The European Union’s sweeping privacy law, the General Data Protection Regulation, prohibits transfers of personal data to the United States unless the company transferring the data has provided legally-appropriate safeguards. One mechanism that many companies—over 5,000 in total—have relied upon to safeguard such transfers is the EU-U.S. Privacy Shield framework. That safeguard is no longer valid.
Assistant: Peggy Curtis, 612.492.7581
“When I was younger, my father’s favorite mantra was ‘Commit yourself to excellence.’”
As Chair of Fredrikson & Byron’s Data Protection & Cybersecurity group, Sten partners with clients to address two of their most significant risks — cybersecurity and privacy.
Sten assists clients in proactively mitigating the risk of cybersecurity incidents and data breaches, including by developing information security programs and policies. And in the event a client suspects a data breach, he leads and coordinates the breach response, counsels the client on notification obligations to affected individuals, customers or third parties, and assists in the response to legal and regulatory inquiries. Sten also helps clients navigate the myriad legal obligations relating to the data they process, such as complying with national and international data privacy laws, developing and implementing security and privacy policies and procedures, and evaluating security and privacy risks associated with company practices, corporate mergers and acquisitions, and new products and technologies (including those involving big data and artificial intelligence). Sten is a Certified Information Privacy Professional accredited by the International Association of Privacy Professionals and serves as counsel to the Firm on privacy and security issues.
Sten also serves as a Co-Chair of Fredrikson & Byron’s Business Litigation Department. Sten’s litigation practice involves representing clients in data protection, privacy and cybersecurity-related disputes. Sten has tried cases in state and federal courts and represented clients before various appellate courts.
Sten has received numerous accolades during his career, including being named an “Attorney of the Year” in 2015 by Minnesota Lawyer and a “Rising Star” from 2012-2017 by Super Lawyers magazine. Sten also led a team of Fredrikson lawyers in a high-profile pro bono human trafficking lawsuit, for which the team was awarded the Global Pro Bono Dispute of the Year and Global Citizenship Awards by The American Lawyer magazine.
Cyber Incident Planning, Investigation, and Response
Sten has assisted myriad clients in preparing for and responding to cybersecurity incidents. Through such matters, Sten has assisted clients in navigating the breach notification laws for all 50 states, Canada, and the European Union, and has formed strong working relationships with law enforcement, IT security vendors, and public relations companies. Some of Sten’s representative experience includes:
- Represented manufacturing company in responding to a phishing attack involving in the potential compromise of sensitive HR data relating to 15,000+ employees located throughout the U.S. and Canada, which occurred during the company’s acquisition by a third party.
- Advised major franchisee in responding to sophisticated compromise involving servers containing data on 5000+ current and former employees located in multiple states.
- Assisted public company in resolving a wire transfer fraud with seven-figure losses as the result of a spearphishing campaign against a vendor.
- Served as outside cybersecurity counsel to device company on various issues, including updating its incident response plan and procedures, preparing cyber risk disclosures for the Company’s SEC filings, and navigating critical infrastructure vulnerability sharing requirements.
As a Certified Information Privacy Professional, Sten regularly advises clients regarding state, federal, and international laws pertaining to the privacy of personal information. Some of Sten’s representative experience includes:
- Served as outside privacy counsel to dozens of consumer business across industries in analyzing, developing, and coordinating compliance plans for the CCPA and GDPR. By way of example, counsel to major managed services and utility companies in CCPA assessment and compliance efforts.
- Assisted advertising and ad-tech companies in assessing implication of, and complying with, privacy laws relating to personal information processing practices.
- Represented numerous clients in drafting and negotiating privacy- and security-related provisions for vendor and service provider contracts.
- Assisted major non-profits and ed-tech companies in compliance with privacy laws relating to children and students, including COPPA and FERPA.
Data Privacy and Security-Related Mergers and Acquisitions
Sten has assisted clients in analyzing and mitigating potential data privacy and security risks in connection with over 100 corporate mergers and acquisitions.
