Overview

As chair of Fredrikson’s Data Privacy & Security Group, Sten partners with clients to address two of their most significant risks—cybersecurity and privacy.

Sten assists clients in proactively mitigating the risk of cybersecurity incidents and data breaches, including by developing information security programs and policies. And in the event a client suspects a data breach, he leads and coordinates the breach response, counsels the client on notification obligations to affected individuals, customers or third parties, and assists in the response to legal and regulatory inquiries.

Sten also helps clients navigate the myriad legal obligations relating to the data they process, such as complying with national and international data privacy laws, developing and implementing security and privacy policies and procedures, and evaluating security and privacy risks associated with company practices, corporate mergers and acquisitions, and new products and technologies (including those involving big data and artificial intelligence). Sten is a Certified Information Privacy Professional accredited by the International Association of Privacy Professionals and serves as counsel to the Firm on privacy and security issues.

Sten’s litigation practice involves representing clients in data protection, privacy and cybersecurity-related disputes. Sten has tried cases in state and federal courts and represented clients before various appellate courts.

Sten has received numerous accolades during his career, including being named an “Attorney of the Year” in 2015 by Minnesota Lawyer and a “Rising Star” from 2012-2017 by Super Lawyers magazine. Sten also led a team of Fredrikson lawyers in a high-profile pro bono human trafficking lawsuit, for which the team was awarded the Global Pro Bono Dispute of the Year and Global Citizenship Awards by The American Lawyer magazine.

Services

Experience

Cyber Incident Planning, Investigation, & Response

Sten has assisted myriad clients in preparing for and responding to cybersecurity incidents. Through such matters, Sten has assisted clients in navigating the breach notification laws for all 50 states, Canada, and the European Union, and has formed strong working relationships with law enforcement, IT security vendors, and public relations companies. Some of Sten’s representative experience includes:

  • Represented manufacturing company in responding to a phishing attack involving in the potential compromise of sensitive HR data relating to 15,000+ employees located throughout the U.S. and Canada, which occurred during the company’s acquisition by a third party.
  • Advised major franchisee in responding to sophisticated compromise involving servers containing data on 5000+ current and former employees located in multiple states.
  • Assisted public company in resolving a wire transfer fraud with seven-figure losses as the result of a spearphishing campaign against a vendor.
  • Served as outside cybersecurity counsel to device company on various issues, including updating its incident response plan and procedures, preparing cyber risk disclosures for the Company’s SEC filings, and navigating critical infrastructure vulnerability sharing requirements.

Privacy Compliance

As a Certified Information Privacy Professional, Sten regularly advises clients regarding state, federal, and international laws pertaining to the privacy of personal information. Some of Sten’s representative experience includes:

  • Served as outside privacy counsel to dozens of consumer business across industries in analyzing, developing, and coordinating compliance plans for the CCPA and GDPR. By way of example, counsel to major managed services and utility companies in CCPA assessment and compliance efforts.
  • Assisted advertising, marketing and ad-tech companies in assessing implication of, and complying with, privacy laws relating to personal information processing practices.
  • Represented numerous clients in drafting and negotiating privacy- and security-related provisions for vendor and service provider contracts.
  • Assisted major non-profits and ed-tech companies in compliance with privacy laws relating to children and students, including COPPA and FERPA.

Data Privacy & Security-Related Mergers & Acquisitions

Sten has assisted clients in analyzing and mitigating potential data privacy and security risks in connection with hundreds of mergers and acquisitions deals across industries, as well as advising on post-closing remediation and compliance strategies.

Credentials

Education

  • University of Minnesota Law School, J.D., cum laude
  • Colorado College, B.A., Environmental Science, cum laude

Admissions

  • Minnesota, 2006
  • New York, 2005 (inactive)
  • U.S. District Court for the District of Minnesota, 2006
  • U.S. Court of Appeals for the Eighth Circuit, 2007

Recognition

  • Minnesota Super Lawyers Rising Star, 2012-2017
  • Attorney of the Year, Minnesota Lawyer, 2015
  • North Star Lawyer, Minnesota State Bar Association, 2013-2015

Civic & Professional

Professional Activities

  • Volunteer Lawyers Network, Board Member and Housing Clinic Volunteer
  • Federal Bar Association
  • Minnesota State Bar Association
  • Minnesota Law Review, Managing Editor, 2003-2004; Staff Member, 2002-2003
  • Alpha Lambda Delta Honor Society, Member

Community

  • HandsOn Twin Cities, Board Member, 2009-2012; Treasurer, 2011-2012
  • Legal Assistance to Disadvantaged, Former Committee Member
  • Dedicated more than 50 hours to pro bono matters in each of the past 6 years

News & Insights

Publications & Presentations

Co-Presenter, Best Practices in M&A for Analyzing a Target Company’s Privacy and Data Security, 2023 Midwest Legal Conference on Data Privacy and Cybersecurity, Minnesota CLE, February 2023

Presenter, Cybersecurity Basics: What Every Health Care Lawyer Should Know about Current Threats, Fredrikson & Byron’s Health Law Webinar Series, January 19, 2022

Author, “Businesses Face New Obligations Under Web of Privacy Laws,” Star Tribune, May 4, 2021

Presenter, Targeting the C-Suite: Business Email CompromisesPrevent, Identification, and Response, 2020 Midwest Legal Conference on Privacy & Data Security, February 14, 2020

