarding communications strategies, engaging third-party experts, and managing US and international regulatory investigations.
Mike also advises on electronic monitoring and surveillance issues, including under the US Electronic Communications Privacy Act and Foreign Intelligence Surveillance Act, as well as national security rules regulating cross-border data transfers of sensitive data, including the US Department of Justice’s final rule carrying out executive order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.”
Mike is a certified information privacy professional (CIPP/US) by the International Association of Privacy Professionals (IAPP).
Mike’s representative matters include:
- Advising numerous clients on developing and managing global privacy programs, including assessing global legal requirements and developing compliance roadmaps, conducting data protection impact assessments, implementing privacy governance structures, designing policies and procedures, and creating training programs*
- Advising financial services clients on compliance and managing risk associated with privacy, data security and incident response requirements, including under the US Gramm-Leach-Bliley Act and its implementing regulations and guidance and the New York State Department of Financial Services (NYDFS) cybersecurity regulations*
- Assisting numerous clients with implementing AI governance programs, evaluating AI-related legal risks, complying with emerging AI rules and negotiating AI contractual terms*
- Advising numerous clients on building compliance programs and managing risk associated with biometric technology initiatives*
- Representing multiple clients, including in the financial services, consumer technology, critical infrastructure and retail sectors, on global privacy and data security matters, including implementing and enhancing global data protection programs, advising on relevant privacy and cybersecurity requirements, and assisting with data security incidents*
- Advising several fintech companies on global privacy and data security issues, including regulatory compliance, data sharing arrangements, cyber preparedness and incident response*
- Representing numerous multinational companies in managing and responding to global security incidents, including ransomware, supply chain attacks and advanced persistent threats*
- Representing numerous clients in different industries in all aspects of security incident response, including engaging third-party services, directing forensic investigations, conducting breach notification analyses and preparing breach notifications, developing media strategies, and preparing investigative reports*
- Advising clients on cybersecurity governance and proactive security incident readiness activities, including cybersecurity policies and procedures, incident response plans and procedures, tabletop exercises, data breach notification toolkits, and related policies and procedures*
- Advising multinational companies on privacy and cybersecurity due diligence issues associated with corporate transactions*
- Assisting numerous clients with negotiating complex privacy and data security provisions in vendor agreements*
- Advising clients on managing US and international regulatory inquiries in connection with information security incidents, including US Federal Trade Commission, state attorney general, and NYDFS investigations and enforcement actions*
- Counseling numerous clients on compliance and risk mitigation strategies associated with electronic surveillance and monitoring laws, including the California Invasion of Privacy Act*
- Assisting clients with developing and enhancing existing vendor management programs, including preparing due diligence processes and developing data processing agreements and other template privacy and cybersecurity terms*
* Representation handled before joining Cooley
Admissions and credentials
- New Jersey
- New York
Education
-
Duke University School of Law
JD, 2012 -
Duke University
MA, Political Science, concentration in Security Studies, 2012 -
Colgate University
BA, Political Science, magna cum laude, 2008
Rankings and accolades
Legal 500 US: Cyber Law (Including Data Privacy and Data Protection) (2023 – 2026)
Legal 500 US: Technology Transactions (2026)
Global Data Review: 40 Under 40 (2021)