Image of Anna Rudawski

Anna Rudawski

Partner

Anna advises clients on all aspects of cyber risk and data security, helping companies investigate and contain cyber incidents and navigate the regulatory investigations that follow.

She also assists companies to understand their data and design practical risk management and compliance strategies for cybersecurity and privacy. 
Anna works with clients to contain cyber incidents and their effects, investigate their cause and impact, and deliver public and regulatory communications on behalf of clients. As part of her incident response practice, Anna also manages related cross-border regulatory investigations and has successfully defended clients in cyber and privacy-related federal and state investigations. Anna also assists clients with all aspects of cyber risk management and breach preparedness, including leading tabletop exercises, and counseling executives and boards on cybersecurity matters. 

Anna brings distinctive perspective from her time in-house in the pharmaceutical and financial sectors, including as the Vice President of Global Privacy at JPMorgan Chase, to her practice advising clients across their privacy and cybersecurity challenges. Anna works with companies to build, mature, and test privacy compliance and cyber risk management programs. Anna routinely also provides advice regarding the secure handling of confidential and personally identifiable information, as well as on compliance with international, federal and state privacy regulations with an emphasis on life sciences and healthcare data. 

She also provides product counsel to clients on the use of AI, biometric data, and new and emerging technologies. Anna routinely works with clients on issues related to protecting data and assessing cyber risks during transactions or reorganizations, such as M&A deals and drafting and negotiating tailored privacy and data security contract provisions. She also has a significant depth of experience advising clients on how to manage cyber risk following a transaction during the integration period.

Expertise

Experience

Representative matters

  • Managed incident response for one of the largest healthcare companies in the United States.
  • Assisted one of the largest professional services firms in evaluating its privacy and cybersecurity program maturity and reporting findings to its board.
  • Successfully represented several companies in federal investigations brought by federal agencies, including HHS and the FTC, related to large publicly reported data breaches.
  • Assisted numerous Fortune 100 companies in developing incident response and preparedness programs, including conducting exercises and simulations.

Published Work

  • Co-author, "Mic Drop: California AG releases long-awaited CCPA Rulemaking," Bloomberg Law, October 16, 2019 
  • "Healthcare Regulatory and Privacy Issues in Reproductive Technologies and Big Data," ABA Health eSource, American Bar Association, October 18, 2018 
  • "The Future of Cyber Threats: When Attacks Cause Physical Harm," New York Law Journal, June 1, 2018 
  • "Cybersecurity of Toll Roads: Are We There Yet?," Law360, Expert Analysis, March 27, 2018 
  • "Navigating pharma's privacy risks: GDPR and beyond," Pharma Times, March 19, 2018 
  • "Tips for Managing Cybersecurity and Privacy Risks in M&A" Law360, Expert Analysis, April 22, 2021 
  • Anna Rudawski, (February 26, 2024), "Chief information Security Officers and cyber whistleblowing: considerations for boards and breach response teams", Allen & Overy LLP

Speaking Engagements

  • Speaker, A conversation with Tyler Bridegan, Director of Data Privacy & Security Enforcement at the Texas Attorney General’s Office. October 2024
  • Panelist, Third-Party and Fourth-Party Risk Management panel, IIB Information Security & Operational Resilience Conference. May 2024
  • Picture Perfect: Leveraging Biometrics Without Compromising Privacy & Security 
  • Speaker at IAPP Privacy. Security. Risk Summit. October 2022
     

Leadership Positions And Professional Affiliations

  • International Association of Privacy Professionals (IAPP)
  • Certified Information Privacy Professional - United States (CIPP/US), issued by IAPP

Recognition

Lawdragon 500 X
The Next Generation (2023)

Qualifications

Admissions

Registered Foreign Lawyer, England and Wales, 2024

New York State Bar (2014)

Academic

JD, Graduated with Distinction, Brooklyn Law School, 2013

MA, American Literature, The Graduate Center, City University of New York, 2011

BA, Honors, Political Science and English, McGill University, 2008

Disclaimer
A&O Shearman was formed on May 1, 2024 by the combination of Shearman & Sterling LLP and Allen & Overy LLP and their respective affiliates (the legacy firms). Any matters referred to above may include matters undertaken by one or more of the legacy firms rather than A&O Shearman.