Computer Fraud/Trade Secret Theft
- Represented medical device company in multi-jurisdictional corporate raiding claim. Obtained injunctive relief against former executive who violated non-compete and took trade secret information to a competitor before hiring away numerous other employees, who likewise took trade secret information to the competitor. Successfully resolved case after winning key motions in various jurisdictions.
- Represented food services company in lawsuit against former employees who stole trade secrets and attempted to use them with competitors. Successfully obtained temporary injunction against the former employees and utilized computer forensics to negotiate favorable resolution.
- Represented employee and new employer (software company) in suit brought by former employer alleging numerous claims relating to misappropriation of confidential information and violation of a non-compete agreement by employee. Defeated former employer’s motion for temporary restraining order and subsequently successfully resolved case.
- Served as lead counsel for employers and employees in numerous matters involving claims allegations of trade secret theft, breach of non-competition agreements and breach of non-solicitation agreements.
Real Estate Litigation
- Served as lead counsel for contractor in multi-million dollar construction defect lawsuit brought by condominium association. Successful defeated condominium association’s claims at summary judgment.
- Represented developer and homeowners in ownership lawsuit brought by condominium association. Successfully defeated condominium association’s claims at summary judgment.
- Represented developer in lawsuit brought by homeowners alleging fraud in connection with purchase of townhomes and liability for purported construction defects. Successfully defeated homeowners’ claims at summary judgment.
- Served as lead counsel for major loan servicers in lawsuit brought by mortgagor seeking damages in excess of $1 million for property damage allegedly caused by loan servicer’s agents. Successfully defeated mortgagor’s claims at summary judgment.
- Represented commercial property owner in suit against owner of neighboring parcel for constructing buildings in violation of an operations-and-easements agreement. Obtained temporary restraining order requiring offending building to be brought into compliance and subsequently resolved case.
Business Litigation/Trial Experience
- Represented physician in lawsuit against insurance company for denial of long-term disability benefits. Following a successful jury trial, obtained $1.5 million judgment against insurance company.
- Represented corporation in suit by former employees alleging failure to pay bonuses and severance pursuant to company policy. Following a week-long trial, jury returned a full defense verdict in client’s favor.
- Served as lead counsel for glass-installation company in lawsuit against company that acquired client’s assets and guarantors who failed to make payments pursuant to promissory note and guaranty. Following successful summary judgment motion, obtained judgment for client in total amount of debt, plus interest and attorneys’ fees.
- Served as lead counsel for lender in lawsuit against individual borrower for failure to repay loan that was secured by membership units in company that operated rental property. Following motion to take possession of collateral, successfully negotiated voluntary relinquishment of membership units, giving client control of rental property. Subsequently brought motion for summary judgment against borrower, resulting in judgment against borrower for full amount sought, plus interest and attorneys’ fees.
- Served as lead counsel for company in lawsuit against insurance company that refused to cover damage to client’s property. After defeating insurance company’s motion for summary judgment, successfully negotiated resolution of case.
- Represented a receiver in several lawsuits throughout the country that successfully recovered millions of dollars in fraudulent transfers.
- Served as lead counsel for wind energy company in appeal brought by entities challenging Public Utilities Commission’s decision to grant site permit for wind farm. Successfully argued for dismissal of one entity’s appeal based on jurisdictional defects. Following oral argument on other entity’s appeal, court of appeals issued opinion affirming Public Utilities Commission’s site permit for wind farm.
- Served as lead counsel for adoptive mother in appeal brought by maternal aunt challenging district court’s award of custody to adoptive mother. Following oral argument, court of appeals issued opinion affirming award of custody to adoptive mother.
- Served as lead counsel for animal rights organization in appeal challenging county’s issuance of permit allowing operation of massive puppy mill requiring that dogs having outdoor access be de-barked. Following oral argument, court of appeals issued published opinion finding that county failed to consider whether de-barking the dogs violated Minnesota’s animal welfare laws and striking down the conditional use permit.
- Served as lead counsel for contractor in appeal from district court order for insurer on issue relating to payment under a construction bond.
Articles & Presentations
June 5, 2020
Do I need to worry about employee privacy if I implement health screenings, contact tracing or similar protective measures when my employees return to work?
