Roya L. Butler is an associate in the Data, Privacy & Cybersecurity Practice group. She has a technical background, which she utilizes to approach her clients' complicated cyber and privacy issues. Roya’s precise attention to detail helps her to identify key issues and create unique strategies accounting for risk tolerance and industry standards.
Roya counsels clients on data privacy and cybersecurity matters including reputational risk management and mitigation. Roya provides guidance on federal, state, and international privacy, cybersecurity, and consumer protection laws and compliance (CCPA/CPRA, CPA, CTDPA, UCPA, VCPA, GLBA, HIPPA/HITECH, COPPA, FCRA, CAN-SPAM, PCI-DSS, TCPA, NY SHIELD Act, GDPR, ePrivacy Directive (ePD), UK GDPR/PECR PIPEDA, and other related legal and regulatory considerations, including drafting GDPR Data Processing Agreements (DPA) and assisting companies build a privacy impact assessment (PIA) framework. She also advises on the adoption of emerging technologies, such as biometrics, artificial intelligence, machine learning (AI/ML), and autonomous vehicle regulation with pragmatic approaches to ethical AI principles. She has experience in drafting and negotiating corporate transactions, including drafting privacy and cyber deal diligence, purchase agreements, red flag memos, and representations and warranties. She has drafted and negotiated technology contracts, including SaaS, IaaS, and PaaS agreements, and has counseled both financial institutions and market participants on a variety of transactional and regulatory matters including compliance with SEC, FINRA and CFTC regulations. She has also advised and participated in large-scale cybersecurity incident investigation, response, and litigation and has advised clients on cookie compliance, ad tech, privacy/security of information of things, cryptocurrency and blockchain, and gaming laws and regulations.
Having clerked for the Federal Trade Commission in the Division of Privacy and Identity Protection; the United States Securities and Exchange Commission in the Enforcement Division's Cyber, Market Abuse, and Trial Units; and at the Department of Defense, Military Commission, Roya has experience investigating regulatory compliance and drafting governmental subpoenas and investigative demands and holds an active Secret Clearance. She also volunteers as a cybersecurity and privacy instructor at CryptoHarlem where she prepares students for cybersecurity and privacy exams, including the CompTIA Security+ SYO-501/601, and IAPP CIPP/E/US.
Roya has worked as a programmer, database administrator, and project manager. She also has experience in cybersecurity as an analyst and a penetration tester and has assisted with and participated in capture the flag competitions, including PicoCTF. She has facilitated Tabletop Exercises (TTX) and advised on incident response planning, including working with Cyber Incident Response Teams (CIRT) and scenario testing through Red Team simulated attacks and Blue Team defense of critical assets.