Ryan Sulkin Photo

Ryan T. Sulkin, CIPP/US, CIPM



Ryan brings a robust background in privacy and cybersecurity to his role at Michael Best, focusing his practice in the areas of information technology, outsourcing, data protection, licensing, e-commerce, and intellectual property. He serves clients across industry sectors, including financial services, hospitality, manufacturing, and pharmaceuticals.

Ryan’s experience with privacy and cybersecurity issues includes compliance with multinational regulatory requirements (specifically cross-border data transfers), evaluation and negotiation of agreements for cloud-based solutions, creation of website privacy policies and terms of use, investigation and management of potential data security incidents, and compliance with PCI-DSS and applicable breach notification laws.

Ryan provides expert counsel to numerous well-known, global consumer and business-to-business brands, including strategic and programmatic approaches to regulatory compliance and pre- and post-breach cybersecurity governance and planning. He has deep experience preparing a variety of agreements for technology-driven transactions, with a focus on complex, high-value, and mission critical transactions for outsourced business processes, software development, licensing, hosting, software-as-a-service, cloud offerings, and complex technical implementations.


Ryan has unique experience advising clients in the hospitality and travel industries, focusing on technologies and services involved with on-property and above-property hotel operations, including:

  • loyalty programs
  • reservations processing
  • electronic distribution
  • revenue management
  • co-branded arrangements
  • property management systems
  • point of sale systems
  • in-room entertainment technologies

In addition, Ryan collaborates with information technology procurement professionals in the hospitality industry on creating standard documents and processes intended to streamline negotiation and purchase processes.


  • Completed proactive cybersecurity reviews for key firm clients, including requirements gathering, standards mapping, data mapping, conducting interviews, providing counsel, and producing final deliverables under the attorney-client privilege.
  • Supported global compliance reviews against the privacy and security laws of a multitude of jurisdictions, to support clients as they create a programmatic approach to privacy compliance across all data and information types.
  • Responded to dozens of data security breaches, including compliance with all regulatory requirements and addressing third party and PR concerns.
  • Conducted table top exercises with multiple clients, including a large insurer, to help the client better prepare for data breaches and other similar incidents, including detailed preparation of the scenario in advance and written and oral de-briefs.
  • Reviewed and advised upon complex PCI-DSS issues with merchants and service providers, including in the M&A context.
  • Designed and executed against GDPR compliance programs for multiple, global clients.
  • Engaged in a significant privacy and security policy review for a large financial services industry client.
  • Represented a large, multinational information technology company in a customized software development, hosting and managed services agreement for a consortium of State purchasers. The representation included negotiating downstream subcontractor agreements.
  • Represented and advised a large, well-known financial institution in its outsourcing of software development and maintenance services across mission critical product and service lines.
  • Represented and advised a large, well-known financial institution in its sourcing of technical consulting services across mission critical business segments.
  • Represented and advised a large, well-known financial institution in its negotiation of agreements with providers of debt collection services.
  • Represented a large, multinational hospitality brand in its exit from a legacy outsourced service provider for managed help desk services, software development and maintenance services and security services, including addressing complex and contentious issues of disentanglement.
  • Represented a large, multinational corporation in procurement of hosting services for mission critical software applications supporting enterprise-wide operations, including key financial and human resources applications.
  • Represented a large, well-known brand in outsourcing of loyalty program technologies, including software development, maintenance and hosting.
  • Represented a large, global brand in its outsourcing of global customer reservation services and back-office accounting services.
  • Represented a large, multinational corporation in migration from legacy email and communication platform to its cloud-based replacement.
  • Represented a large, multinational meeting space brand in its negotiation for and deployment of digital advertising displays across the continental United States.

Honors & Recognitions

  • Next Generation Lawyer, The Legal 500, 2018





back to top