Aldo M. Leiva

Of Counsel

Fort Lauderdale
T: 954.768.1622
F: 954.337.7636

Al Leiva is a member of the Government Enforcement and Investigations Group, assisting clients with investigations, compliance, and regulatory matters relating to critical infrastructure, cybersecurity, and supply chain security.

Featured Videos

Session Replay Technology and State Wiretap Class Actions: The Emerging Class Action Trend of 2021 July 14, 2021

PPP Loan Forgiveness, Government Enforcement and Oversight June 24, 2021

Cybersecurity for Financial Institutions: Essential Information on Cyber Incidents and Regulatory Issues November 18, 2020

Professional Biography

Mr. Leiva also serves on the Data Protection, Privacy and Cybersecurity Team, advising clients on compliance, transactions, and litigation involving rapidly evolving federal, state, and international cybersecurity and data privacy laws. Mr. Leiva also serves as trial counsel in complex litigation matters, including class action defense, tort, and business litigation.

Clients turn to Mr. Leiva for strategic legal counsel when facing cybersecurity incidents, data privacy issues, and compliance or litigation involving complex cybersecurity and privacy laws and regulations, including federal laws (CFIUS, TCPA, HIPAA, HITECH, GLB, COPPA, CAN-SPAM, FCRA/FACTA), state laws (data breach notification laws, FIPA, FSCA, CCPA, CPRA) and EU/Latin America data protection laws (GDPR). He has served as privacy compliance counsel, cybersecurity risk mitigation counsel, and general counsel for numerous companies. He advises clients on business practices that comply with laws governing their digital operations, including social media, digital media, mobile app and website marketing, and cloud computing.

Clients also rely upon Mr. Leiva's experience representing companies in complex litigation matters involving business disputes, consumer class action (TCPA, privacy), insurance-related litigation, eDiscovery, tort defense, professional liability, real estate, and construction disputes.

Mr. Leiva monitors and assesses cybersecurity and privacy challenges presented by emerging technologies, including cryptocurrencies, blockchain applications, autonomous vehicles, the Internet of Things, and artificial intelligence. He has also completed extensive critical infrastructure training programs of the U.S. Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team in Cybersecurity for Industrial Control Systems and Operational Security for Control Systems, and has similarly received comprehensive training via DHS and FEMA-authorized programs in the areas of cyber incident analysis and response, disaster recovery for information systems, physical and cybersecurity for critical infrastructure, information risk management and critical asset risk management.

Mr. Leiva serves on the board of directors of the South Florida Chapter of InfraGard, a leading public-private partnership between U.S. businesses and the Federal Bureau of Investigations (FBI) that focuses on critical infrastructure protection. He has developed educational programming on cybersecurity laws and regulations for the members of InfraGard. In 2017, Mr. Leiva was recognized by the FBI for exceptional service in connection with his InfraGard service.

Mr. Leiva's interest in complex technology matters is based on his professional and technical background as a systems biologist, having served as a scientific researcher/instructor in Costa Rica, as well as a comparative legal investigator in Mexico.

Mr. Leiva's pro bono efforts have focused on advocacy for the Rule of Law in Cuba, serving as counsel for Cuban political prisoners and pro-democracy activists before the Inter-American Commission on Human Rights, resulting in a ruling against the Cuban government by an international committee for human rights violations. As a Cuba law/policy analyst, Mr. Leiva has briefed the U.S. State Department, Representatives and Senators, and Presidential candidates on Cuba law and policy. He has also analyzed Cuba trends for trade and media organizations and academic institutions, including the Foundation for Advanced Education in the Sciences, American University, University of Miami, Indiana University, and St. Thomas University. Mr. Leiva was honored to receive the 2020 Human Rights Award from the Cuban American Bar Association in recognition of his activism and advocacy for human rights in Cuba.

Mr. Leiva is fluent in Spanish.

