Rebecca Gerard Photo

Rebecca L. Gerard



Rebecca is an experienced privacy and cybersecurity attorney who works closely with clients to help them protect their data assets and comply with complex regulations. She counsels clients on a range of privacy and data security matters, such as legal issues related to the FTC Act, GDPR, HIPAA, CCPA, CAN-SPAM, TCPA, GLBA, COPPA, CalOPPA, EU Data Protection and E-Privacy Directives, data breach notification laws, and other federal, state, and international regulations.

Rebecca is experienced with the following:

  • Drafting and negotiating complex technology agreements and commercial transactions such as software licenses, e-commerce, SaaS, and cloud agreements, promotional, data-driven marketing, and media agency agreements, and other commercial contracts
  • Advising on consumer-facing contracts and disclosures, disclaimers, privacy policies, terms of service agreements, complex loyalty programs, advertisements, marketing, and promotions, and other customer communications
  • Preparing and negotiating commercial agreements involving the collection, use, and sharing of customer information with third-party service providers and partners
  • Advising on globally reaching cross-border data transfers including drafting and implementing intracompany data transfer agreements to be in compliance with all applicable laws and regulations
  • Responding to government inquiries and investigations from Attorney General’s Office, Office of Civil Rights, and Board of Pharmacy
  • Preparing global information security policies, global end user security policies, and acceptable use policies in compliance with domestic and international law
  • Drafting breach notifications
  • Counseling on privacy and cybersecurity issues related to transactions involving the development, acquisition, and leveraging of information technology assets
  • Assisting with transactions, including acquisitions and divestitures, involving customer information, including conducting privacy-related due diligence, and reviewing and drafting representations and warranties
  • Counseling on privacy and marketing issues related to loyalty programs and the use of loyalty data for marketing and advertising campaigns
  • Drafting privacy and security training directives for employees

Before joining the firm, Rebecca worked in-house at Walgreen Co., where she served as commercial and regulatory counsel for several business units including digital and analytics, marketing, private label brands, and retail products. There, she also advised on privacy regulations for the company’s U.S. and European entities, drafted and negotiated a variety of contracts and agreements, and collaborated with the company’s public policy team to promote initiatives to further the company’s interests.

Professional Activities

  • Member, American Bar Association
  • Member, International Association of Privacy Professionals





back to top