Sherwin is a certified privacy professional (CIPP/US, CIPP/E and CIPM) and counsels clients in the areas of data privacy and cyber security.
He helps organizations establish written information security programs. He serves as external Chief Privacy Officer, as well as the Data Protection Officer under the EU GDPR. He has negotiated and drafted privacy and data security provisions for vendor contracts, outsourcing agreements, data transfer agreements, Controller-to-Controller and Controller-to-Processor agreements, HIPAA Business Associate agreements, student data protection addenda, and so on.
Sherwin has advised clients in M&A and commercial real estate deals involving cybersecurity due diligence and the transfer of data containing sensitive personal and commercial information. He advises clients on purchasing cyber insurance coverage.
In cases of data security incidents or breaches involving disclosure of personal health, consumer, student, and employment information, Sherwin regularly coaches businesses, unions, law firms, institutions, and health care providers through incident investigation, breach notification, and responding to regulators. When litigation ensues, Sherwin is well positioned to defend or prosecute claims. He has assisted entities and individuals in investigating and civilly prosecuting others for computer crimes involving theft of confidential information and breaches of privacy.
Sherwin counsels start-ups and emerging companies on their privacy and security obligations in designing and launching e-commerce sites, mobile applications, IoT devices, and other technologies or transactions involving the flow of data. He has drafted and negotiated technology and software licensing agreements, service agreements, website and mobile app terms of use, and privacy policies.
Sherwin has also served non- and for-profit entities, utilities and municipalities in complex commercial litigation involving environmental issues, breach of contract, unfair trade practices and intellectual property disputes, as well as personal injury defense.
Sherwin has practiced before state and federal agencies and at all three levels of state and federal court, including the U.S. Supreme Court and the U.S. International Trade Commission. Sherwin enjoys working with out-of-state attorneys as local counsel in Connecticut state and federal courts, whether the client needs only limited local guidance or more active involvement.
Sherwin clerked for the Honorable Alvin W. Thompson of the U.S. District Court in Hartford and draws upon his experience with federal court clerks, judges, magistrates and government lawyers in order to counsel clients and out-of-state attorneys about federal practice in Connecticut. Before law school, Sherwin worked his way from examining short- and long-term disability claims for The Hartford Life Insurance Company to drafting group disability policies and advocating before state insurance commissioners.
Connecticut Entrepreneurs Forum, Inc., Board of Directors, 2017-present
International Association of Privacy Professionals, including Connecticut IAPP KnowledgeNet
InfraGard, Connecticut Chapter
New Haven County Bar Association
Connecticut Bar Association
Federal Practice Section, Legislative Liaison and Executive Committee Member, 2014-present
Litigation Star, Benchmark Litigation, 2023
Certified Information Privacy Professional/United States, 2015-present
Certified Information Privacy Professional/Europe, 2018-present
Certified Information Privacy Manager, 2018-present
Connecticut Super Lawyers® – Business Litigation, Utilities, Intellectual Property Litigation, 2013, 2015-2017, 2020, 2022
New England Super Lawyers® – Business Litigation, 2013-2016
Serve as GDPR Data Protection Officer and Chief Privacy Officer for software technology provider for clinical research studies.
Coached national on-line retailer of high-end specialty products through data breach involving customer payment card information in 42 states and territories and post-breach compliance with Payment Card Industry Data Security Standards (PCI-DSS).
Advise international workplace technology provider on GDPR compliance and processor contract negotiation.
Counsel municipality through response to online bank account compromise and fraudulent ACH transaction and complex governance and liability issues.
Advise Regional Education Service Center on compliance with student data privacy laws and negotiate technology vendor contracts.
Negotiated indemnification to recover data breach notification costs from corporate client’s hacked data hosting vendor despite lack of written services agreement.
Coached healthcare practice through HIPAA privacy breach resulting from employee forgery of patient checks and theft of patient credit card numbers.
Advise regional health insurer on compliance of proposed business plan with HIPAA marketing rules.
Coached national builder of mall retail shops through breach notification and other legal issues arising from ransomware attack.
Guide review and implementation of HIPAA compliance program for professional accounting and advisory firm.
Advise and provide webinar training to staff of international national nonprofit organization on development of written information privacy and security audit program.
Guided response of regional nonprofit provider of social services in response to incident involving breach of sensitive medical diagnosis in potential violation of HIPAA Privacy Rule.
Counseled national affordable housing developer concerning compliance issues arising from research and data collection from tenants aimed at providing targeted social services.
Prosecute theft of trade secrets and recovery of HIPAA privacy breach costs arising from theft of competitive and member personal information by departing employee and coach insurer through multiple regulator notification.
In computer crime and misappropriation of trade secrets case, secured employer-friendly federal appellate court decision providing novel interpretation of state statute governing court jurisdiction over out-of-state former employees.
Part of defense team that obtained noninfringement rulings for local distributor and Taiwanese manufacturer of coaxial cable connectors in action brought in the U.S. International Trade Commission.
In pro bono engagement for owner of home damaged by fire, obtained damages award against home improvement contractor that failed to finish job and made client whole through successful application to Connecticut Home Improvement Guaranty Fund.
In pro bono appointment for state inmate, obtained substantial settlement from federal government in civil forfeiture action.
For national internet software retailer, favorably resolved trademark and copyright infringement claims asserted by worldwide software maker.
Served as counsel for all check fraud prosecutions for regional banking institution.