Sarah Spector Boudouris
Practice Areas
Education
- The Ohio State University Moritz College of Law, J.D., 2016, Order of the Coif
- The Ohio State University, B.A., 2013, magna cum laude
Bar & Court Admissions
Judicial Clerkships
- Honorable Judge Edmund A. Sargus, Jr., United States District Court for the Southern District of Ohio, 2017-2018
- Chief Magistrate Judge Elizabeth A. Preston Deavers, United States District Court for the Southern District of Ohio, 2017
Sarah is an associate in the litigation group in the Columbus office. Her practice focuses on complex business, commercial, construction, and contract litigation. She has experience in counseling large commercial clients related to potential litigation, including breach of contract, statutory and regulatory compliance, and general best business practices. Sarah also maintains a significant privacy and data security practice, advising companies regarding privacy compliance and technology, including privacy policy creation, marketing, information sharing, cybersecurity, and unfair competition. Sarah also has experience counseling clients through investigation of and response to data security breaches.
Her notable experience includes:
- Serving as in house counsel in months-long secundment to a Fortune 500 company
Sarah received her J.D. from The Ohio State University Moritz College of Law, where she was a member of the Order of the Coif and a managing editor for the Ohio State Law Journal. She received her B.A. magna cum laude from The Ohio State University.
Professional and Community Activities
- Restored Citizens Committee, Committee Member
News
- 3/20/2020Sarah Boudouris, an associate in the Vorys Columbus office, was recently profiled in the Columbus Jewish News.
- 10/28/2016Vorys, Sater, Seymour and Pease LLP announced that eight first-year associates have joined the firm
Insights
- 9/2/2020On Sunday, August 30th, the California Legislature passed AB 1281, a bill extending the business-to-business and employee carve-outs to California Consumer Privacy Act (CCPA) compliance until January 1, 2022.
- 6/26/2020On June 24, the California Privacy Rights Act (CPRA) became eligible for the November 2020 general election ballot in California. The CPRA would expand and amend the recently-operable California Consumer Privacy Act (CCPA).
- 6/5/2020On June 1, California Attorney General Xavier Becerra submitted the final proposed regulations to the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL).
- 5/7/2020U.S. Senators Roger Wicker, John Thune, Jerry Moran, and Marsha Blackburn recently announced their plan to introduce the COVID-19 Consumer Data Protection Act, seeking to provide Americans more transparency and control over the collection and use of “covered data” during the COVID-19 public health emergency.
- 4/14/2020Although the draft regulations implementing the California Consumer Privacy Act (CCPA) have not been finalized, businesses are already encountering a wave of CCPA class action lawsuits.
- 3/12/2020Yesterday, California Attorney General Xavier Becerra released a third set of draft regulations (the New Modifications) implementing the California Consumer Privacy Act (CCPA).
- 2/10/2020On February 7, 2020, California Attorney General Xavier Becerra released proposed modifications (the Modifications) to the previously-released draft regulations implementing the California Consumer Privacy Act (CCPA).
- 7/26/2019Governor Cuomo signed the Stop Hacks and Improve Electronic Data Act (SHIELD) on July 25, 2019, providing stronger protections for New Yorkers by imposing strict cybersecurity requirements on all companies, broadening the Attorney General’s oversight over data breaches, and expanding data breach notification requirements.
- 5/15/2019Governor Jay Inslee recently signed Substitute House Bill 1071, amending Washington’s data breach notification law.
- 1/23/2019Massachusetts Governor Charlie Baker recently signed House Bill 4806, amending the state’s data breach notification law. In relevant part, the amendment expands the information that must be reported to Massachusetts regulators in connection with a data breach involving the personal information of Massachusetts residents, imposes new requirements on compromised entities, and adds some clarification to when entities are required to issue notice of a breach. These changes take effect on April 11, 2019.
- 11/5/2018Recently, the Securities and Exchange Commission (SEC) imposed a $1 million penalty against Voya Financial Advisors, Inc. (VFA).
- 1/19/2017Recently, the U.S. Department of Commerce, through the National Institute of Standards and Technology (NIST), released a draft Version 1.1 to its Cybersecurity Framework.