Profile
Karin E. Ross focuses her practice on data privacy, cybersecurity, and technology transactions. Karin counsels a diverse array of clients from startups to Fortune 500 companies in both local and global markets. She works closely with clients on designing and implementing data privacy and security compliance programs and helps clients understand and comply with the complex patchwork of existing and emerging state, federal, and international data privacy laws and regulations. Karin regularly counsels clients on the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act of 2020 (CPRA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Virginia Consumer Data Protection Act (VCDPA), the Gramm Leach Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA). Her experience spans a range of industries including consumer goods, medical technology, financial services, e-commerce, and restaurants.
Karin also has substantial experience in drafting and negotiating commercial and technology agreements, including data licensing agreements, cloud and software-as-a-service agreements, software license agreements, professional services agreements, and website terms and conditions.
Karin formerly served as in-house corporate counsel at a Fortune 500 health care company where she supported regulatory compliance efforts related to health care and clinical research activities. She draws upon her in-house experience to provide clients practical advice and creative strategies for meeting their compliance obligations.
Concentrations
- U.S. privacy compliance (including federal and state laws and regulations)
- International privacy compliance (including GDPR)
- Cross-border data transfers
- Privacy and technology-related contracts (including data processing agreements) and vendor management
- Privacy compliance policies and procedures (including privacy policies, privacy impact assessments, data inventories, etc.)
- Business associate agreements and clinical trial agreements
Capabilities
Experience
- Corporate Counsel, DaVita Inc., 2016-2018
- Contract Specialist, Children’s Hospital Colorado, 2015-2016
- Judicial Intern, Chief Justice Michael L. Bender, Colorado Supreme Court, 2013
Recognition & Leadership
- Listed, The Legal 500 United States, Media, technology and telecoms - Cyber law (including data privacy and data protection) , 2024
- Selected, BTI Client Service All-Stars Report, “Client Service All-Stars,” 2024
- Listed, The Best Lawyers in America, “Ones to Watch,” 2023-2025
- Technology Law, 2023-2025
- Privacy and Data Security Law, 2024-2025
- Team Member, a U.S. News - Best Lawyers® "Best Law Firms," "Law Firm of the Year" in Information Technology Law, 2024
- Member, International Association of Privacy Professionals (IAPP), 2018-present
- Member, Association of Corporate Counsel (ACC), 2016-2018
- Member, American Health Lawyers Association, 2016-2018
Credentials
- J.D., University of Colorado
- B.A., magna cum laude, University of Pennsylvania
- Colorado
News, Insights & Events
Karin is a contributor to the Data Privacy Dish Blog 