Sherwin M. Yoder, CIPP/US, CIPP/E, and CIPM

Partner

New Haven
syoder@carmodylaw.com

Notice

Information you send by email through this link is not protected by the attorney-client privilege and is not confidential. Therefore your email should not include confidential information. To obtain legal advice, you must hire an attorney and establish an attorney-client relationship by signing and returning an engagement letter. Until you do so, our law firm is not your attorney, you are not our client, and nothing you tell us is privileged or confidential. If in doubt about whether any information is confidential, please do not send it.

By clicking "Accept" below, you indicate that you have read and understand this Notice.

Accept
203.784.3107

Legal Services

Education

Quinnipiac University School of Law, J.D., 2003 ~ magna cum laude
Wesleyan University, College of Letters, B.A., 1995 ~ cum laude

Admissions

Bar Admissions

Connecticut
New York

Court Admissions

U.S. Court of Appeals for the Second Circuit
U.S. District Court, District of Connecticut
U.S. International Trade Commission
U.S. Supreme Court

Back to Our Team

Home » Our Team » Sherwin M. Yoder, CIPP/US, CIPP/E, and CIPM

Sherwin is a certified privacy professional (CIPP/US, CIPP/E and CIPM) and counsels clients in the areas of data privacy and cyber security.

He helps organizations establish written information security programs. He serves as external Chief Privacy Officer, as well as the Data Protection Officer under the EU GDPR. He has negotiated and drafted privacy and data security provisions for vendor contracts, outsourcing agreements, data transfer agreements, Controller-to-Controller and Controller-to-Processor agreements, HIPAA Business Associate agreements, student data protection addenda, and so on.

Sherwin has advised clients in M&A and commercial real estate deals involving cybersecurity due diligence and the transfer of data containing sensitive personal and commercial information. He advises clients on purchasing cyber insurance coverage.

In cases of data security incidents or breaches involving disclosure of personal health, consumer, student, and employment information, Sherwin regularly coaches businesses, unions, law firms, institutions, and health care providers through incident investigation, breach notification, and responding to regulators. When litigation ensues, Sherwin is well positioned to defend or prosecute claims. He has assisted entities and individuals in investigating and civilly prosecuting others for computer crimes involving theft of confidential information and breaches of privacy.

Sherwin counsels start-ups and emerging companies on their privacy and security obligations in designing and launching e-commerce sites, mobile applications, IoT devices, and other technologies or transactions involving the flow of data. He has drafted and negotiated technology and software licensing agreements, service agreements, website and mobile app terms of use, and privacy policies.

Sherwin has also served non- and for-profit entities, utilities and municipalities in complex commercial litigation involving environmental issues, breach of contract, unfair trade practices and intellectual property disputes, as well as personal injury defense.

Sherwin has practiced before state and federal agencies and at all three levels of state and federal court, including the U.S. Supreme Court and the U.S. International Trade Commission. Sherwin enjoys working with out-of-state attorneys as local counsel in Connecticut state and federal courts, whether the client needs only limited local guidance or more active involvement.

Sherwin clerked for the Honorable Alvin W. Thompson of the U.S. District Court in Hartford and draws upon his experience with federal court clerks, judges, magistrates and government lawyers in order to counsel clients and out-of-state attorneys about federal practice in Connecticut. Before law school, Sherwin worked his way from examining short- and long-term disability claims for The Hartford Life Insurance Company to drafting group disability policies and advocating before state insurance commissioners.

