Sam Castic
Sam Castic is a Partner at Hintze Law, chair of the firm’s Retail Group, and co-chair of the Cybersecurity and Breach Response Group and FinTech + Financial Services Group.
Sam helps companies in all sectors to build, scale, and right-size privacy programs and strategies. He worked for years as a chief privacy officer and head of privacy, and is approaching two decades of experience advising companies on privacy and data security law. Sam uses this background to provide clients with practical and actionable strategies for privacy programs that achieve strategic, compliance, and business objectives, including when:
Structuring effective and efficient privacy teams, programs, and operations;
Innovating and bringing products and services to market;
Entering new markets and launching new lines of business;
Establishing and operating global privacy capabilities, including for data subject rights, privacy incidents and breaches, and data protection assessments;
Developing repeatable processes for negotiating and resolving customer and vendor data use and processing agreements.
Sam also excels at distilling US federal and state privacy, data security, and AI laws into actionable and practical advice. This includes providing strategic and tactical support:
Resolving transactional negotiations on data privacy, security, and use issues
Driving responses to regulatory inquiries and investigations
Accomplishing mergers, acquisitions, and investments, and developing and executing post-transaction integration strategies
Supporting product, service, and technology launches and innovations
Preparing for and responding to data breaches
Enabling adtech, tracking, marketing, and advertising capabilities
Advising on privacy, data security, and AI laws and regulations, including US state privacy laws like the California Consumer Privacy Act (CCPA), breach notification laws, COPPA, CAN-SPAM, DPPA, FCRA, GLBA, TCPA, and VPPA.
Sam works with US and global clients in all sectors, including fintech, technology, automotive, insurance, gaming, telecom, social media, retail, media, and adtech companies.
Sam was formerly Chief Privacy Officer for Blackhawk Network, a global fintech company with B2B and B2C digital payment and gift card products. In this role, Sam drove enterprise efforts to address new and changing global privacy laws in a scalable forward-looking manner. Prior to joining Blackhawk Network, Sam was the head of privacy at Nordstrom, where he led the teams responsible for privacy law, compliance, and operations. At Nordstrom Sam supported all Nordstrom divisions, including Nordstrom Federal Savings Bank, Nordstrom Card Services, and the HIPAA covered prosthesis department. Sam previously worked as in-house counsel at T-Mobile where he supported the marketing and advertising teams including on data, policy, and privacy compliance.
In addition to Sam’s experience leading corporate privacy teams and programs, Sam has advised clients ranging from early-stage startups to large global corporations on privacy, cybersecurity, and data protection matters at Orrick and at K&L Gates.
Memberships & Leadership
Lambda Legal National Leadership Council, Member, 2013 - present
International Association of Privacy Professionals (IAPP)
Publications Advisory Board Member, 2024 - present
Privacy Law Specialist Advisory Board Member, 2024 - present
Advisory Board Member, Privacy Bar Section, 2019-2021
Future of Privacy Forum, Advisory Board Member, 2017-2021
Education
New York University, School of Law, JD, 2007
University of Washington, BA, Political Science, 2004
Bar Admissions
Washington
Certifications*
Privacy Law Specialist
Certified Artificial Intelligence Governance Professional (AIGP)
Certified Information Privacy Professional – United States (CIPP/US)
Certified Information Privacy Manager (CIPM)
Fellow of Information Privacy (FIP)
*The Supreme Court of Washington does not recognize certification and certification is not a requirement to practice law in the State of Washington.