Data Privacy/Cybersecurity, Investigations, and Critical Infrastructure
Conducted international internal ethics investigation for Fortune 500 transportation sector client.
Advised food and agriculture sector client on critical infrastructure matters, including designation of key personnel under CISA guidelines.
Cybersecurity and data privacy counsel for international digital media consortium, including third-party vendor contract negotiation and consultation on applicable domestic and international data protection laws.
Outside general counsel to aviation industry company, with special focus on data privacy and data protection issues.
Successfully defended a national mental health and substance abuse treatment entity in a HIPAA administrative investigation, resulting in no fines paid and the investigation closed.
Conducted internal ethics investigation for an academic apparel and sports equipment company.
Counseled a large municipality on privacy policy and conducted a vulnerability analysis of critical assets.
Served as an incident response and law enforcement liaison for a health care facility undergoing a ransomware attack.
Performed a privacy gap analysis and created a privacy program for a financial services entity.
Served as privacy compliance counsel for an international marketing automation platform.
Served as privacy and U.S. legal compliance counsel for an international emergency transport organization.
Served as general counsel for a federally funded community health center, focusing on its privacy and cybersecurity obligations.
Served as an incident response and law enforcement liaison and counsel for an energy sector company following a phishing attack.
Successfully negotiated a data migration contract with a national electronic medical records provider.
Performed an EU privacy compliance assessment for a U.S.-based international third party claims processor.
Successfully negotiated a technology services contract for a data hosting entity with a court-appointed receiver in a federal matter.
Emerging Technologies
Defended Session Replay Technology (SRT) Class Action against a commercial website operator, alleging state wiretap violations relating to visitor sessions on website.
Represented cryptocurrency investor applying for EB-5 visa, including strategic planning and preparation of response to USCIS request for additional evidence of legal sources of digital funds (BTC/ETH).
Advised live music streaming client on digital marketing, privacy, and cybersecurity matters.
Represented crowdfunding startup in compliance with SEC and other cybersecurity/privacy laws and regulations.
Litigation
Defended TCPA litigation matters for clients in multiple industries, including insurance and health/wellness.
Defended ADA website compliance matters in multiple business sectors and industries, including hospitality, fashion, and retail sector clients.
Successfully defended food manufacturing entity in shareholder derivative lawsuit alleging breach of fiduciary duty and breach of contract, resulting in full divestment of shareholder's interest in entity and no liability for client.
Successfully defended a physician in an administrative professional investigation by the Florida Department of Health, arising out of a patient complaint, resulting in case dismissal without a finding of probable cause against the physician.
Obtained a defense verdict for an internal medicine physician accused of professional negligence in St. Lucie County, Florida.
Obtained a defense verdict for a radiologist accused of professional negligence in Miami-Dade County, Florida.
Obtained a defense verdict for a trauma surgeon accused of professional negligence in Miami-Dade County, Florida.
Obtained a defense verdict for an anesthesiologist accused of professional negligence in Miami-Dade County, Florida.
Obtained a defense verdict for a hematologist accused of professional negligence in Miami-Dade County, Florida.
Obtained summary judgment and the award of attorney's fees in favor of a water treatment company.
Managed and litigated premises liability matters for a multinational retail company.
Served as defense counsel for international aerospace entity in product liability and commercial dispute matters.
Obtained successful resolution of social media dispute between aerospace industry client and third-party technology vendor.
Served as defense counsel for medical group in multi-million dollar wrongful death action.
Represented international health supplement company in Telephone Consumer Protection Act matter.
Served as products liability defense counsel for publicly traded plumbing supply and water treatment company.

Recipient – Cuban American Bar Association Human Rights Member of the Year (2020)
Recipient – Exceptional Service in the Public Interest, FBI/InfraGard (2017)
Recipient – "Most Effective Lawyer," Daily Business Review (2015)
Board Member – InfraGard, South Florida Chapter Board of Director (2017 – present)
Board Member – University of Miami, Amigos of the Cuban Heritage Collection Board of Directors (2007 – present), Past Chairman of the Board
Member – Baker Donelson Diversity Committee (2018 – present)
Member – CISO Executive Network, South Florida Chapter (2019 – present)
Member – U.S. Secret Service, Miami Economic Crimes Task Force (2014 – present)
Member – International Association of Privacy Professionals (IAPP)
Member – The Florida Bar Association
Member – Cuban American Bar Association (CABA), CABA on Cuba Committee (2004 – present)
Advisor – Cybersecurity for Executives Program, University of South Florida (2018 – present)

