Kirk Nahra has been a leading authority on privacy and cybersecurity matters for more than two decades. He co-chairs the firm’s Cybersecurity and Privacy Practice as well as the Artificial Intelligence Practice. In recognition of his professional work in these areas, he was named the winner of the 2021 Vanguard Award from the International Association of Privacy Professionals (IAPP)—one of the most prestigious in the privacy field—which recognizes one IAPP member each year who demonstrates exceptional leadership, knowledge and creativity in privacy and data protection. 

Mr. Nahra counsels clients across industries, from Fortune 500 companies to startups, on implementing the requirements of privacy and data security laws across the country and internationally, and he advocates for clients experiencing privacy and security breaches. Mr. Nahra also represents clients in contract and transactional matters, enforcement actions, litigation and investigations related to a wide range of issues before the Federal Trade Commission (FTC), the US Department of Health and Human Services (HHS) Office for Civil Rights, and other state and federal privacy and security regulators. He also represents a wide range of companies across industries on the growing array of complicated legal issues involved in artificial intelligence, including issues involving governance, data rights, data integrity and a wide range of investigation and compliance issues.  

Mr. Nahra is best known for his work with health insurers, hospitals, service providers, pharmaceutical manufacturers and other healthcare industry participants. He has a deep understanding of the privacy and security issues healthcare companies face relating to HIPAA rules, state and federal legislation, enforcement activities, internal investigations, international principles, due diligence in transactions, data breach risk assessments, and the key lines between regulated and unregulated data, including the new categories of laws at the state and federal level regulating particular kinds of health data or “health-like” data. He advises companies across the healthcare industry on artificial intelligence and algorithmic discrimination issues, including assessments of how data can be used and analyzed to improve the overall operation of the healthcare system.  

In recent years, Mr. Nahra has represented technology companies, advertising service providers, financial services companies, hospital systems, health insurers, healthcare technology companies, consumer products companies and others in front of the FTC, the HHS Office for Civil Rights, State Attorneys General and other privacy and security regulatory agencies. He advises clients on avoiding privacy and security investigations, navigating situations where investigations are likely, and then handling both the actual investigation and related issues involving consumers, customers, legislators, regulators and others. These projects involve not only the growing variety of privacy and security laws but also the increasing legislative and regulatory focus on the development of appropriate rules for artificial intelligence amid concerns about how this new technology will impact consumers and others.  

Mr. Nahra has substantial experience working with clients in the financial services and insurance industries on privacy and data security matters relating to the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, data aggregation and sharing practices, and privacy and data security compliance under a wide range of state and federal laws. He also has a breadth of experience drafting and evaluating data security practices and policies across varying industry standards, has investigated and litigated potential fraud against insurers, and has assisted with the development and oversight of corporate compliance programs. 

Additionally, Mr. Nahra is well versed in a variety of other privacy and consumer protection issues, including marketing laws pertaining to email, phone and online communications; the Children’s Online Privacy Protection Act; and the Family Educational Rights and Privacy Act of 1974.