Overview
Mike Bailey is an emerging leader in privacy and cybersecurity who advises and assists clients with data management, cybersecurity, and privacy issues including creating and implementing comprehensive compliance programs, negotiating and closing data-related commercial agreements, data incident response involving phishing campaigns, data extortion, fraudulent transfers and ransomware, and board and management-directed internal investigations of employee allegations concerning cybersecurity and risk management controls.
Mike also uses his experience as a U.S. Army investigating officer to conduct internal corporate investigations, including independent investigations and work for special board committees. He has managed and led investigations into a whistleblower’s complaints regarding internal controls over financial reporting for a U.S. public company, and an engagement investigating an employee’s allegations of deficient cyber risk management at another public company.
Mike provides comprehensive cybersecurity and privacy services. His capabilities include:
Privacy Program Counseling
- Develop comprehensive privacy compliance programs for large businesses and startups to ensure appropriate policies and procedures are in place for laws such as GDPR, CCPA, TCPA, CAN-SPAM, HIPAA, GLBA, NAIC, and state comprehensive privacy laws, etc.
- Draft internal policies and procedures mapped to multijurisdictional privacy requirements including procedures relevant to data subject access requests, product reviews and risk assessments, and employee privacy management.
- Deliver engaging internal training to client employees regarding cybersecurity and privacy best practices and compliance requirements.
Cybersecurity Compliance and Incident Response
- Provide legal counsel to firms looking to build, refine, or assess cybersecurity programs and test incident response procedures.
- Provide immediate support and rapid incident response to clients learning of potential security incidents, serving as a “breach coach.”
- Conduct internal investigations in response to employee-generated complaints and whistleblower actions related to cybersecurity control deficiencies and related regulatory disclosures.
Technology Transactions
- Draft, negotiate, and close commercial transactions involving software as a service (SaaS), managed service provider (MSP), and technology implementation and consulting agreements for both vendors and customers.
- Draft and finalize terms of service and end-user license agreements for mobile apps, SaaS platforms, and web applications.
- Draft, negotiate, and close specialized agreements involving the use and disclosure of personal information.
Certified by the International Association of Privacy Professionals (IAPP) as a certified information privacy professional (CIPP/E/US) and certified information privacy manager (CIPM), Mike has written and presented widely on incident response, cybersecurity program development, and cybersecurity and privacy whistleblower risks. His engagements have included companies in the financial services, insurance, health care, construction, and retail industries.
His prior experience includes serving as in-house counsel at a venture-backed privacy and cybersecurity compliance SaaS startup, a cybersecurity and data privacy associate at a Global Am Law 100 firm, and a commissioned officer in the U.S. Army, where he attained the rank of captain.
Experience
- Negotiated data-related terms in technology transaction agreements including for a large Florida municipality in negotiating the privacy and data security terms of a multiyear technology services agreement pursuant to a municipality-wide digitalization initiative.
- Supported a nationwide gaming company in achieving compliance with emerging cybersecurity and privacy regulations including the Nevada Gaming Control Board’s cybersecurity regulation.
- Represented a regional law firm with large institutional clients in highly regulated industries in investigating, responding to, and remediating a ransomware attack involving highly sensitive matters and personal information.
- Provided legal counsel to a large insurance provider in its development of a health care-related mobile app, assisting its developers with comprehensive state privacy law and health data-related laws such as the Washington My Health My Data Act.
- Worked with a large private university in remediating and responding to a phishing attack, including data subject notices and engagement with education regulators.
- Investigated cybersecurity and privacy compliance on behalf of a publicly traded financial institution in response to claims raised by its employees.
- Investigated a multimillion-dollar publicly traded real estate investment trust in response to claims raised by employees pursuant to Sarbanes-Oxley.
- Defend several companies facing wiretap and TCPA private suits arising from the use of certain website and marketing technologies.
Areas of Focus
Practices
Industries
Insights
Professional & Community Involvement
- International Association of Privacy Professionals
- Chair, South Florida KnowledgeNet
- The Florida Bar
- Cybersecurity and Privacy Law Committee
-
Speaking Engagements
- "Cybersecurity Legislation & Funding, and Practical Cybersecurity Guidance," Florida Municipal Attorneys Association’s 42nd Annual Seminar, Naples, FL (July 25, 2024)
- "How Did I Get Hacked and Fined? Managing and Responding to Cybersecurity Threats and Regulations in 2024 and Beyond," NUCA of Florida Annual Conference, Bonita Springs, FL (July 12, 2024)
- "The Value of Properly Managing Client Information," 2024 Annual Florida Bar Convention, Orlando, FL (June 20, 2024)
- "Cybersecurity Safe Harbor Laws in Theory and Practice," Virtual South Florida KnowledgeNet, International Association of Privacy Professionals (June 11, 2024)
- "Understanding Legal and Regulatory Frameworks Governing Vendor Risk Management and Emerging Issues," Atlanta Bar Association 2024 Data Security and Privacy Symposium (April 17, 2024)
- "SB 262 and Privacy in Florida," International Association of Privacy Professionals (IAPP) Central and South Florida KnowledgeNet (August 24, 2023)
Credentials
Education
- University of Miami School of Law (J.D., cum laude, 2021)
- Florida State University (B.S., 2010)
Bar Admissions
Industry Specialization Certifications
The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.