Gabrielle A. Harwell

Gabrielle A. Harwell
  1. People /

Gabrielle A. Harwell

Gabrielle A. Harwell

Associate

Gabrielle A. Harwell
  1. People /

Gabrielle A. Harwell

Gabrielle A. Harwell

Associate

Gabrielle A. Harwell

Associate

Chicago

T: +1 312 602 5143

VcardVcard
Download PDFDownload PDF
Print
Share

Biography

Gabrielle Harwell is an associate in the Chicago office. Ms. Harwell represents emerging and established companies in data privacy and security matters, as well as commercial matters and technology transactions.

Gabrielle’s experience spans a range of industries, including retail, healthcare, and financial services. Gabrielle advises companies on compliance obligations under privacy laws, such as the Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), and the General Data Protection Regulation (GDPR), along with state-level requirements.

Gabrielle also has experience advising companies on commercial matters and technology transactions, such as supply agreements, purchase agreements, outsourcing agreements, cloud agreements, and advertising matters.

Gabrielle graduated from the University of Michigan Law School where she was the president of the National Security Law Society, Associate Editor of the Michigan Journal of International Law, and a Dean’s Scholarship Award Recipient. While in law school, Gabrielle externed for the United Nations High Commissioner for Refugees (UNHCR) in the Protection Policy and Legal Advice unit in Geneva, Switzerland to support efforts to protect refugees. She also worked as a student attorney for the Human Trafficking Clinic for two semesters.

Prior to arriving at the firm, Gabrielle interned for the Supreme Court of the State of Wisconsin.

Admissions

  • Illinois, 2021

Education

  • University of Michigan, J.D., 2021
  • University of Michigan, B.A., Honors, 2018

Related Insights

Insights
Jan 04, 2024

Pressure-testing your privacy program for 2024

With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s overall risk compliance strategy. As part of this process, companies must pressure-test their privacy programs regularly to make sure they appropriately address existing and emerging risks while maximizing business gains.  A comprehensive review is not always possible, but it is important to keep in mind that the last several years have seen a wave of new state privacy laws as well as activity at the federal level that promises to challenge even the most well-developed privacy team.  To help companies develop a strategy tailored to 2024, we have highlighted a few key issues below that will be particularly relevant over the coming year.
Insights
Jul 25, 2023

VPPA trends: considerations for limiting exposure

In recent months, organizations have been dealing with an emerging wave of lawsuits from an unexpected source: the VPPA. The Video Privacy Protection Act (“VPPA”), originally intended to prevent “wrongful disclosures” of video tape sale and rental data from companies like Blockbuster and Family Video, is being rehabilitated by the plaintiffs’ bar to target any video content appearing on websites. Plaintiffs are now alleging that website operators using embedded videos are knowingly disclosing data to third parties through pixels and similar tracking technologies. For organizations caught in the crosshairs, violations of the law may result in statutory damages of $2,500 per violation, as well as attorneys’ fees, other monetary relief, and preliminary injunctive relief.[1] Given the large number of users who may access a single website, class actions under the VPPA have resulted in substantial settlements, ranging from $9 million to $92 million.[2]
Insights
Oct 19, 2022

Cyber Incident Reporting for Critical Infrastructure Act, in ‘Privacy & Cybersecurity Law Report’

Global Data Privacy & Security Chair Amy de la Lama, Counsel Lori Van Auken and Associate Gabrielle Harwell authored an article published in the October edition of Privacy & Cybersecurity Law Report concerning cyber incident reporting for the Critical Infrastructure Act. The article outlines what critical infrastructure entities need to know about the new reporting rules under the Cyber Incident Reporting for Critical Infrastructure Act – now and in the future.
Insights
Sep 29, 2022

CPRA Update: September 23, 2022

Related Insights

Insights
Dec 02, 2024
Navigating Consumer Opt-Outs in Corporate Transactions: Insights on California’s AB 1824
Insights
Jan 04, 2024
Pressure-testing your privacy program for 2024
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s overall risk compliance strategy. As part of this process, companies must pressure-test their privacy programs regularly to make sure they appropriately address existing and emerging risks while maximizing business gains.  A comprehensive review is not always possible, but it is important to keep in mind that the last several years have seen a wave of new state privacy laws as well as activity at the federal level that promises to challenge even the most well-developed privacy team.  To help companies develop a strategy tailored to 2024, we have highlighted a few key issues below that will be particularly relevant over the coming year.
Insights
Dec 28, 2023
California's Delete Act: a first of its kind data broker law
Insights
Nov 03, 2023
Cookies banners and beyond: how to avoid common mistakes
News
Oct 06, 2023
BCLP advises SoFi in landmark naming rights and presenting sponsorship deal with new TGL Golf League
Insights
Jul 25, 2023
VPPA trends: considerations for limiting exposure
In recent months, organizations have been dealing with an emerging wave of lawsuits from an unexpected source: the VPPA. The Video Privacy Protection Act (“VPPA”), originally intended to prevent “wrongful disclosures” of video tape sale and rental data from companies like Blockbuster and Family Video, is being rehabilitated by the plaintiffs’ bar to target any video content appearing on websites. Plaintiffs are now alleging that website operators using embedded videos are knowingly disclosing data to third parties through pixels and similar tracking technologies. For organizations caught in the crosshairs, violations of the law may result in statutory damages of $2,500 per violation, as well as attorneys’ fees, other monetary relief, and preliminary injunctive relief.[1] Given the large number of users who may access a single website, class actions under the VPPA have resulted in substantial settlements, ranging from $9 million to $92 million.[2]
Insights
Oct 19, 2022
Cyber Incident Reporting for Critical Infrastructure Act, in ‘Privacy & Cybersecurity Law Report’
Global Data Privacy & Security Chair Amy de la Lama, Counsel Lori Van Auken and Associate Gabrielle Harwell authored an article published in the October edition of Privacy & Cybersecurity Law Report concerning cyber incident reporting for the Critical Infrastructure Act. The article outlines what critical infrastructure entities need to know about the new reporting rules under the Cyber Incident Reporting for Critical Infrastructure Act – now and in the future.
Insights
Sep 29, 2022
CPRA Update: September 23, 2022
Insights
Sep 19, 2022
Global Privacy Signaling: the trendsetting opt-out mechanism