Cody Wamsley
View Page As PDF

EMAIL cwamsley@mcdonaldhopkins.com

PHONE 312.642.6738

Cody Wamsley is an associate in the national Data Privacy and Cybersecurity Practice Group at McDonald Hopkins. He came to McDonald Hopkins from American Express Company, where he provided legal guidance on IT risk and information security and was responsible for managing the enterprise’s third party risk. Cody has experience advising on global data security and privacy issues, negotiating and drafting complex technology contracts, and providing counsel on technology transactions. He is also knowledgeable on a broad range of data privacy and cybersecurity regulations including GLBA and other banking regulations, CFAA, FCRA, CAN-SPAM, COPPA, State Data Breach Notification Laws, NIST, ISO, PCI DSS, and SOC audits.

Cody has spoken widely on information security issues at industry conferences and on television. He is also a registered patent attorney and has broad experience in operational risk, compliance, and intellectual property at both startups and large organizations.

Cody holds an LL.M. in intellectual property law from The George Washington University Law School, a JD from University of Kansas School of Law, and a Bachelor of Science in business administration from the University of Kansas. He is licensed to practice law in Arizona, the District of Columbia, and before the United States Patent and Trademark Office, but is not admitted in Illinois.

Admissions - Court

  • U.S. Patent and Trademark Office

Admissions - State

  • Arizona
  • District of Columbia


  • George Washington University School of Law
  • University of Kansas School of Law
  • University of Kansas

Professional Membership

  • Information Systems Security Association, President Phoenix Chapter
  • State Bar of Arizona, Intellectual Property Section


Speaking Engagements

  • "Incorporating Threat Intelligence into a World-Class Third Party Risk Program," Anomali Detect 2017, Washington, D.C., September 2017
  • "How To Operate A GDPR Compliant Business In The European Community," ITSP Magazine GDPR Webinar Series, August 2017
  • “Third Party Risk and Auditing in Today’s Cybersecurity Environment,” ePlace Solutions Webinar, May 2017
  • “Cloud Vendors: Privacy and Security Considerations, Due Diligence for Outsourcing Vendors, Negotiating Vendor Agreements, and Maintaining Compliance When Dealing with a Customer and Cloud Vendors,” ACI Forum on Privacy & Security of Consumer and Employee Information, San Francisco, CA, October 2016
  • “Business to Business Litigation: Vendor Litigation, Service Provider Litigation, and Examining the Ecosystem of Payment Card Breaches,”  ACI Forum on Data Breach & Privacy Litigation and Enforcement, New York, NY, September 2016
  • “Information Governance and Data Management,” Post-Conference Workshop, ACI Forum on Data Breach & Privacy Litigation and Enforcement, New York, NY, September 2016
  • “Third-Party Oversight and Vendor Management,” ACI Forum on Cyber Security and Data Privacy & Protection, Chicago, IL, June 2016
  • “Building a Relationship Between Privacy and Information Security Professionals,” Post-Conference Workshop, ACI Forum on Cyber Security and Data Privacy & Protection, Chicago, IL, June 2016
  • “Ransomware 101,” Innovate Pasadena, Pasadena, CA, April 2016
  • “Mobile Security Strategy with BYOD,” Arizona Technology Council Cybersecurity Summit, Scottsdale, AZ, May 2015