Dana E. Holmstrand

Dana Holmstrand provides strategic counsel to clients navigating the complex and dynamic landscape of U.S. privacy, cybersecurity and artificial intelligence (AI) issues. Ms. Holmstrand routinely counsels clients with regard to global operations, helping organizations reconcile overlapping requirements and develop business-friendly policies and procedures tailored to their operations. Her practice spans a wide range of industries, including advertising, health care, technology, financial services, consumer products, data aggregation and analytics, and infrastructure.

Ms. Holmstrand has extensive experience advising clients on matters related to expanding state privacy laws, including the California Consumer Privacy Act (CCPA) and Illinois Biometric Information Privacy Act (BIPA), as well as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Electronic Communications Privacy Act and the Children’s Online Privacy Protection Act (COPPA). She also helps clients navigate the Department of Justice’s Data Security Program, including with regard to understanding whether transactions are subject to the rule and addressing ongoing operational requirements.

She also counsels clients on AI governance matters, including on the development of AI risk frameworks, the drafting of internal AI use policies and compliance with emerging state-level AI legislation. Her practice draws on hands-on experience guiding organizations through the practical challenges of responsible AI deployment in the evolving regulatory landscape. Ms. Holmstrand also provides guidance on Federal Trade Commission (FTC) and state regulatory requirements to ensure that clients are informed of industry best practices to minimize risk and maximize success.

In addition, she supports clients through complex cybersecurity incident response, including investigations and regulatory notification analysis.

Ms. Holmstrand’s practice is informed by her prior experience as an IT strategy consultant at a leading audit, tax and advisory services firm, where she supported the U.S. Department of Veterans Affairs in translating strategic planning goals into actionable technical and fiscal requirements. This background allows her to bridge gaps between legal, technical and business stakeholders, providing clear and actionable guidance on complex IT and privacy issues. In addition, prior to joining Skadden, she was an associate in the privacy and data security practice of another law firm.