"New Florida Genetic Privacy Law Imposes Criminal Penalties," republished December 9, 2021 in Daily Business Review (October 2021)
"FFIEC Updates Its Guidance on Authentication and Access Controls: Key Takeaways Financial Institutions Should Implement Now" (August 2021)
"PPP Oversight: Congress Turns Its Focus to the Agency Diligence," republished May 26, 2021 in Corporate Compliance Insights (May 12, 2021)
"Florida's Broad New COVID-19 Liability Protections" (April 2021)
"COVID-19 Considerations for SEC Cybersecurity Guidance, Disclosure, Enforcement, and Parallel Proceedings: Navigating the New Normal," Journal of Investment Compliance (December 2020)
"Artificial Intelligence and Bias: Considerations to Prevent Bias and Mitigate Legal Risk of Employers," Diversity Matters (Third Quarter 2020)
"FTC's Red Flag Rule: A Review of Enforcement Actions and Compliance Considerations for the Next Decade," Market Solutions, Financial Markets Association's e-Newsletter, Volume 29, Number 3 (September 2020)
"Feds Crack Down on Hoarding of Scarce Materials and Price Gouging Due to COVID-19," Daily Business Review (April 7, 2020)
"HHS Issues Notice of Designation of Scarce Materials or Threatened Materials Subject to COVID-19 Hoarding Prevention Measures" (April 3, 2020)
"Florida Stay at Home Order: What Florida Businesses Need to Know" (April 2, 2020)
"Department of Justice, States, SEC Pursue COVID-19 Enforcement Actions," Daily Business Review (April 2, 2020)
"Coronavirus: CISA Issues Guidance on Essential Critical Infrastructure During COVID-19 Response" (March 23, 2020)
"Defense Production Act is Invoked by President Trump" (March 19, 2020)
Contributing Author – Data Security and Privacy Developments, Thomson Reuters Practical Law (2019 – present)
"Florida Employee Privacy Alert: No Expectation of Privacy for Contents of Employee's Flash Drive Attached to Work Computer," (July 2019); republished in the Daily Business Review (August 2019)
"The New York Privacy Act: A Consumer Privacy Bill to Monitor Closely," (June 2019); republished in Westlaw Journal Bank & Lender Liability (July 2019)
"New Data Law Comes into Effect on January 1, 2019 – Does Your Business Have to Comply?" (November 2018)
"Lessons and Practical Guidance from the Target Data Breach AG Settlement," Information Law Journal, ABA Section of Science and Technology Law, Volume 8, Issue 4 (Autumn 2017)
"The Florida Information Protection Act and HIPAA: Practical Considerations for Regulated Entities," ABA Journal, Vol. 6, Issue 2 (Spring 2015)
"You Know About HIPAA, But What About FIPA?," Florida Bar Health Law Section Newsletter, The Florida Bar (October 2014)
"Electronic Data Disclosure of Third Party Personal ESI and U.S./Latin American Arbitration Proceedings – Privacy Issues within International Conflict Resolution," eDiscovery and Digital Evidence Journal, ABA (December 2012)
"Data Protection Law in Spain and Latin America: Survey of Legal Approaches," International Law News, ABA (Fall 2012)

Panelist – "Breakfast with Compliance Champs," SECNAP Network Security Educational Breakfast Series (October 2018)
"Data Breach Preparedness in the Healthcare Sector: Best Practices and Legal Considerations," InfraGard South Florida, Healthcare Sector Presentation (May 2018)
"What the Hack! Cybersecurity in 2018," Greater Boca Raton Estate Planning Council (April 2018)
"Professional and Medical Ethics," Emerald Coast Medical Association, 2018 CME Beach Retreat (January 2018)
"Florida Laws and Rules for Healthcare Providers," Emerald Coast Medical Association, 2018 CME Beach Retreat (January 2018)
"Cybersecurity Laws and Regulations Impacting Critical Infrastructure Sectors," InfraGard South Florida (September 2017)
"Cuba: What's Next?," Miami Association of Realtors (October 2016)
"2015 Update on the Florida Office Surgery Rules: What Every MD and DO Should Know," ACOG District XII, 2015 Annual District Meeting (August 2015)
"Developing Policies Across Latin America," Q1 Life Science Data Privacy Conference, Philadelphia, Pennsylvania (July 27 – 28, 2015)
"Derecho de Datos Personales y Seguridad: Temas de consideración por Dentistas en 2015," [Spanish language presentation on HIPAA and Florida Information Protection Act for Dental Professional Organization], COLA-HELO (Organización Profesional de Dentistas), Miami, Florida (March 2015)
"US-Cuba Policy Changes: Outlook for 2015," The Salt Institute, Miami Beach, Florida (March 2015)
"HIPAA/HITECH Update: What OBGYNS Must Know About Patient Privacy and Data Security in 2014," American Congress of Obstetrics and Gynecology, ACOG District XII Annual District Meeting, Recent Advances and Current Trends in OB/GYN, Orlando, Florida (August 2014)
"HIPAA/HITECH and Chiropractors: What You Must Know About Patient Privacy and Data Security in 2014," Dade County Chiropractic Society (August 2014)
"HIPAA/HITECH Update: Practical Effects and Enforcement Trends," American Health Law Association (January 2014)

Session Replay Technology and State Wiretap Class Actions: The Emerging Class Action Trend of 2021 (July 2021)
PPP Loan Forgiveness, Government Enforcement and Oversight (June 2021)
"Cybersecurity Considerations for CFIUS-Regulated Transactions," CLE presentation for Celesq AttorneysEd Center (February 2021)
Cybersecurity for Financial Institutions: Essential Information on Cyber Incidents and Regulatory Issues (November 2020)
"Zero Day: Anatomy of a Cyber Incident from a Legal Perspective," Nova-Southeastern University College of Computing and Engineering (November 2020)
"The New Plaza Civica in Cuba: The Role of Social Media and Digital Platforms," Cuban American Bar Association Webinar (June 2020)
"COVID-19 and the Telework Environment: Addressing Cybersecurity Risks for Lawyers," Cuban American Bar Association Webinar (April 2020)