Steven M. Hoffer Attorney and Certified Information Privacy Professional, CIPP/US & CIPP/E

Hoffer Law 631 Bridgeway, Sausalito, California 94965

(415) 500-1878 ~ steve@smhoffer.comwww.smhoffer.com

www.hoffer.law(Summary continued)

Steve Hoffer provides counsel to his clients on how to enhance business sales, augment marketing programs, and protect reputational capital. He negotiates and structures agreements for products and services, strategic alliances, partnerships, IP licenses, vendor contacts, outsourcing and teaming agreements, and claim settlements. He advises how to supervise regulatory compliance, deploy cost reduction measures, leverage intellectual property (i.e. trademarks, copyrights, trade secrets, etc.), and ensure business continuity.

Steve advises clients on digital privacy and data security along with appropriate safeguards in view of their corporate risk management goals, data governance needs, privacy policies and security frameworks. He leverages commercial agreements and data protection to transform compliance with privacy law into strategic advantages. His services include:

Developing data privacy policies that comply with applicable law Minimizing risks arising between policy and processing practices Monitoring data flows internally and vetting transfers externally Preparing and improving an incident response plan (IRP) by a team Collaborating with data security, forensics, and law enforcement agencies Managing risk across stakeholders, insurers, regulators, and borders Ensuring compliance with data breach notification laws

While these pages may be attorney advertising or communications and give rise to duties under California law, Steve disclaims any duties under the similar laws of other jurisdictions.

Steve strives to improve brand recognition, cost reduction, and competitive advantages, especially for enterprises with product development goals. He assists businesses by using consumer protection and product differentiation to stimulate brand recognition through privacy by design. He offers guidance on best practices which concern the use of vendors, cloud computing, wireless security (i.e. NIST, etc.), electronic medical records, social networks, and new media. He builds consensus through teamwork and training across disciplines from receptionists through IT security specialists and executives.

Steve has represented regulatory agencies as well as companies facing actual investigations or potential complex litigation claims that influence government relations. He has consulted on many U.S. federal statutory reforms, laws and enforcement policies on unfair trade practices that contrast with EU law, including, for instance, the EU's forthcoming General Data Protection Regulation, the related fate of U.S. Safe Harbor exemption rules, the Umbrella pact, the Referential, and the individual's right to be forgotten in the EU. He is a published author on World Cyberspace Law (Juris Publishing, Inc. 1999), who participates in public-private initiatives and seminars, and is responsible for this communication. Some of these domestic law matters pertain to how to properly develop industry standards and corporate policies in view of evolving norms of constitutionality, jurisdiction, class actions, standing for data breach claims, actual or imminent privacy injury or damages, unfair and deceptive practices, differential pricing programs, discriminatory pricing, antitrust, and big data. Other global questions concern cross-border privacy rules (CBPRs), extraterritoriality, and conflicts of law rules.

Education• B.A., Economics, University of California, Berkeley (UCB), 1980• J.D., University of Utah, School of Law, 1983• LL.M, Virje Universiteit Brussel, International Law, 1988, magna cum laude

California Bar Membership 1983 -- Present

Certifications• International Association of Privacy Professionals (IAPP), CIPP/US 2014• International Association of Privacy Professionals (IAPP), CIPP/E 2015