Amy de La Lama

Amy de La Lama
  1. People /

Amy de La Lama

Amy de La Lama

Partner

Amy de La Lama
  1. People /

Amy de La Lama

Amy de La Lama

Partner

Amy de La Lama

Partner

Boulder

Partner; Chair – Global Data Privacy and Security Practice; and Global Practice Group Leader – Technology, Commercial and Government Affairs

T: +1 303 417 8535

VcardVcard
Download PDFDownload PDF
Print
Share

Biography

Amy is the Global Practice Group Leader for Technology, Commercial & Government Affairs and also the Chair of the Firm’s Global Data Privacy and Security Practice. She has nearly two decades of experience in global privacy, data security and cyber security with a specific focus on health care privacy and security issues. She provides advice to a wide range of multi-national pharmaceutical, life sciences and medical device companies, as well as retail companies, online businesses, B2B companies, and other types of organizations regarding these issues. Amy has deep experience guiding health care clients through the development and implementation of broad-based privacy compliance programs as well as advising on GDPR and similar global privacy laws in addition to CCPA, HIPAA and other US privacy law issues. She assists regularly with transactions involving complex health privacy issues and also advises organizations on emerging health tech issues, including those related to the collection of health and medical data in the context of digital advertising and the use of this and other sensitive data for AI/machine learning purposes.  Amy regularly assists organizations navigate the full life cycle of security incidents and data breaches as well as with breach preparedness and remediation. 

Civic Involvement & Honors

  • The Best Lawyers in America, Privacy and Data Security Law (2023)
  • Chambers USA- Nationwide, Privacy & Data Security, "Up and Coming" (2023)
  • Legal 500 US, Next Generation Lawyer in Cyber Law (including Data Privacy and Data Protection), 2019 - 2020

Professional Affiliations

  • Certified Information Privacy Practitioner
  • Illinois State Bar Association - Member
  • Colorado Bar Association – Member

AI Legislation Snapshot

To help companies achieve their business goals while minimizing regulatory risk, our team actively tracks proposed and enacted AI regulatory bills from across the Unites States to enable our clients to stay informed in this rapidly-changing regulatory landscape.

AI Legislation Snapshot

To help companies achieve their business goals while minimizing regulatory risk, our team actively tracks proposed and enacted AI regulatory bills from across the Unites States to enable our clients to stay informed in this rapidly-changing regulatory landscape.

Admissions

  • Illinois, 2004
  • Colorado, 2001

Education

  • University of Colorado, J.D., Order of the Coif, 2001
  • University of Virginia, B.A., high honors, 1996
  • University of Virginia, B.A., summa cum laude, 1996

Resources

Publications

Speaking Engagements

Related Insights

Insights
Oct 01, 2024

From Code to Compliance: Essential Steps to Adapt to Colorado’s New AI Law

On May 17, 2024, Colorado’s Governor Jared Polis signed into law The Colorado AI Act (SB205).  SB205 will take effect on February 1, 2026, and regulates the use of certain high-risk artificial intelligence (AI) systems. While the 2026 effective date could lull companies into thinking that preparing for the law can wait, its complex requirements will demand timing and planning to address. Additionally, Colorado is not the only US state to step into the ring of AI regulation and enforcement, and many of the steps needed to prepare for the SB205 will help build a compliance foundation for meeting other emerging laws. To help companies begin this process, we have prepared an overview of the law and identified essential compliance steps businesses should take now.
Insights
Aug 13, 2024

Arizona Spy Pixel Class Action Litigation Update

Recently filed class action complaints allege that companies that utilize embedded trackers within emails, or “spy pixels” as the plaintiffs are calling them, violate Arizona law because they collect a “communication service record” without first obtaining the consumer’s consent.
Insights
May 30, 2024

New HHS Guidance on Cookies

Related Insights

Blog Post
Nov 06, 2024
The SEC is watching: four companies charged for misleading cyber disclosures
Insights
Oct 28, 2024
Key Concepts In Privacy Law for Insurance Companies: Part 1 – GLBA
Insights
Oct 01, 2024
From Code to Compliance: Essential Steps to Adapt to Colorado’s New AI Law
On May 17, 2024, Colorado’s Governor Jared Polis signed into law The Colorado AI Act (SB205).  SB205 will take effect on February 1, 2026, and regulates the use of certain high-risk artificial intelligence (AI) systems. While the 2026 effective date could lull companies into thinking that preparing for the law can wait, its complex requirements will demand timing and planning to address. Additionally, Colorado is not the only US state to step into the ring of AI regulation and enforcement, and many of the steps needed to prepare for the SB205 will help build a compliance foundation for meeting other emerging laws. To help companies begin this process, we have prepared an overview of the law and identified essential compliance steps businesses should take now.
Insights
Sep 12, 2024
Navigating a Security Incident - Communication “Dos” and “Don’ts”
Insights
Sep 10, 2024
Navigating a Security Incident - Best Practices for Engaging Service Providers
Insights
Aug 13, 2024
Arizona Spy Pixel Class Action Litigation Update
Recently filed class action complaints allege that companies that utilize embedded trackers within emails, or “spy pixels” as the plaintiffs are calling them, violate Arizona law because they collect a “communication service record” without first obtaining the consumer’s consent.
Insights
Jul 01, 2024
Is Your Company Vulnerable to a Mass Arbitration Attack?
Insights
May 30, 2024
New HHS Guidance on Cookies
News
May 30, 2024
Partner Amy de Lama and Associate Andrea Rastelli share insights on Washington My Health My Data Act FAQs: Data Subject Rights