Overview

As chair of Fredrikson’s Data Privacy & Security Group, Sten partners with clients to address two of their most significant risks—privacy and cybersecurity.

Sten helps clients navigate the myriad legal obligations relating to the data they process, such as complying with national and international data privacy laws, developing and implementing privacy and security programs, evaluating and addressing security and privacy risks associated with corporate mergers and acquisitions, and developing strategies for leveraging data and new technologies (including Generative AI). Sten is a Certified Information Privacy Professional accredited by the International Association of Privacy Professionals and serves as counsel to the Firm on privacy and security issues.

Sten also assists clients in proactively mitigating the risk of cybersecurity incidents and data breaches, including by developing information security programs and policies. And in the event a client suspects a data breach, he leads and coordinates the breach response, counsels the client on notification obligations to affected individuals, customers or third parties, and assists in the response to legal and regulatory inquiries.

Sten has received numerous accolades during his career, including being named an “Attorney of the Year” in 2015 by Minnesota Lawyer and a “Rising Star” from 2012-2017 by Super Lawyers magazine. Sten also led a team of Fredrikson lawyers in a high-profile pro bono human trafficking lawsuit, for which the team was awarded the Global Pro Bono Dispute of the Year and Global Citizenship Awards by The American Lawyer magazine.

Services

Experience

Privacy Compliance

As a Certified Information Privacy Professional, Sten regularly advises clients regarding state, federal, and international laws pertaining to the privacy of personal information. Some of Sten’s representative experience includes:

  • Served as outside privacy counsel to dozens of consumer business across industries in analyzing, developing, and coordinating compliance plans for the CCPA and GDPR. By way of example, counsel to major managed services and utility companies in CCPA assessment and compliance efforts.
  • Assisted advertising, marketing and ad-tech companies in assessing implication of, and complying with, privacy laws relating to personal information processing practices.
  • Represented numerous clients in drafting and negotiating privacy- and security-related provisions for vendor and service provider contracts.
  • Assisted major non-profits and ed-tech companies in compliance with privacy laws relating to children and students, including COPPA and FERPA.

Cyber Incident Planning, Investigation, & Response

Sten has assisted myriad clients in preparing for and responding to cybersecurity incidents. Through such matters, Sten has assisted clients in navigating the breach notification laws for all 50 states, Canada, and the European Union, and has formed strong working relationships with law enforcement, IT security vendors, and public relations companies. Some of Sten’s representative experience includes:

  • Represented manufacturing company in responding to a phishing attack involving in the potential compromise of sensitive HR data relating to 15,000+ employees located throughout the U.S. and Canada, which occurred during the company’s acquisition by a third party.
  • Advised major franchisee in responding to sophisticated compromise involving servers containing data on 5000+ current and former employees located in multiple states.
  • Assisted public company in resolving a wire transfer fraud with seven-figure losses as the result of a spearphishing campaign against a vendor.
  • Served as outside cybersecurity counsel to device company on various issues, including updating its incident response plan and procedures, preparing cyber risk disclosures for the Company’s SEC filings, and navigating critical infrastructure vulnerability sharing requirements.

Data Privacy & Security-Related Mergers & Acquisitions

Sten has assisted clients in analyzing and mitigating potential data privacy and security risks in connection with hundreds of mergers and acquisitions deals across industries, as well as advising on post-closing remediation and compliance strategies.

Credentials

Education

  • University of Minnesota Law School, J.D., cum laude
  • Colorado College, B.A., Environmental Science, cum laude

Admissions

  • Minnesota, 2006
  • New York, 2005 (inactive)
  • U.S. District Court for the District of Minnesota, 2006
  • U.S. Court of Appeals for the Eighth Circuit, 2007

Recognition

  • Minnesota Super Lawyers Rising Star, 2012-2017
  • Attorney of the Year, Minnesota Lawyer, 2015
  • North Star Lawyer, Minnesota State Bar Association, 2013-2015
  • Global Pro Bono Dispute of the Year, American Lawyer, 2015
  • Global Citizenship Award, American Lawyer, 2015

Civic & Professional

  • Minnesota Law Review Alumni Board
  • Volunteer Lawyers Network, Prior Board Chair
  • Minnesota State Bar Association, Technology Committee Member
  • Minnesota Law Review, Managing Editor

News & Insights

News

Speaking Engagements

Legal Updates

Publications & Presentations

Presenter, “Inherited Data Risks – Post-Closing Remediation Strategies for Buyers in M&A Transactions” Minnesota CLE Seminar: 2025 Midwest Legal Conference on Data Privacy & Cybersecurity, February 7, 2025

Presenter, Ethical Considerations for In-House Counsel in a Connected World, Fredrikson & Byron’s Health Law Webinar Series, May 10, 2024

Presenter, Records Management & Privacy, Society for Corporate Governance, October 26, 2023

Co-Presenter, Best Practices in M&A for Analyzing a Target Company’s Privacy and Data Security, 2023 Midwest Legal Conference on Data Privacy and Cybersecurity, Minnesota CLE, February 6, 2023

Presenter, Data Privacy and Cybersecurity Issues in Mergers and Acquisitions, Minnesota CLE, January 27, 2022

Presenter, Cybersecurity Basics: What Every Health Care Lawyer Should Know about Current Threats, Fredrikson & Byron’s Health Law Webinar Series, January 19, 2022

Author, “Businesses Face New Obligations Under Web of Privacy Laws,” Star Tribune, May 4, 2021

Presenter, Targeting the C-Suite: Business Email CompromisesPrevent, Identification, and Response, 2020 Midwest Legal Conference on Privacy & Data Security, February 14, 2020

