Samuel Goldstick
View Page As PDF
Sam is an associate at McDonald Hopkins in the Litigation Department and a member of the firm’s national Data Privacy and Cybersecurity Practice Group. He regularly advises domestic and international organizations on legal compliance obligations under applicable data protection and privacy laws, including U.S. state and federal breach notification laws, industry-specific cybersecurity guidelines and best practices, and the European Union (EU) data protection regimes and regulations.

In the event of a data breach, Sam provides clients in nearly every sector of the economy with crisis management counseling and helps quarterback the incident response process through investigation, notification, remediation, and regulator interface (including state attorneys general and federal regulators such as the Office for Civil Rights). Sam also counsels clients on complying with applicable foreign law, including the European Union’s Data Protection Directive 95/46/EC, and its successor, the General Data Protection Directive (GDPR), as well as the EU-US Privacy Shield, in relation to cross-border data transfers.

Sam has extensive experience in U.S. private sector privacy law, and earned the ANSI-accredited Certified Information Privacy Professional/United States (CIPP/US) credential through the International Association of Privacy Professionals (IAPP). The CIPP/US designation demonstrates a strong foundation in U.S. private-sector privacy laws and regulations and understanding of the legal requirements for the responsible transfer of sensitive and personal data to/from the U.S., the EU and other jurisdictions.

In addition to his CIPP/US credential, Sam also specializes in European data protection law and has earned the ANSI-accredited Certified Information Privacy Professional/Europe (CIPP/E) credential through the IAPP. The CIPP/E is the first professional credential specific to European data protection professionals that is part of a comprehensive, principles-based framework and knowledge base in information privacy. The CIPP/E encompasses pan-European and national data protection laws, the European model for privacy enforcement, key privacy terminology and practical concepts concerning the protection of personal data and trans-border data flows.

Sam’s work in data privacy and cybersecurity covers a wide range of industries, including accounting, financial services, healthcare, higher education, government contractors, hospitality, information technology, insurance, state and local municipalities, non-profit organizations, retail and telecommunications.

Sam earned his J.D. from Chicago-Kent College of Law in 2013, after receiving a B.A. in political science and legal studies from the University of Wisconsin-Madison in 2010. During law school, Sam served as a member of the Chicago-Kent Law Review and as a judicial extern for the Honorable Robert W. Gettleman, U.S. District Court Judge for the Northern District of Illinois.

Representative Cases/Matters

  • Represented reputable hospitality client in data breach case against cyber-extortionists who carried out threats against client by exposing PII of customers (which included government officials), and assisted federal prosecutors in their case against the hackers in court.
  • Advised online company on privacy issues and common theories of liability applicable to “data scraping” under U.S. and Canadian law, such as claims based on breach of contract, copyright infringement, trespass to chattels, and statutory violation(s) of the Computer Fraud and Abuse Act and Canada’s Anti-Spam Legislation.
  • Assisted corporate client in the development of a comprehensive Incident Response Plan.
  • Assisted retail client on compliance obligations under state and federal breach notification laws based on its collection of consumer PII.
  • Drafted and revised privacy and data protection policies, including standard contractual clauses, for a global digital media service provider to ensure compliance with EU law following the invalidation of the EU-U.S. Safe Harbor framework.
  • Advised pharmaceutical company on data privacy and security-related issues associated with its Acceptable Use Policy for Electronic Communications and Data Access Policy, in regard to HIPAA compliance, employee monitoring, and the incorporation of data classification levels and access control standards.
  • Secured summary judgment dismissals and dismissals on the pleadings in multiple consumer protection lawsuits involving alleged violations of the TCPA, FCRA and FDCPA, and similar state law claims alleging deceptive trade practices, defamation, IIED and invasion of privacy.
  • Successfully defended large financial institutional client against consumer plaintiffs in numerous arbitration cases (where client’s counterclaims were granted in full in each case).


  • Accredited as a Certified Information Privacy Professional/United States (CIPP/US) by the IAPP
  • Accredited as a Certified Information Privacy Professional/Europe (CIPP/E) by the IAPP

Admissions - Court

  • U.S. District Court for the Northern District of Illinois

Admissions - State

  • Illinois


  • Chicago-Kent College of Law
  • University of Wisconsin-Madison

Honors and Awards

  • Chicago-Kent Law Review, Member
  • CALI awards for highest grade in Legal Writing II, Legal Writing III and Disability Law
  • Graduated with Distinction from the University of Wisconsin-Madison

Professional Membership

  • Chicago Bar Association (CBA) - Active member of the CBA's Cyber Law & Data Privacy Committee
  • International Association of Privacy Professionals (IAPP)