May 20, 2020
What should companies do to mitigate the security risks of a remote workforce?
September 4, 2018
By Karla L. Reyerson & Sten-Erik Hoidal
Community banks are no strangers to privacy and data security laws. The latest trends in privacy laws, however, are not limited to certain industries, and they include privacy rights for consumers that could have a significant impact on how companies treat customer information.
July 3, 2018
On June 28, California enacted a sweeping new privacy law that will have significant implications for companies across the country.
March 9, 2018
On February 21, the SEC adopted new interpretive guidance (the Guidance) to assist public companies in preparing disclosures about cybersecurity risks and incidents.
July 17, 2017
New cybersecurity regulations impacting broker-dealers and investment advisers in Colorado went into effect over the weekend.
March 10, 2015
It’s an unfortunate fact of modern life—hacks happen. And they will continue to happen. For companies, the risks cybersecurity incidents pose to both business and brand cannot be underestimated. Given the sharp increase in such incidents during 2014—up at least 50 percent, with some experts estimating as many as 42.8 million incidents—there is a growing expectation that companies have the right tools in place to respond effectively.
PUBLICATIONS & PRESENTATIONS
- Presenter, “Targeting the C-Suite: Business Email Compromises – Prevent, Identification, and Response,” 2020 Midwest Legal Conference on Privacy & Data Security, February 14, 2020
- Co-presenter, “Cybersecurity Due Diligence in M&A,” DealLawyers.com Webcast, January 23, 2020
- Panelist, “Privacy and Security in Cross-Border Investigations,” Fredrikson & Byron’s Cross-Border Investigations Seminar, November 12, 2019
- Presenter, “Mergers and Acquisition Trends: What You Need to Know about Privacy & Security,” Association of Corporate Counsel, Iowa Chapter, May 31, 2019
- Co-presenter, “GDPR, CCPA, and the Coming Wave of Privacy Regulations: Risk or Opportunity?,” Minnesota High Tech Association Annual Spring Conference, May 9, 2019
- Co-presenter, “The Rise of Privacy: Oversight, Compliance and Management,” Fredrikson & Byron program co-hosted with Baker Tilly, March 8, 2019
- Co-presenter, “The Rising Tide of Individual Privacy Rights: What Does It Mean for Minnesota Businesses?,” Association of Corporate Counsel Minnesota Lunch & Learn, January 17, 2019
- Co-presenter, “Focus on Privacy and Data Security within a Healthcare Transaction,” Health Law Practicum, December 10, 2018
- Quoted in “Navigating State Patient Data Privacy Laws Will Only Get More Challenging,” MedCity News, November 13, 2018
- Co-presenter, “What’s Trending in the World of Advertising Law?,” Fredrikson & Byron program co-hosted with Ad Fed, September 13, 2018
- Presenter, “Hot Topics: What You Need to Know Now – GDPR,” Fredrikson & Byron program co-hosted with Ad Fed, September 13, 2018
- Co-presenter, “M&A Transactions: Due Diligence, Reps and Warranties Related to Data Privacy and Cyber Security,” Minnesota CLE, September 7, 2018
- Moderator, “Don’t be Caught Off Guard: Strategies to Manage Risk for Investment Advisors,” Fredrikson & Byron program co-hosted with Charles Schwab and BMO Global Asset Management, June 26, 2018
- Panelist, “Data as Asset, Key Issues Driving the M&A Market,” Fredrikson & Byron Seminar, June 19, 2018
- Co-presenter, “New SEC Guidance on Cybersecurity Disclosures,” Strafford Webinar, June 12, 2018
- Co-presenter, “M&A Transactions: Due Diligence, Reps and Warranties Related to Data Privacy and Cybersecurity,” 2018 Midwest Legal Conference on Privacy and Data Security, January 26, 2018
- Co-presenter, “Protecting your practice: A cybersecurity roundtable,” BMO Global Asset Management, December 13, 2017
