Megan A. Bowman, CIPP

Megan provides clients smart and business-centered advice on privacy law compliance, and data licensing and security matters.

Megan prides herself on providing clients smart and business-centered advice regarding privacy law compliance, data use and ownership, and cybersecurity issues. As a Certified Information Privacy Professional (CIPP), Megan routinely counsels businesses engaged in the building, development, marketing, and procurement of technology products or services that involve the processing of regulated data, including personal information or protected health information. She has experience working with companies in the energy, education, managed services, healthcare, life sciences, gig-economy, and retail industries.

Megan’s practice includes creating clients’ privacy notices and disclosures in compliance with comprehensive U.S. state privacy laws (e.g., the CCPA), biometric information privacy laws (e.g., BIPA), children’s privacy laws (e.g., COPPA), and global privacy laws (e.g., the GDPR and LGPD); drafting and negotiating clients’ customer and vendor contracts; conducting gap assessments to determine areas of compliance remediation; drafting and negotiating data processing agreements; advising clients experiencing a security incident on their legal obligations and investigation strategies; acting as outside privacy counsel resource to internal company counsel; counseling clients on future-state technology strategies; and helping clients plan for a future corporate exit.

Megan also has significant experience working with our Corporate Division as a subject-matter-expert in the areas of intellectual property, technology, software, and data privacy and security, advising on more than 350 mergers and acquisitions, investment, and financing transactions in the past five years.

When she joined Fredrikson, Megan managed and negotiated Fredrikson’s own vendor and service provider contracts, including contracts for software and IT assets, professional services, and access to Fredrikson facilities. As a Certified Legal Project Manager, she also has experience leading multi-year projects to improve and standardize client work product for certain key practice areas.

Representative Data Privacy and Security Services

• Assisted education technology company with developing and publishing privacy notices in compliance with Children’s Online Privacy Protection Act of 1998 (“COPPA”) and new product license terms that address institutional customer’s Family Educational Rights and Privacy Act (“FERPA”) and state-specific (e.g., New York State Education Law Section 2-D) obligations related to student data.
• Advised media organization on a process for responding to consumer requests made under various privacy laws, including the California Consumer Privacy Act of 2018 (“CCPA”), the EU/UK General Data Protection Regulation (“GDPR”).
• Advised a multi-location healthcare provider on considerations to be made when adopting a new process for accepting credit card payments and ensuring compliance with the Payment Card Industry Data Security Standard (“PCI DSS”).
• Drafted language for use by a fintech software company in its standard customer contracts to establish its role as a service provider for the purposes of the CCPA.
• Advised victim of credential stuffing regarding reportability requirements under applicable data breach laws.

Representative Transactions Experience

• Advised software and analytics company on new product offering involving the accessing of third-party systems on customers’ behalf.
• Negotiated license agreement with data broker providing data for use in modeling and scoring the value of marketing leads and for verifying the accuracy of various third party’s customer relationship management (“CRM”) system data.
• Provided middleware company using global service providers’ application programming interfaces (“APIs”) advice regarding limitations of applicable license agreements and potential challenges certain terms present in the context of a future exit.
• Provided cryptocurrency mining services company advice regarding how to structure terms of a service agreement to ensure the company owns the software and technology built in connection with a particular customer engagement.
• Represented medical reference laboratory in its negotiation of a sponsored testing program agreement with a multinational biotechnology company.
• Represented globally prominent healthcare system in its procurement of several technology products and services, including on-premise software, SaaS solutions and capital equipment.
• Represented private equity investment firm in its acquisition of a digital fundraising services company that operates a data lake and leverages several proprietary applications, algorithms and models in its business.
• Represented a developer and provider of SaaS tools for e-commerce sellers in its sale to a private equity buyer.

Education

• Certified Information Privacy Professional, International Association of Privacy Professionals, 2021
• LegalBizDev Certified Legal Project Manager^® Program, 2019
• University of St. Thomas School of Law, J.D., concentration in Organizational Ethics and Compliance, magna cum laude
• DePaul University, B.A.

Admissions

• Minnesota, 2015

Clerkships

• Law Clerk, Honorable William H. Koch, State of Minnesota, 2016-2017

Professional Activities

• Minnesota State Bar Association, Member
• Hennepin County Bar Association, Member

Community

• University of St. Thomas School of Law IP and Technology Law Advisory Committee, Member
• The Hennepin Lawyer Magazine Committee, Member; Vice Chair, 2020-2022 
• University of St. Thomas School of Law First Year Curriculum, ROADMAP Coach