Co-Presenter, Cybersecurity Due Diligence in M&A, DealLawyers.com Webcast, January 23, 2020

Panelist, Privacy and Security in Cross-Border Investigations, Fredrikson & Byron’s Cross-Border Investigations Seminar, November 12, 2019

Presenter, Mergers and Acquisition Trends: What You Need to Know about Privacy & Security, Association of Corporate Counsel, Iowa Chapter, May 31, 2019

Co-Presenter, GDPR, CCPA, and the Coming Wave of Privacy Regulations: Risk or Opportunity?, Minnesota High Tech Association Annual Spring Conference, May 9, 2019

Co-Presenter, The Rise of Privacy: Oversight, Compliance and Management, Fredrikson & Byron program co-hosted with Baker Tilly, March 8, 2019

Co-Presenter, The Rising Tide of Individual Privacy Rights: What Does It Mean for Minnesota Businesses?, Association of Corporate Counsel Minnesota Lunch & Learn, January 17, 2019

Co-Presenter, Focus on Privacy and Data Security within a Healthcare Transaction, Health Law Practicum, December 10, 2018

Quoted in “Navigating State Patient Data Privacy Laws Will Only Get More Challenging,” MedCity News, November 13, 2018

Co-Presenter, What’s Trending in the World of Advertising Law?, Fredrikson & Byron program co-hosted with Ad Fed, September 13, 2018

Presenter, Hot Topics: What You Need to Know NowGDPR, Fredrikson & Byron program co-hosted with Ad Fed, September 13, 2018

Co-Presenter, M&A Transactions: Due Diligence, Reps and Warranties Related to Data Privacy and Cyber Security, Minnesota CLE, September 7, 2018

Moderator, Don’t be Caught Off Guard: Strategies to Manage Risk for Investment Advisors, Fredrikson & Byron program co-hosted with Charles Schwab and BMO Global Asset Management, June 26, 2018

Panelist, Data as Asset, Key Issues Driving the M&A Market, Fredrikson & Byron Seminar, June 19, 2018

Co-Presenter, New SEC Guidance on Cybersecurity Disclosures, Strafford Webinar, June 12, 2018

Co-Presenter, M&A Transactions: Due Diligence, Reps and Warranties Related to Data Privacy and Cybersecurity, 2018 Midwest Legal Conference on Privacy and Data Security, January 26, 2018

Co-Presenter, Protecting Your Practice: A Cybersecurity Roundtable, BMO Global Asset Management, December 13, 2017

Presenter, Cyber Insurance, Minnesota Bar Association, 2017 Technology Law Institute, November 15, 2017

Presenter, A Primer on Cybersecurity Risk Mitigation and Incident Response, ISBA Business Law Section/University of Iowa College of Law Business Law Symposium, November 3, 2017

Speaker, Data Security Series: Developing and Implementing a Data Breach Response PlanBest Practices to Minimize the Impact of a Breach, Minnesota CLE, October 17, 2017

Moderator, Cybersecurity Risk Management—What Boards Need to Know, Society for Corporate Governance, Twin Cities Chapter Meeting, October 5, 2017

Co-Presenter, The Three Most Overlooked Cybersecurity Risks: Human Factors, Information Control and Third-Party Vendors, Association of Corporate Counsel Minnesota Lunch & Learn, September 12, 2017

Co-Presenter, Cyber Liability: What the Board Needs to Know, Minnesota High Tech Association Spring Conference, May 9, 2017

Panelist, Practical Steps to Minimize Risks and Respond to Breaches, Fredrikson & Byron Strategies to Manage Cybersecurity Risks for the Financial Industry Seminar, February 1, 2017

Co-Presenter, Avoiding an Incident Response Hangover: Data Breaches and Departing Employees, Cybersecurity and Trade Secrets Group Event, Surly Brewing, May 17, 2016

Co-Presenter, Insider Threats: Identifying and Deterring Company Information Theft, Fredrikson & Byron’s 31st Annual Employment & Labor Law Seminar, November 6, 2015

Co-Presenter, Protecting Your Company From A Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact, Iowa Association of Corporate Counsel, Corporate Counsel Forum, October 30, 2015

Presenter, Developing and Implementing a Data Breach Response Plan: Best Practices to Minimize the Impact of a Breach, Minnesota CLE, Data Breach Preparedness and Response Seminar, October 2, 2015

Co-Author, “Ten Actions You Can Take Now to Protect Your Company’s Trade Secrets,” Networked Lawyers Blog, May 2015

Co-Presenter, Protecting Trade Secrets and Confidential Information: What Businesses Can and Should Be Doing from Prevention to Enforcement, Business Law Institute, May 4, 2015

Panelist, Computer Crime: How Are We Vulnerable?, Lockton, May 1, 2015

Co-Presenter, Insulate Your Company from a Cyber Breach—Proactive Steps to Minimize Breach Risks & Impact, Association of Corporate Counsel—Minnesota Chapter, February 19, 2015

Panelist, Trade Secret Theft from Prevention to Enforcement, Minnesota IP Institute, September 19, 2014

Presenter, Practical Perspectives: Trade Secret Theft from Prevention to Enforcement, February 27, 2014

Presenter, You Love it, You Hate it. Now you Have to Live With it, William Mitchell College of Law e-Discovery Conference, October 4, 2013

Presenter, Data Protection: How Employers Can Ensure a New Hire Isn’t Bringing Data from a Previous Employer, Association of Corporate CounselMinnesota Chapter, October 1, 2013

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.