Speaking

Publications

Pronouns: he/him/his

sam@hintzelaw.com

(206) 413-7873

Location: Seattle Office

 

Sam Castic

Sam Castic is a Partner at Hintze Law and co-chair of the firm’s Cybersecurity and Breach Response Group and FinTech + Financial Services Group.

With 15 years of global privacy and cybersecurity experience, Sam counsels e-commerce, fintech, technology, telecom, social media, retail, and advertising clients from early-stage startups to the biggest global companies, on privacy and data protection. Sam uses his experience of having led privacy teams and programs at two large companies to provide clients with practical and actionable strategies for building, maturing, operationalizing, and maintaining privacy programs that successfully navigate changing technology, laws, and expectations. Sam offers practical strategies for earning and preserving customer trust; innovating and bringing products and services to market that meet privacy objectives; structuring effective and efficient privacy teams, programs, and operations; developing and executing personal data breach response capabilities; and negotiating and developing repeatable processes for resolving data processing and transfer agreements.

Sam excels at giving practical recommendations that enable business strategies to succeed with uncertain and changing privacy laws and expectations. In addition to advising on approaches to design, maintain, and optimize privacy programs, teams, and operations, he also provides strategic and tactical support:

  • Resolving transactional negotiations with a focus on data privacy and security terms

  • Driving responses to regulatory inquiries and investigations

  • Accomplishing mergers, acquisitions, and investments, and addressing and integrating privacy practices post-transaction

  • Supporting product, service, and technology launches and innovations that achieve privacy compliance or Privacy by Design objectives

  • Preparing for and responding to personal data breaches

  • Enabling adtech, tracking, marketing, and advertising capabilities

  • Advising on privacy laws and regulations, including US state privacy laws like California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and breach notification laws, COPPA, TCPA, CAN-SPAM, CASL, GLBA, FCRA, DPPA, VPPA, GDPR, and PIPEDA.

Sam was formerly Chief Privacy Officer for Blackhawk Network, a global fintech company with B2B and B2C digital payment and gift card products. In this role, Sam drove enterprise efforts to address new and changing global privacy laws in a scalable forward-looking manner. Prior to joining Blackhawk Network, Sam was Senior Director Privacy & Associate General Counsel at Nordstrom, where he led the teams responsible for privacy law, compliance, and operations. At Nordstrom Sam supported all Nordstrom divisions, including Nordstrom Federal Savings Bank, Nordstrom Card Services, and the HIPAA covered prosthesis department on privacy legal requirements, and established company strategy and operations to grow and maintain customer trust in data practices. Sam has also worked as in-house counsel at T-Mobile where he supported the marketing and advertising teams including on data, policy, and privacy compliance.

In addition to Sam’s experience leading corporate privacy teams and programs, Sam has advised clients ranging from early-stage startups to large global corporations on privacy, cybersecurity, and data protection matters at Orrick and at K&L Gates.

Memberships & Leadership

  • Lambda Legal National Leadership Council, Member, 2013 - present

  • International Association of Privacy Professionals (IAPP)

    • Publications Advisory Board Member, 2024 - present

    • Privacy Law Specialist Advisory Board Member, 2024 - present

    • Advisory Board Member, Privacy Bar Section, 2019-2021

  • Future of Privacy Forum, Advisory Board Member, 2017-2021

Education

  • New York University, School of Law, JD, 2007

  • University of Washington, BA, Political Science, 2004

Bar Admissions

  • Washington

Certifications*

  • Privacy Law Specialist

  • Certified Artificial Intelligence Governance Professional (AIGP)

  • Certified Information Privacy Professional – United States (CIPP/US)

  • Certified Information Privacy Manager (CIPM)

  • Fellow of Information Privacy (FIP)

*The Supreme Court of Washington does not recognize certification and certification is not a requirement to practice law in the State of Washington.