Overview
As Chair of Fredrikson’s Data Protection & Cybersecurity group, Sten partners with clients to address two of their most significant risks—cybersecurity and privacy.
Sten assists clients in proactively mitigating the risk of cybersecurity incidents and data breaches, including by developing information security programs and policies. And in the event a client suspects a data breach, he leads and coordinates the breach response, counsels the client on notification obligations to affected individuals, customers or third parties, and assists in the response to legal and regulatory inquiries.
Sten also helps clients navigate the myriad legal obligations relating to the data they process, such as complying with national and international data privacy laws, developing and implementing security and privacy policies and procedures, and evaluating security and privacy risks associated with company practices, corporate mergers and acquisitions, and new products and technologies (including those involving big data and artificial intelligence). Sten is a Certified Information Privacy Professional accredited by the International Association of Privacy Professionals and serves as counsel to the Firm on privacy and security issues.
Sten’s litigation practice involves representing clients in data protection, privacy and cybersecurity-related disputes. Sten has tried cases in state and federal courts and represented clients before various appellate courts.
Sten has received numerous accolades during his career, including being named an “Attorney of the Year” in 2015 by Minnesota Lawyer and a “Rising Star” from 2012-2017 by Super Lawyers magazine. Sten also led a team of Fredrikson lawyers in a high-profile pro bono human trafficking lawsuit, for which the team was awarded the Global Pro Bono Dispute of the Year and Global Citizenship Awards by The American Lawyer magazine.
Services
Experience
Cyber Incident Planning, Investigation, & Response
Sten has assisted myriad clients in preparing for and responding to cybersecurity incidents. Through such matters, Sten has assisted clients in navigating the breach notification laws for all 50 states, Canada, and the European Union, and has formed strong working relationships with law enforcement, IT security vendors, and public relations companies. Some of Sten’s representative experience includes:
- Represented manufacturing company in responding to a phishing attack involving in the potential compromise of sensitive HR data relating to 15,000+ employees located throughout the U.S. and Canada, which occurred during the company’s acquisition by a third party.
- Advised major franchisee in responding to sophisticated compromise involving servers containing data on 5000+ current and former employees located in multiple states.
- Assisted public company in resolving a wire transfer fraud with seven-figure losses as the result of a spearphishing campaign against a vendor.
- Served as outside cybersecurity counsel to device company on various issues, including updating its incident response plan and procedures, preparing cyber risk disclosures for the Company’s SEC filings, and navigating critical infrastructure vulnerability sharing requirements.
Privacy Compliance
As a Certified Information Privacy Professional, Sten regularly advises clients regarding state, federal, and international laws pertaining to the privacy of personal information. Some of Sten’s representative experience includes:
- Served as outside privacy counsel to dozens of consumer business across industries in analyzing, developing, and coordinating compliance plans for the CCPA and GDPR. By way of example, counsel to major managed services and utility companies in CCPA assessment and compliance efforts.
- Assisted advertising, marketing and ad-tech companies in assessing implication of, and complying with, privacy laws relating to personal information processing practices.
- Represented numerous clients in drafting and negotiating privacy- and security-related provisions for vendor and service provider contracts.
- Assisted major non-profits and ed-tech companies in compliance with privacy laws relating to children and students, including COPPA and FERPA.
Data Privacy & Security-Related Mergers & Acquisitions
Sten has assisted clients in analyzing and mitigating potential data privacy and security risks in connection with hundreds of M&A deals across industries, as well as advising on post-closing remediation and compliance strategies.
Credentials
Education
- University of Minnesota Law School, J.D., cum laude
- Colorado College, B.A., Environmental Science, cum laude
Admissions
- Minnesota, 2006
- New York, 2005 (inactive)
- U.S. District Court for the District of Minnesota, 2006
- U.S. Court of Appeals for the Eighth Circuit, 2007
Recognition
- Rising Star, Minnesota Super Lawyers, 2012-2017
- Attorney of the Year, Minnesota Lawyer, 2015
- North Star Lawyer, Minnesota State Bar Association, 2013-2015
Civic & Professional
Professional Activities
- Volunteer Lawyers Network, Board Member and Housing Clinic Volunteer
- Federal Bar Association
- Minnesota State Bar Association
- Minnesota Law Review, Managing Editor, 2003-2004; Staff Member, 2002-2003
- Alpha Lambda Delta Honor Society, Member
Community
- HandsOn Twin Cities, Board Member, 2009-2012; Treasurer, 2011-2012
- Legal Assistance to Disadvantaged, Former Committee Member
- Dedicated more than 50 hours to pro bono matters in each of the past 6 years
News & Insights
Speaking Engagements
- Event
- Event
- Event
- Event
- Event
Legal Updates
- Legal Update
- Legal Update
- Legal Update
- Legal Update
- Legal Update
- Legal Update
- Legal Update
- Legal Update
- Legal Update
