Al Leiva advises clients on compliance with rapidly evolving federal, state, and international data security and privacy laws. Mr. Leiva also handles complex business litigation matters.

Professional Biography

Overview

Clients turn to Mr. Leiva for strategic legal counsel when facing data breaches, data privacy issues, and complex cybersecurity and privacy laws and regulations, including HIPAA, HITECH, data breach notification laws, cyberliability, GLB, COPPA, CAN-SPAM, FCRA/FACTA, and EU/Latin America data protection laws. He has served as privacy compliance counsel, cybersecurity risk mitigation counsel, and general counsel for numerous companies. He advises clients on business practices that comply with laws governing their digital operations, including social media, digital media, mobile app and website marketing, and cloud computing. Clients also rely upon Mr. Leiva's experience representing companies in complex litigation matters involving business disputes, insurance-related litigation, eDiscovery, tort defense, professional liability, real estate, and construction disputes.

Mr. Leiva closely monitors legal and technological developments in emerging technologies, including autonomous vehicles and systems, the Internet of Things, big data analytics, artificial intelligence, cryptocurrency, Blockchain and quantum computing. He has also completed critical infrastructure training programs of the U.S. Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team in Cybersecurity for Industrial Control Systems and Operational Security for Control Systems, and has similarly received comprehensive training via DHS and FEMA-authorized programs in the areas of cyber incident analysis and response, disaster recovery for information systems, physical and cybersecurity for critical infrastructure, information risk management and critical asset risk management.

Mr. Leiva serves on the board of the South Florida Chapter of InfraGard, a leading public-private partnership between U.S. businesses and the Federal Bureau of Investigations (FBI) that focuses on critical infrastructure protection. He has developed educational programming on cybersecurity laws and regulations for the members of InfraGard. In 2017, Mr. Leiva was recognized by the FBI for exceptional service in connection with his InfraGard service.

Mr. Leiva's interest in complex technology matters is based on his professional and technical background as a systems biologist, having served as a scientific researcher/instructor in Costa Rica, as well as a comparative legal investigator in Mexico.

In addition, Mr. Leiva has advocated for the Rule of Law in Cuba, serving as counsel for Cuban political prisoners and pro-democracy activists before the Inter-American Commission on Human Rights, resulting in a ruling against the Cuban government by an international committee for human rights violations. As a Cuba law/policy analyst, Mr. Leiva has briefed the U.S. State Department, Representatives and Senators, and Presidential candidates on Cuba law and policy. He has also analyzed Cuba trends for trade and media organizations and academic institutions, including the Foundation for Advanced Education in the Sciences, American University, University of Miami, Indiana University, and St. Thomas University.

Mr. Leiva is fluent in Spanish.

Representative Matters

Successfully defended a national mental health and substance abuse treatment entity in a HIPAA administrative investigation, resulting in no fines paid and the investigation closed.
Counseled a large municipality on privacy policy and conducted a vulnerability analysis of critical assets.
Served as an incident response and law enforcement liaison for a health care facility undergoing a malware attack.
Performed a privacy gap analysis and created a privacy program for a financial services entity.
Served as privacy compliance counsel for an international marketing automation platform.
Served as privacy and U.S. legal compliance counsel for an international emergency transport organization.
Served as cybersecurity risk mitigation counsel for an information technology services provider.
Served as general counsel for a federally funded community health center, focusing on its privacy and cybersecurity obligations.
Created a HIPAA risk assessment and supervision of remediation plan for a federally funded home care agency.
Served as an incident response and law enforcement liaison and counsel for an energy sector company following a phishing attack.
Successfully negotiated a data migration contract with a national electronic medical records provider.
Performed an EU privacy compliance assessment for a U.S.-based international third party claims processor.
Successfully negated a technology services contract for a data hosting entity with a court-appointed receiver in a federal matter.
Obtained a defense verdict for an internal medicine physician accused of professional negligence in St. Lucie County, Florida.
Obtained a defense verdict for a radiologist accused of professional negligence in Miami-Dade County, Florida.
Obtained a defense verdict for a trauma surgeon accused of professional negligence in Miami-Dade County, Florida.
Obtained a defense verdict for an anesthesiologist accused of professional negligence in Miami-Dade County, Florida.
Obtained a defense verdict for a hematologist accused of professional negligence in Miami-Dade County, Florida.
Obtained summary judgment and the award of attorney's fees in favor of a water treatment company.
Managed and litigated premises liability matters for a multinational retail company.
Successfully managed cybersecurity incident for international financial services entity, including overseeing internal investigation, computer forensic analysis and ensuring compliance with multi-jurisdictional data breach notification requirements.
Served as cybersecurity and data privacy counsel for international digital media consortium, including third party vendor contract negotiation and consultation on applicable domestic and international data protection laws.
Served as defense counsel for international aerospace entity in product liability and commercial dispute matters.
Obtained successful resolution of social media dispute between aerospace industry client and third-party technology vendor.
Served as defense counsel for medical group in multi-million dollar wrongful death action.
Represented international health supplement company in Telephone Consumer Protection Act matter.
Successfully defended food manufacturing entity in shareholder derivative lawsuit alleging breach of fiduciary duty and breach of contract, resulting in full divestment of shareholder's interest in entity and no liability for client.
Served as products liability defense counsel for publicly traded plumbing supply and water treatment company.