- Presenter, “Cyber Insurance,” Minnesota Bar Association, 2017 Technology Law Institute, November 15, 2017
- Presenter, “A Primer on Cybersecurity Risk Mitigation and Incident Response,” ISBA Business Law Section/University of Iowa College of Law Business Law Symposium, November 3, 2017
- Speaker, “Data Security Series: Developing and Implementing a Data Breach Response Plan – Best Practices to Minimize the Impact of a Breach,” Minnesota CLE, October 17, 2017
- Moderator, “Cybersecurity Risk Management – What Boards Need to Know,” Society for Corporate Governance, Twin Cities Chapter Meeting, October 5, 2017
- Co-presenter, “The Three Most Overlooked Cybersecurity Risks: Human Factors, Information Control and Third-Party Vendors,” Association of Corporate Counsel Minnesota Lunch & Learn, September 12, 2017
- Co-presenter, “Cyber Liability: What the Board Needs to Know,” Minnesota High Tech Association Spring Conference, May 9, 2017
- Panelist, “Practical Steps to Minimize Risks and Respond to Breaches,” Fredrikson & Byron Strategies to Manage Cybersecurity Risks for the Financial Industry Seminar, February 1, 2017
- Co-presenter, “Avoiding an Incident Response Hangover: Data Breaches and Departing Employees,” Cybersecurity and Trade Secrets Group Event, Surly Brewing, May 17, 2016
- Co-presenter, “Insider Threats: Identifying and Deterring Company Information Theft,” Fredrikson & Byron’s 31st Annual Employment & Labor Law Seminar, November 6, 2015
- Co-presenter, “Protecting Your Company From A Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact,” Iowa Association of Corporate Counsel, Corporate Counsel Forum, October 30, 2015
- Presenter, “Developing and Implementing a Data Breach Response Plan: Best Practices to Minimize the Impact of a Breach,” Minnesota CLE, Data Breach Preparedness and Response Seminar, October 2, 2015
- Co-author, “Ten Actions You Can Take Now to Protect Your Company’s Trade Secrets,” Networked Lawyers Blog, May 2015
- Co-presenter, “Protecting Trade Secrets and Confidential Information: What Businesses Can and Should Be Doing from Prevention to Enforcement,” Business Law Institute, May 4, 2015
- Panel Member, “Computer Crime: How Are We Vulnerable?,” Lockton, May 1, 2015
- Co-presenter, “Insulate Your Company from a Cyber Breach – Proactive Steps to Minimize Breach Risks & Impact,” Association of Corporate Counsel – Minnesota Chapter, February 19, 2015
- Panel Member, “Trade Secret Theft from Prevention to Enforcement,” Minnesota IP Institute, September 19, 2014
- Presenter, “Practical Perspectives: Trade Secret Theft from Prevention to Enforcement,” February 27, 2014
- Presenter, “You Love it, You Hate it. Now you Have to Live With it,” William Mitchell College of Law e-Discovery Conference, October 4, 2013
- Presenter, “Data Protection: How Employers Can Ensure a New Hire Isn’t Bringing Data from a Previous Employer,” Association of Corporate Counsel – Minnesota Chapter, October 1, 2013
Honors & Education
- University of Minnesota Law School, J.D., cum laude
- The Colorado College, B.A. Environmental Science, cum laude
- Minnesota, 2006
- New York, 2005
- U.S. District Court, District of Minnesota, 2006
- Eighth Circuit Court of Appeals, 2007
- Minnesota Super Lawyers, Rising Star, 2012-2017
- Minnesota Lawyer, Attorney of the Year, 2015
- Minnesota State Bar Association, North Star Lawyer, 2013-2015
- Minnesota Law Review, Managing Editor 2003-2004; staff member 2002-2003
- Alpha Lambda Delta Honor Society, Member
- Volunteer Lawyers Network, Board Member and Housing Clinic Volunteer
- Federal Bar Association
- Minnesota State Bar Association
- HandsOn Twin Cities, Board Member 2009-2012; Treasurer 2011-2012
- Legal Assistance to Disadvantaged, former Committee Member
- Dedicated more than 50 hours to pro bono matters in each of the past 6 years