Skip to main content

Roya L. Butler is an associate in the Data, Privacy & Cybersecurity Practice group. She has a technical background, which she utilizes to approach her clients' complicated cyber and privacy issues. Roya’s precise attention to detail helps her to identify key issues and create unique strategies accounting for risk tolerance and industry standards.

Roya counsels clients on data privacy and cybersecurity matters including reputational risk management and mitigation. Roya provides guidance on federal, state, and international privacy, cybersecurity, and consumer protection laws and compliance (CCPA/CPRA, CPA, CTDPA, UCPA, VCPA, GLBA, HIPPA/HITECH, COPPA, FCRA, CAN-SPAM, PCI-DSS, TCPA, NY SHIELD Act, GDPR, ePrivacy Directive (ePD), UK GDPR/PECR PIPEDA, and other related legal and regulatory considerations, including drafting GDPR Data Processing Agreements (DPA) and assisting companies build a privacy impact assessment (PIA) framework. She also advises on the adoption of emerging technologies, such as biometrics, artificial intelligence, machine learning (AI/ML), and autonomous vehicle regulation with pragmatic approaches to ethical AI principles. She has experience in drafting and negotiating corporate transactions, including drafting privacy and cyber deal diligence, purchase agreements, red flag memos, and representations and warranties. She has drafted and negotiated technology contracts, including SaaS, IaaS, and PaaS agreements, and has counseled both financial institutions and market participants on a variety of transactional and regulatory matters including compliance with SEC, FINRA and CFTC regulations. She has also advised and participated in large-scale cybersecurity incident investigation, response, and litigation and has advised clients on cookie compliance, ad tech, privacy/security of information of things, cryptocurrency and blockchain, and gaming laws and regulations.

Having clerked for the Federal Trade Commission in the Division of Privacy and Identity Protection; the United States Securities and Exchange Commission in the Enforcement Division's Cyber, Market Abuse, and Trial Units; and at the Department of Defense, Military Commission, Roya has experience investigating regulatory compliance and drafting governmental subpoenas and investigative demands and holds an active Secret Clearance. She also volunteers as a cybersecurity and privacy instructor at CryptoHarlem where she prepares students for cybersecurity and privacy exams, including the CompTIA Security+ SYO-501/601, and IAPP CIPP/E/US.

Roya has worked as a programmer, database administrator, and project manager. She also has experience in cybersecurity as an analyst and a penetration tester and has assisted with and participated in capture the flag competitions, including PicoCTF. She has facilitated Tabletop Exercises (TTX) and advised on incident response planning, including working with Cyber Incident Response Teams (CIRT) and scenario testing through Red Team simulated attacks and Blue Team defense of critical assets.