Co-Presenter, Cybersecurity Due Diligence in M&A, DealLawyers.com Webcast, January 23, 2020

Panelist, Privacy and Security in Cross-Border Investigations, Fredrikson & Byron’s Cross-Border Investigations Seminar, November 12, 2019

Presenter, Mergers and Acquisition Trends: What You Need to Know about Privacy & Security, Association of Corporate Counsel, Iowa Chapter, May 31, 2019

Co-Presenter, GDPR, CCPA, and the Coming Wave of Privacy Regulations: Risk or Opportunity?, Minnesota High Tech Association Annual Spring Conference, May 9, 2019

Co-Presenter, The Rise of Privacy: Oversight, Compliance and Management, Fredrikson & Byron program co-hosted with Baker Tilly, March 8, 2019

Co-Presenter, The Rising Tide of Individual Privacy Rights: What Does It Mean for Minnesota Businesses?, Association of Corporate Counsel Minnesota Lunch & Learn, January 17, 2019

Co-Presenter, Focus on Privacy and Data Security within a Healthcare Transaction, Health Law Practicum, December 10, 2018

Quoted in “Navigating State Patient Data Privacy Laws Will Only Get More Challenging,” MedCity News, November 13, 2018

Co-Presenter, What’s Trending in the World of Advertising Law?, Fredrikson & Byron program co-hosted with Ad Fed, September 13, 2018

Presenter, Hot Topics: What You Need to Know NowGDPR, Fredrikson & Byron program co-hosted with Ad Fed, September 13, 2018

Co-Presenter, M&A Transactions: Due Diligence, Reps and Warranties Related to Data Privacy and Cyber Security, Minnesota CLE, September 7, 2018

Moderator, Don’t be Caught Off Guard: Strategies to Manage Risk for Investment Advisors, Fredrikson & Byron program co-hosted with Charles Schwab and BMO Global Asset Management, June 26, 2018

Panelist, Data as Asset, Key Issues Driving the M&A Market, Fredrikson & Byron Seminar, June 19, 2018

Co-Presenter, New SEC Guidance on Cybersecurity Disclosures, Strafford Webinar, June 12, 2018

Co-Presenter, M&A Transactions: Due Diligence, Reps and Warranties Related to Data Privacy and Cybersecurity, 2018 Midwest Legal Conference on Privacy and Data Security, January 26, 2018

Co-Presenter, Protecting Your Practice: A Cybersecurity Roundtable, BMO Global Asset Management, December 13, 2017

Presenter, Cyber Insurance, Minnesota Bar Association, 2017 Technology Law Institute, November 15, 2017

Presenter, A Primer on Cybersecurity Risk Mitigation and Incident Response, ISBA Business Law Section/University of Iowa College of Law Business Law Symposium, November 3, 2017

Speaker, Data Security Series: Developing and Implementing a Data Breach Response PlanBest Practices to Minimize the Impact of a Breach, Minnesota CLE, October 17, 2017

Moderator, Cybersecurity Risk Management—What Boards Need to Know, Society for Corporate Governance, Twin Cities Chapter Meeting, October 5, 2017

Co-Presenter, The Three Most Overlooked Cybersecurity Risks: Human Factors, Information Control and Third-Party Vendors, Association of Corporate Counsel Minnesota Lunch & Learn, September 12, 2017

Co-Presenter, Cyber Liability: What the Board Needs to Know, Minnesota High Tech Association Spring Conference, May 9, 2017

Panelist, Practical Steps to Minimize Risks and Respond to Breaches, Fredrikson & Byron Strategies to Manage Cybersecurity Risks for the Financial Industry Seminar, February 1, 2017

Co-Presenter, Avoiding an Incident Response Hangover: Data Breaches and Departing Employees, Cybersecurity and Trade Secrets Group Event, Surly Brewing, May 17, 2016

Co-Presenter, Insider Threats: Identifying and Deterring Company Information Theft, Fredrikson & Byron’s 31st Annual Employment & Labor Law Seminar, November 6, 2015

Co-Presenter, Protecting Your Company From A Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact, Iowa Association of Corporate Counsel, Corporate Counsel Forum, October 30, 2015

Presenter, Developing and Implementing a Data Breach Response Plan: Best Practices to Minimize the Impact of a Breach, Minnesota CLE, Data Breach Preparedness and Response Seminar, October 2, 2015

Co-Author, “Ten Actions You Can Take Now to Protect Your Company’s Trade Secrets,” Networked Lawyers Blog, May 2015

Co-Presenter, Protecting Trade Secrets and Confidential Information: What Businesses Can and Should Be Doing from Prevention to Enforcement, Business Law Institute, May 4, 2015

Panelist, Computer Crime: How Are We Vulnerable?, Lockton, May 1, 2015

Co-Presenter, Insulate Your Company from a Cyber Breach—Proactive Steps to Minimize Breach Risks & Impact, Association of Corporate Counsel—Minnesota Chapter, February 19, 2015

Panelist, Trade Secret Theft from Prevention to Enforcement, Minnesota IP Institute, September 19, 2014

Presenter, Practical Perspectives: Trade Secret Theft from Prevention to Enforcement, February 27, 2014

Presenter, You Love it, You Hate it. Now you Have to Live With it, William Mitchell College of Law e-Discovery Conference, October 4, 2013

Presenter, Data Protection: How Employers Can Ensure a New Hire Isn’t Bringing Data from a Previous Employer, Association of Corporate CounselMinnesota Chapter, October 1, 2013

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.