Affiliations

Connecticut Entrepreneurs Forum, Inc., Board of Directors, 2017-present
International Association of Privacy Professionals, including Connecticut IAPP KnowledgeNet
InfraGard, Connecticut Chapter
New Haven County Bar Association
Connecticut Bar Association
Federal Practice Section, Legislative Liaison and Executive Committee Member, 2014-present

Distinctions

Litigation Star, Benchmark Litigation, 2023
Certified Information Privacy Professional/United States, 2015-present
Certified Information Privacy Professional/Europe, 2018-present
Certified Information Privacy Manager, 2018-present
Connecticut Super Lawyers® - Business Litigation, Utilities, Intellectual Property Litigation, 2013, 2015-2017, 2020, 2022
New England Super Lawyers® - Business Litigation, 2013-2016

Community

Volunteer, Federal Court Public Outreach Committee, Annual Law Day High School Trial Simulation, New Haven, 2011-present
Wallingford Rotary Club
Rotarian of the Year, 2016
Program Chair, High School Public Speaking Contest, Wallingford Rotary Club, 2013-2016
Co-chair, annual Celebrate Wallingford fundraiser, 2012-2016
Middle school and high school mock trial coach and judge, 2009-2014
Board of Directors, Maranatha Christian Church of America, 2009-2014
Church missions related trips abroad, including to Brazil and South Korea, 1994-present

Experience

Serve as GDPR Data Protection Officer and Chief Privacy Officer for software technology provider for clinical research studies.
Coached national on-line retailer of high-end specialty products through data breach involving customer payment card information in 42 states and territories and post-breach compliance with Payment Card Industry Data Security Standards (PCI-DSS).
Advise international workplace technology provider on GDPR compliance and processor contract negotiation.
Counsel municipality through response to online bank account compromise and fraudulent ACH transaction and complex governance and liability issues.
Advise Regional Education Service Center on compliance with student data privacy laws and negotiate technology vendor contracts.
Negotiated indemnification to recover data breach notification costs from corporate client’s hacked data hosting vendor despite lack of written services agreement.
Coached healthcare practice through HIPAA privacy breach resulting from employee forgery of patient checks and theft of patient credit card numbers.
Advise regional health insurer on compliance of proposed business plan with HIPAA marketing rules.
Coached national builder of mall retail shops through breach notification and other legal issues arising from ransomware attack.
Guide review and implementation of HIPAA compliance program for professional accounting and advisory firm.
Advise and provide webinar training to staff of international national nonprofit organization on development of written information privacy and security audit program.
Guided response of regional nonprofit provider of social services in response to incident involving breach of sensitive medical diagnosis in potential violation of HIPAA Privacy Rule.
Counseled national affordable housing developer concerning compliance issues arising from research and data collection from tenants aimed at providing targeted social services.
Prosecute theft of trade secrets and recovery of HIPAA privacy breach costs arising from theft of competitive and member personal information by departing employee and coach insurer through multiple regulator notification.
In computer crime and misappropriation of trade secrets case, secured employer-friendly federal appellate court decision providing novel interpretation of state statute governing court jurisdiction over out-of-state former employees.
Part of defense team that obtained noninfringement rulings for local distributor and Taiwanese manufacturer of coaxial cable connectors in action brought in the U.S. International Trade Commission.
In pro bono engagement for owner of home damaged by fire, obtained damages award against home improvement contractor that failed to finish job and made client whole through successful application to Connecticut Home Improvement Guaranty Fund.
In pro bono appointment for state inmate, obtained substantial settlement from federal government in civil forfeiture action.
For national internet software retailer, favorably resolved trademark and copyright infringement claims asserted by worldwide software maker.
Served as counsel for all check fraud prosecutions for regional banking institution.

Connecticut Legislature Expands Privacy and Cybersecurity Laws

June 18, 2021

The most recent Connecticut legislative session, which ended June 9, 2021, may have stopped short of passing California-like, comprehensive consumer data privacy legislation, but it – like other states – continued its yearly march toward ever-increasing privacy and data security protections in two pieces of legislation, including one that is
Read More

Blackbaud Ransomware Attack and Data Breach

July 24, 2020

Blackbaud, a popular supplier of automated fundraising tools and related technology services for nonprofits, schools and universities, last week began notifying customers worldwide that it was the victim of a ransomware attack that may have resulted in the unauthorized disclosure of customer data. Some of the Blackbaud services known to
Read More