Privacy law is no longer a single statute — it is a layered, multi-jurisdictional compliance framework that touches every part of how a business collects, uses, and shares personal information. Rob advises US businesses on compliance with the General Data Protection Regulation (GDPR) and UK GDPR, the California Consumer Privacy Act and CPRA, and the growing number of US state privacy laws now in effect in Virginia, Colorado, Connecticut, Texas, Washington, and more than a dozen other states. He negotiates and drafts data processing addendums, standard contractual clauses, and data transfer impact assessments for international data flows. He conducts privacy program gap assessments, advises on privacy notices and consent mechanisms, and guides clients through the operational requirements of responding to data subject rights requests. He also advises service providers and processors on their obligations under the CCPA and GDPR — a frequently overlooked but high-stakes compliance area.

Artificial intelligence is generating regulatory obligations faster than most businesses can track. Rob advises companies developing, deploying, or integrating AI systems on their obligations under the EU AI Act (including its tiered risk classification system and the specific compliance requirements for high-risk AI applications and general-purpose AI models), US state AI laws including California’s suite of AI transparency and accountability statutes and similar laws in Colorado and Utah, and emerging federal guidance from agencies including the FTC and NIST. He advises on AI governance frameworks, AI-specific contractual provisions, consumer disclosure requirements for AI-generated content and AI-driven decisions, and the data protection implications of using personal data to train and operate AI models. He also advises businesses deploying agentic AI — autonomous AI systems that take actions and make decisions without continuous human oversight — on the distinct legal and compliance risks those systems create.

Healthcare is one of the most heavily regulated sectors in the US economy, and the intersection of healthcare with technology and AI is generating new compliance challenges at a rapid pace. Rob advises covered entities and business associates on HIPAA compliance, including Privacy Rule and Security Rule obligations, minimum necessary standards, breach notification requirements, and the negotiation and drafting of business associate agreements. He advises on the use of AI and machine learning in clinical and administrative healthcare settings, and mobile health applications.

Intellectual property is among the most valuable assets that technology companies, startups, and creative businesses own — and among the assets most frequently lost through inadequate legal protection. Rob advises businesses on the full range of US intellectual property law: copyright ownership and registration, trademark clearance, application, and registration, patent strategy and avoidance of infringement, trade secret protection under the Defend Trade Secrets Act, and the drafting and enforcement of invention assignment and confidentiality agreements. He advises on IP ownership issues in employment and contractor relationships, on the business ownership of works made for hire, and on the handling of trademark and copyright infringement when it arises — whether the business is the rights holder seeking to enforce its IP or the accused infringer assessing its exposure.

Employment law compliance is a persistent and evolving challenge for US businesses, particularly those with multi-state workforces, remote employees, or operations in states with aggressive employment regulation. Rob advises employers on the full life cycle of the employment relationship: compliant hiring practices and offer letters, background check compliance under the FCRA, proper worker classification to avoid misclassification liability, wage and hour compliance, noncompete and non-solicitation agreements, reasonable accommodation obligations, WARN Act compliance for layoffs and plant closings, severance agreements, and the legal requirements governing terminations and reductions in force. He also advises on internal investigations involving employee misconduct, harassment, or retaliation allegations, and on the distinct compliance obligations that arise when companies hire internationally through employer-of-record or professional employer organization arrangements.

US sanctions and export control regimes are among the most complex and rapidly changing areas of regulatory law, with significant criminal and civil exposure for companies that get them wrong. Rob advises businesses on compliance with OFAC sanctions programs — including the SDN List and comprehensive country embargoes — and on screening obligations under the OFAC, BIS Denied Persons List, and other government exclusion lists. On the export controls side, he advises on compliance with the Export Administration Regulations (EAR) administered by BIS, including export classification, license determinations, deemed export compliance, end-user screening, and voluntary self-disclosure when violations occur. He also advises on ITAR compliance for companies dealing with defense articles and services on the US Munitions List, and on the supply chain due diligence obligations imposed by the Uyghur Forced Labor Prevention Act.

The Foreign Corrupt Practices Act imposes criminal and civil liability on US companies and individuals — and on foreign companies with US connections — for bribery of foreign government officials and for failures of accounting controls that allow corruption to occur. FCPA enforcement has remained aggressive across administrations and carries penalties that can reach hundreds of millions of dollars. Rob advises companies on the full spectrum of FCPA compliance: understanding who is covered and what conduct is prohibited, designing and implementing FCPA compliance programs and third-party due diligence processes, responding to red flags and potential violations, conducting internal investigations, and navigating the voluntary self-disclosure process with the Department of Justice and SEC when violations are discovered. He also advises on related anti-corruption frameworks including the UK Bribery Act and the DOJ’s new Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy.

Attorney-client privilege is the foundation of confidential legal advice, and maintaining it in complex corporate environments requires careful attention to who is involved in communications, in what capacity, and for what purpose. Rob advises in-house legal teams, compliance officers, and business managers on how to protect privilege in internal investigations, in communications involving non-lawyer professionals, in multi-jurisdictional matters, and in the age of AI-assisted legal work. He advises on the attorney work product doctrine, on the risks of inadvertent waiver, and on how to structure internal communications and document retention practices to preserve privilege under pressure. He also conducts and oversees internal investigations involving potential legal violations, regulatory misconduct, and employee complaints.

Directors and officers of US corporations face a complex web of fiduciary obligations, regulatory duties, and personal liability exposure that has grown significantly more demanding in recent years. Rob advises boards, executives, and general counsel on the core fiduciary duties of directors and officers, the business judgment rule, the Caremark standard for board oversight of compliance risk, director independence requirements, audit committee obligations, D&O insurance program structure and coverage disputes, indemnification agreements, and the governance dimensions of cybersecurity, AI, and ESG risk. He also advises private companies and their founders and investors on governance structures, shareholder agreements, and the management of governance-related disputes.