- Legal Update
Publications & Presentations
Co-Presenter, Best Practices in M&A for Analyzing a Target Company’s Privacy and Data Security, 2023 Midwest Legal Conference on Data Privacy and Cybersecurity, Minnesota CLE, February 2023
Presenter, Cybersecurity Basics: What Every Health Care Lawyer Should Know about Current Threats, Fredrikson & Byron’s Health Law Webinar Series, January 19, 2022
Author, “Businesses Face New Obligations Under Web of Privacy Laws,” Star Tribune, May 4, 2021
Presenter, Targeting the C-Suite: Business Email Compromises—Prevent, Identification, and Response, 2020 Midwest Legal Conference on Privacy & Data Security, February 14, 2020
Co-Presenter, Cybersecurity Due Diligence in M&A, DealLawyers.com Webcast, January 23, 2020
Panelist, Privacy and Security in Cross-Border Investigations, Fredrikson & Byron’s Cross-Border Investigations Seminar, November 12, 2019
Presenter, Mergers and Acquisition Trends: What You Need to Know about Privacy & Security, Association of Corporate Counsel, Iowa Chapter, May 31, 2019
Co-Presenter, GDPR, CCPA, and the Coming Wave of Privacy Regulations: Risk or Opportunity?, Minnesota High Tech Association Annual Spring Conference, May 9, 2019
Co-Presenter, The Rise of Privacy: Oversight, Compliance and Management, Fredrikson & Byron program co-hosted with Baker Tilly, March 8, 2019
Co-Presenter, The Rising Tide of Individual Privacy Rights: What Does It Mean for Minnesota Businesses?, Association of Corporate Counsel Minnesota Lunch & Learn, January 17, 2019
Co-Presenter, Focus on Privacy and Data Security within a Healthcare Transaction, Health Law Practicum, December 10, 2018
Quoted in “Navigating State Patient Data Privacy Laws Will Only Get More Challenging,” MedCity News, November 13, 2018
Co-Presenter, What’s Trending in the World of Advertising Law?, Fredrikson & Byron program co-hosted with Ad Fed, September 13, 2018
Presenter, Hot Topics: What You Need to Know Now—GDPR, Fredrikson & Byron program co-hosted with Ad Fed, September 13, 2018
Co-Presenter, M&A Transactions: Due Diligence, Reps and Warranties Related to Data Privacy and Cyber Security, Minnesota CLE, September 7, 2018
Moderator, Don’t be Caught Off Guard: Strategies to Manage Risk for Investment Advisors, Fredrikson & Byron program co-hosted with Charles Schwab and BMO Global Asset Management, June 26, 2018
Panelist, Data as Asset, Key Issues Driving the M&A Market, Fredrikson & Byron Seminar, June 19, 2018
Co-Presenter, New SEC Guidance on Cybersecurity Disclosures, Strafford Webinar, June 12, 2018
Co-Presenter, M&A Transactions: Due Diligence, Reps and Warranties Related to Data Privacy and Cybersecurity, 2018 Midwest Legal Conference on Privacy and Data Security, January 26, 2018
Co-Presenter, Protecting Your Practice: A Cybersecurity Roundtable, BMO Global Asset Management, December 13, 2017
Presenter, Cyber Insurance, Minnesota Bar Association, 2017 Technology Law Institute, November 15, 2017
Presenter, A Primer on Cybersecurity Risk Mitigation and Incident Response, ISBA Business Law Section/University of Iowa College of Law Business Law Symposium, November 3, 2017
Speaker, Data Security Series: Developing and Implementing a Data Breach Response Plan—Best Practices to Minimize the Impact of a Breach, Minnesota CLE, October 17, 2017
Moderator, Cybersecurity Risk Management—What Boards Need to Know, Society for Corporate Governance, Twin Cities Chapter Meeting, October 5, 2017
Co-Presenter, The Three Most Overlooked Cybersecurity Risks: Human Factors, Information Control and Third-Party Vendors, Association of Corporate Counsel Minnesota Lunch & Learn, September 12, 2017
Co-Presenter, Cyber Liability: What the Board Needs to Know, Minnesota High Tech Association Spring Conference, May 9, 2017
Panelist, Practical Steps to Minimize Risks and Respond to Breaches, Fredrikson & Byron Strategies to Manage Cybersecurity Risks for the Financial Industry Seminar, February 1, 2017
Co-Presenter, Avoiding an Incident Response Hangover: Data Breaches and Departing Employees, Cybersecurity and Trade Secrets Group Event, Surly Brewing, May 17, 2016
Co-Presenter, Insider Threats: Identifying and Deterring Company Information Theft, Fredrikson & Byron’s 31st Annual Employment & Labor Law Seminar, November 6, 2015
Co-Presenter, Protecting Your Company From A Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact, Iowa Association of Corporate Counsel, Corporate Counsel Forum, October 30, 2015
Presenter, Developing and Implementing a Data Breach Response Plan: Best Practices to Minimize the Impact of a Breach, Minnesota CLE, Data Breach Preparedness and Response Seminar, October 2, 2015
Co-Author, “Ten Actions You Can Take Now to Protect Your Company’s Trade Secrets,” Networked Lawyers Blog, May 2015
Co-Presenter, Protecting Trade Secrets and Confidential Information: What Businesses Can and Should Be Doing from Prevention to Enforcement, Business Law Institute, May 4, 2015
Panelist, Computer Crime: How Are We Vulnerable?, Lockton, May 1, 2015
Co-Presenter, Insulate Your Company from a Cyber Breach—Proactive Steps to Minimize Breach Risks & Impact, Association of Corporate Counsel—Minnesota Chapter, February 19, 2015
Panelist, Trade Secret Theft from Prevention to Enforcement, Minnesota IP Institute, September 19, 2014
Presenter, Practical Perspectives: Trade Secret Theft from Prevention to Enforcement, February 27, 2014
Presenter, You Love it, You Hate it. Now you Have to Live With it, William Mitchell College of Law e-Discovery Conference, October 4, 2013
Presenter, Data Protection: How Employers Can Ensure a New Hire Isn’t Bringing Data from a Previous Employer, Association of Corporate Counsel—Minnesota Chapter, October 1, 2013