Faculty: Steven B. Roosa

Roosa 150Steven B. Roosa advises companies on a wide spectrum of technology and legal issues pertaining to privacy and data security. Steve serves as partner at Norton Rose Fulbright’s New York office and oversees the development of the firm’s privacy compliance tool suite, NT Analyzer.

NT Analyzer is a practical tool suite for managing privacy compliance in mobile apps, websites and IoT. It is able to read an end-user network traffic capture, detecting and tracking the full range of personally identifiable information that is being shared with third parties, and then maps that data to the applicable privacy laws. Additionally, NT Analyzer analyzes code associated with the “fingerprinting” of browsers as well as data used for “fingerprinting” mobile devices.

In addition to his work with NT Analyzer, Steve advises clients on privacy and data protection at all stages of the development lifecycle from setting initial specifications up through wireframes, beta versions, and post-release. This includes consumer-facing applications and sites in financial services, healthcare, rich media content (including OTT video), retail, telecommunications, and hospitality areas to name a few. He also advises clients regarding their own and third party application programming interfaces (APIs) and software development kits (SDKs).

Steve also advises clients on GDPR planning, privacy program documentation, internal data handling policies, and security planning and policies. On emergency privacy or security issues relating to consumer-facing applications and interfaces, he will also work with incident response teams in responding to regulatory investigations, media inquiries, and “bug bounty” security researchers.

Other representative matters include: mobile app privacy compliance; leveraging anonymity solutions to help clients safely unlock the value of large data sets; Internet tracking; web security; geo-fencing; FTC compliance; privacy considerations related to modified network protocols; California best practices for websites and mobile apps; compliance with wiretap statutes and the Electronic Communications Privacy Act (ECPA); public-key infrastructure (PKI) issues; and certification authority matters pertaining to online trust.

Typical clients span jurisdictions and industries and include: global companies, media companies, Fortune 500 corporations, financial services entities, healthcare providers, life sciences companies, privately held companies, large retailers, technology companies, small and medium size businesses, and non-profit entities.