Sinan Pismisoglu

Senior Attorney

Houston P: 713.576.0317 F: 713.576.0301

Washington, D.C. P: 202.393.7150 F: 202.347.1684

Sinan Pismisoglu focuses his practice in national security law, focusing on export controls, trade sanctions administered by the Office of Foreign Assets Control (OFAC), and compliance with the Foreign Corrupt Practices Act (FCPA) and the Foreign Agents Registration Act (FARA). He adeptly assists businesses in developing compliance strategies. Sinan also helps clients get removed from government lists, such as OFAC’s Specially Designated Nationals (SDN) list. His experience extends to representing clients before the Committee on Foreign Investment in the United States (CFIUS) for reviews and advising in government contracts matters, including Build America, Buy America, and Buy American Acts.

Additionally, Sinan helps clients navigate global data protection, privacy, and cybersecurity concerns across a number of industries and country-based regulatory risks. He is a resource for clients on AI ethics, data licensing, and using marketing data and cookies. Sinan collaborates with engineering teams to create compliance-integrated risk management frameworks, governance, and ethics programs for emerging technologies. He is particularly experienced in SLA, privacy and data security provisions and privacy agreement negotiations, cross-border data transfers, global data sovereignty, and localization.

His background also includes commercial and investment disputes in oil and gas EPC contracting. Earlier in his career, Sinan represented foreign governments in investment disputes and advised on EPC contracting strategies.

Area(s) of Focus

University of Houston Law Center, LL.M., International Law, 2010
University of Warwick, LL.M., Economic Law, 2000
Ankara University, Faculty of Law, 1998

District of Columbia
Texas

ANSI Certified Information Privacy Professional (CIPP/US)

IAPP Certified Information Privacy Professional (CIPP/E)

IAPP Certified Information Privacy Technologist (CIPT)

IAPP Certified Information Privacy Manager (CIPM)

ISACA, Cyber Fundamentals

Harvard Certification, Managing Risk in the Information Age

Accolades

CIPP

Certified Information Privacy Professional/Europe

CIPT

Certified Information Privacy Manager Logo

Performed Privacy Impact Assessments and Data Protection Impact Assessments under GDPR to implement network and endpoint-based log monitoring controls that process employee data. Developed and implemented privacy and data security management programs under GDPR, HIPAA, FTC Act, and state privacy laws. Developed information security management and data privacy programs under the ISO 27000, ISO 27017, and ISO 27701 frameworks. Acted as product counsel for implementing privacy controls and social media integration policies on IoT software and apps (PbD) processing consumer health and geolocation data. Acted as product counsel for an online travel agency to implement privacy controls for the secondary use and analysis of de-identified consumer data. Drafted and negotiated data ownership, aggregation, and secondary usage terms in SaaS agreements. Advised on privacy breaches resulting from incorrect privacy settings for the AWS S3 bucket. Created and performed data privacy and data security training programs. Drafted and negotiated DPAs under GDPR, CCPA, and CPRA for controllers, processors, and service providers. Acted as project counsel to perform an information security risk assessment under the NIST Risk Management Framework. Advised global businesses on cross-border data transfers, data sovereignty, localization, and government surveillance. Advised on deidentification of non-public PII shared with product teams: hash & salt of user ID; abstracting geo location; converting device ID to product name; partition and encryption of event fields; and partition of databases together with access controls. Applied privacy requirements to app development models and app interfaces based on security, information type, and provenance requirements under data utility, risk appetite, acceptable risk, control cost, and privacy risk considerations. Represented a global energy company as its incident response counsel. Performed cybersecurity maturity and insider threat assessment. Provided counsel to a U.S. manufacturing company victimized by a business email compromise. Worked with forensic teams to discover the breach’s root cause. Represented a global hotel chain against its vendor that suffered from a breach exposing customers' credit card and PII at over 32,000 hotels across 120 countries. Counseled a nationwide retailer on the breach of consumer PII caused by the injection of keylogger malware. Advised a foreign financial institution in responding to the Equifax data breach for customer communications, contractual obligations, regulatory notifications, and indemnification claims. Designed and played APT ransomware simulation tabletops for a Fortune 500 client. Performed vulnerability assessments; implemented vertically and horizontally interacting multi-regional incident response teams operating on segmented communications platforms. Provided training based on a retail network attack simulation tabletop for a U.S.-based client to assess its compliance with PCI DSS, FTC, and CFPB regulatory framework. Simulated a supply-chain attack for a U.S.-based industrial manufacturer based on Shadowpad and Kingslayer cyberattacks targeting cyber espionage on protected intellectual property. Developed an APT-attack monitoring policy for a U.S.-based client built on indicators of threat analysis. Developed a simplified but comprehensive incident response plan based on various attack vectors. Provided counsel for pen-testing on a U.S.-based smart grid for compliance with the Homeland Security Guidelines on critical infrastructure. Created a risk analysis report for a U.S.-based energy company assessing its zero-trust vulnerabilities. Recommended tailored SIEM technologies based on threat intelligence and geopolitical threat vectors analysis.