Professional Honors & Activities

Recipient – Exceptional Service in the Public Interest, FBI/InfraGard (2017)
Recipient – "Most Effective Lawyer," Daily Business Review (2015)
Member – CISO Executive Network, South Florida Chapter (2019 – present)
Member – InfraGard, South Florida Chapter Board of Director (2017 – present)
Member – U.S. Secret Service, Miami Economic Crimes Task Force (2014 – present)
Member – The Florida Bar Association, Standing Committee on Technology
Advisor – Cybersecurity for Executives Program, University of South Florida (2018 – present)
Member – University of Miami, Amigos of the Cuban Heritage Collection Board of Directors (2007 – present)
- Immediate Past Chair (2017)

Publications

"Feds Crack Down on Hoarding of Scarce Materials and Price Gouging Due to COVID-19," Daily Business Review (April 7, 2020)
"HHS Issues Notice of Designation of Scarce Materials or Threatened Materials Subject to COVID-19 Hoarding Prevention Measures" (April 3, 2020)
"Florida Stay at Home Order: What Florida Businesses Need to Know" (April 2, 2020)
"Department of Justice, States, SEC Pursue COVID-19 Enforcement Actions," Daily Business Review (April 2, 2020)
"Coronavirus: CISA Issues Guidance on Essential Critical Infrastructure During COVID-19 Response" (March 23, 2020)
"Defense Production Act is Invoked by President Trump" (March 19, 2020)
Contributing Author – Data Security and Privacy Developments, Thomson Reuters Practical Law (2019 – present)
"Florida Employee Privacy Alert: No Expectation of Privacy for Contents of Employee's Flash Drive Attached to Work Computer," (July 2019); republished in the Daily Business Review (August 2019)
"The New York Privacy Act: A Consumer Privacy Bill to Monitor Closely," (June 2019); republished in Westlaw Journal Bank & Lender Liability (July 2019)
"New Data Law Comes into Effect on January 1, 2019 – Does Your Business Have to Comply?" (November 2018)
"Lessons and Practical Guidance from the Target Data Breach AG Settlement," Information Law Journal, ABA Section of Science and Technology Law, Volume 8, Issue 4 (Autumn 2017)
"The Florida Information Protection Act and HIPAA: Practical Considerations for Regulated Entities," ABA Journal, Vol. 6, Issue 2 (Spring 2015)
"You Know About HIPAA, But What About FIPA?," Florida Bar Health Law Section Newsletter, The Florida Bar (October 2014)
"Mobile Medical Apps Draw FDA Scrutiny," E-Commerce Law Reports, Vol. 13, Issue 3 (July 2013)
"Electronic Data Disclosure of Third Party Personal ESI and U.S./Latin American Arbitration Proceedings – Privacy Issues within International Conflict Resolution," eDiscovery and Digital Evidence Journal, ABA (December 2012)
"Data Protection Law in Spain and Latin America: Survey of Legal Approaches," International Law News, ABA (Fall 2012)

Speaking Engagements

Panelist – "Breakfast with Compliance Champs," SECNAP Network Security Educational Breakfast Series (October 2018)
"Data Breach Preparedness in the Healthcare Sector: Best Practices and Legal Considerations," InfraGard South Florida, Healthcare Sector Presentation (May 2018)
"What the Hack! Cybersecurity in 2018," Greater Boca Raton Estate Planning Council (April 2018)
"Professional and Medical Ethics," Emerald Coast Medical Association, 2018 CME Beach Retreat (January 2018)
"Florida Laws and Rules for Healthcare Providers," Emerald Coast Medical Association, 2018 CME Beach Retreat (January 2018)
"Cybersecurity Laws and Regulations Impacting Critical Infrastructure Sectors," InfraGard South Florida (September 2017)
"Cuba: What's Next?," Miami Association of Realtors (October 2016)
"2015 Update on the Florida Office Surgery Rules: What Every MD and DO Should Know," ACOG District XII, 2015 Annual District Meeting (August 2015)
"Developing Policies Across Latin America," Q1 Life Science Data Privacy Conference, Philadelphia, Pennsylvania (July 27 – 28, 2015)
"Derecho de Datos Personales y Seguridad: Temas de consideración por Dentistas en 2015," [Spanish language presentation on HIPAA and Florida Information Protection Act for Dental Professional Organization], COLA-HELO (Organización Profesional de Dentistas), Miami, Florida (March 2015)
"US-Cuba Policy Changes: Outlook for 2015," The Salt Institute, Miami Beach, Florida (March 2015)
"HIPAA/HITECH Update: What OBGYNS Must Know About Patient Privacy and Data Security in 2014," American Congress of Obstetrics and Gynecology, ACOG District XII Annual District Meeting, Recent Advances and Current Trends in OB/GYN, Orlando, Florida (August 2014)
"HIPAA/HITECH and Chiropractors: What You Must Know About Patient Privacy and Data Security in 2014," Dade County Chiropractic Society (August 2014)
"HIPAA/HITECH Update: Practical Effects and Enforcement Trends," American Health Law Association (January 2014)