Anna Rudawski

Anna Rudawski


Anna works with clients to contain cyber incidents and their effects, investigate their cause and impact, and deliver public and regulatory communications on behalf of clients. 
As part of her incident response practice, Anna also manages related cross-border regulatory investigations and has successfully defended clients in privacy and cyber-related federal and state investigations. Anna also assists clients with all aspects of breach preparedness, including information security governance and risk management, and counselling executives on cybersecurity matters. 

Anna also provides expert advice regarding the secure handling of confidential and personally identifiable information, as well as on compliance with international, federal and state privacy regulations including the GDPR, CCPA, HIPAA, CAN-SPAM, BIPA, and TCPA. Anna works with companies to build, mature, and test privacy compliance and cyber risk management programs. She also provides product counsel to clients on the use of AI, biometric data, and new and emerging technologies. Anna routinely works with clients on issues related to protecting data and assessing cyber risks during transactions or reorganizations, such as M&A deals and drafting and negotiating tailored privacy and data security contract provisions. 

Anna advises clients in the financial services, healthcare, insurance, and technology industries. Anna also brings distinctive perspective from her years in-house in the pharmaceutical and financial sectors, including as the Vice President of Global Privacy at JPMorgan Chase, to her practice advising clients across their privacy and cybersecurity challenges.


Representative matters

Managed incident response for one of the largest healthcare companies in the United States.

Assisted one of the largest professional services firms in evaluating its privacy and cybersecurity program maturity and reporting findings to its board.

Successfully represented several companies in federal investigations brought by federal agencies, including HHS and the FTC, related to large publicly reported data breaches.

Assisted numerous Fortune 100 companies in developing incident response and preparedness programs, including conducting exercises and simulations.

Published Work

  • Co-author, "Mic Drop: California AG releases long-awaited CCPA Rulemaking," Bloomberg Law, October 16, 2019 
  • "Healthcare Regulatory and Privacy Issues in Reproductive Technologies and Big Data," ABA Health eSource, American Bar Association, October 18, 2018 
  • "The Future of Cyber Threats: When Attacks Cause Physical Harm," New York Law Journal, June 1, 2018 
  • "Cybersecurity of Toll Roads: Are We There Yet?," Law360, Expert Analysis, March 27, 2018 

Speaking Engagements

  • Picture Perfect: Leveraging Biometrics Without Compromising Privacy & Security
  • Speaker at IAPP Privacy. Security. Risk Summit. October 2022

Leadership Positions And Professional Affiliations

  • International Association of Privacy Professionals (IAPP)
Lawdragon 500 X
The Next Generation (2023)



Registered Foreign Lawyer, England and Wales, 2024

New York State Bar (2014)


JD, Graduated with Distinction, Brooklyn Law School, 2013

MA, American Literature, The Graduate Center, City University of New York, 2011

BA, Honors, Political Science and English, McGill University, 2008

A&O Shearman was formed on May 1, 2024 by the combination of Shearman & Sterling LLP and Allen & Overy LLP and their respective affiliates (the legacy firms). Any matters referred to above may include matters undertaken by one or more of the legacy firms rather than A&O Shearman.