Capabilities

Experience

  • Analyzed encryption standards under The National Institute of Standards and Technology (NIST) Special Publication 800-57, Federal Financial Institutions Examination Council (FFIEC), and The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule and drafted recommendations for fund management client.°
  • Drafted GDPR Data Processing Agreement (DPA) to be in line with UK IDTA and EU SCCs for international technology professional association.°
  • Analyzed cookie banner of international medical device company and drafted recommendations to comply with GDPR, ePrivacy Directive, UK GDPR/PECR.°
  • Analyzed cookies and privacy policy for global television production company and drafted CCPA-compliant, layered website policy.°
  • Advised various clients on SPI opt-out compliance under the CPRA, and pursuant to the proposed changes to the CCPA Regulations.°
  • Advised various clients on differences in SPI treatment in various privacy regulations including CPRA, CPA, CTDPA, UCPA, VCPA.
  • Advised various clients on opt-out notice concerning possible uses of SPI in the privacy policy/notice of collection.°
  • Advised major wine company on applicable laws and obligations including Illinois’ Biometric Information Privacy Act (BIPA) and GDPR requirements in relation to the processing of employees’ biometric data, including consent form, privacy notice, and retention policies.°
  • Advised international technology professional association on Virginia’s privacy law and exemptions in light of the Virginia Nonstock Corporation Act and Internal Revenue Code nonprofit filing status.°
  • Drafted layered-privacy policy for B2B interactive marketing company.°
  • Drafted law enforcement policy for full-stack development company and advised client of the policy’s purpose, flagging open issues to be addressed.°
  • Created chat outlining GDPR compliance steps for full-stack development company and advised client of high priority compliance obligations including guidance on cookie compliance under GDPR.°
  • Analyzed virtual data room in preparation of client call and privacy and cybersecurity deal diligence for client acquisition of major supermarket chain.°
  • Assessed company's data security policies, protocols and systems, monitoring capabilities and audits, business continuity and disaster recovery capabilities; conducted privacy impact assessments and updated and enhanced information security policies and procedures.°
  • Advised multinational technology company on compliance with the TCPA and CAN-SPAM.°
  • Advised multinational technology company on international privacy laws including Canada, Mexico, Australia, Indonesia, and European law.°
  • Drafted privacy policy for multinational technology company including location-based policies, data segregation via access controls; drafted layered privacy notice with version control; assessed vendor management contract including confidentiality and end of relationship provisions.°
  • Advised, drafted, and revised clients’ internal privacy, and security policies and procedures, including data collection, classification, retention, destruction; assessed data flows and evaluated vulnerabilities; ensured compliance with applicable laws, rules and regulations.°
  • Advised major Internet company regarding U.S. and international privacy law, including cross-border transfer requirements.°
  • Drafted Purchase Agreements, Representations and Warranties, Red Flag Memorandum, and Privacy Diligence Inserts for various clients on both buy and sell side of M&A deals including consideration of PCI-DSS, CAN-SPAM, TCPA, HIPPA, CCPA, GDPR.°
  • Analyzed and assessed digital assets under Howey, drafted memoranda; compliance with federal regulation including SEC, CFTC, and FinCEN.°

°The above representations were handled by Ms. Butler prior to her joining Greenberg Traurig, LLP.

  • International Association of Privacy Professionals (IAPP) CIPP/E/US
  • CompTIA Security+ SYO-501/601
  • Research Associate, The Federalist Society, Freedom of Thought Project, 2021
  • Journalist, The Daily Pennsylvanian, 2012-2013
  • Journalist, 34th Street, 2012-2013
  • Law Clerk, Department of Defense, Spring/Summer 2020
  • Extern, Enforcement Division, Trial Unit, U.S. Securities and Exchange Commission, Fall 2019
  • Summer Honors Program, Enforcement Division, Cyber and Market Abuse Units, U.S. Securities and Exchange Commission, Summer 2019
  • Extern, Bureau of Consumer Protection, Division of Privacy and Identity Protection, Federal Trade Commission, Spring 2019

Recognition & Leadership

  • Harvard Journal of Law and Technology, ranked 2nd in submissions, 2021
  • Hacker-level, HacktheBox, 2017-Present
  • Lock-picking Village Badge Winner, DefCon, 2018
  • Pro Bono Cybersecurity Instructor, CryptoHarlem, 2021-Present
  • Member, International Association of Privacy Professionals (IAPP), 2021-Present
  • Member, National Association of Women Lawyers (NAWL), 2022-Present
  • Pro Bono Attorney, Washington Area Lawyers for the Arts (WALA), 2021
  • Pro Bono Attorney, National Veterans Legal Service Program (NVLSP), 2021
  • Founder and President, Georgetown Law Cyberlaw Society (GLCS), 2016-2020
  • Member, Georgetown Asian Pacific American Law Students Association (APALSA), 2016-Present
  • Art Gallery Owner, Threeayedee.com, 2013-Present

Credentials

Education
  • J.D., Georgetown University Law Center
    • Senior Staff Editor, Georgetown Journal of Law and Public Policy
  • B.B.A., The Wharton School, University of Pennsylvania
    • Senior Staff Editor and Journalist, The Wharton Journal
Admissions
  • District of Columbia
Admitted in the District of Columbia. Not admitted in California.
Languages
  • Farsi, Conversational
  • German, Basic
  • French, Basic
  • Danish, Basic
  • Japanese, Basic