Sam Castic
Sam Castic is a Partner at Hintze Law and co-chair of the firm’s Cybersecurity and Breach Response Group and FinTech + Financial Services Group.
With 15 years of global privacy and cybersecurity experience, Sam counsels e-commerce, fintech, technology, telecom, social media, retail, and advertising clients from early-stage startups to the biggest global companies, on privacy and data protection. Sam uses his experience of having led privacy teams and programs at two large companies to provide clients with practical and actionable strategies for building, maturing, operationalizing, and maintaining privacy programs that successfully navigate changing technology, laws, and expectations. Sam offers practical strategies for earning and preserving customer trust; innovating and bringing products and services to market that meet privacy objectives; structuring effective and efficient privacy teams, programs, and operations; developing and executing personal data breach response capabilities; and negotiating and developing repeatable processes for resolving data processing and transfer agreements.
Sam excels at giving practical recommendations that enable business strategies to succeed with uncertain and changing privacy laws and expectations. In addition to advising on approaches to design, maintain, and optimize privacy programs, teams, and operations, he also provides strategic and tactical support:
Resolving transactional negotiations with a focus on data privacy and security terms
Driving responses to regulatory inquiries and investigations
Accomplishing mergers, acquisitions, and investments, and addressing and integrating privacy practices post-transaction
Supporting product, service, and technology launches and innovations that achieve privacy compliance or Privacy by Design objectives
Preparing for and responding to personal data breaches
Enabling adtech, tracking, marketing, and advertising capabilities
Advising on privacy laws and regulations, including US state privacy laws like California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and breach notification laws, COPPA, TCPA, CAN-SPAM, CASL, GLBA, FCRA, DPPA, VPPA, GDPR, and PIPEDA.
Sam was formerly Chief Privacy Officer for Blackhawk Network, a global fintech company with B2B and B2C digital payment and gift card products. In this role, Sam drove enterprise efforts to address new and changing global privacy laws in a scalable forward-looking manner. Prior to joining Blackhawk Network, Sam was Senior Director Privacy & Associate General Counsel at Nordstrom, where he led the teams responsible for privacy law, compliance, and operations. At Nordstrom Sam supported all Nordstrom divisions, including Nordstrom Federal Savings Bank, Nordstrom Card Services, and the HIPAA covered prosthesis department on privacy legal requirements, and established company strategy and operations to grow and maintain customer trust in data practices. Sam has also worked as in-house counsel at T-Mobile where he supported the marketing and advertising teams including on data, policy, and privacy compliance.
In addition to Sam’s experience leading corporate privacy teams and programs, Sam has advised clients ranging from early-stage startups to large global corporations on privacy, cybersecurity, and data protection matters at Orrick and at K&L Gates.
Memberships & Leadership
Lambda Legal National Leadership Council, Member, 2013 - present
International Association of Privacy Professionals (IAPP)
Publications Advisory Board Member, 2024 - present
Privacy Law Specialist Advisory Board Member, 2024 - present
Advisory Board Member, Privacy Bar Section, 2019-2021
Future of Privacy Forum, Advisory Board Member, 2017-2021
Education
New York University, School of Law, JD, 2007
University of Washington, BA, Political Science, 2004
Bar Admissions
Washington
Certifications*
Privacy Law Specialist
Certified Artificial Intelligence Governance Professional (AIGP)
Certified Information Privacy Professional – United States (CIPP/US)
Certified Information Privacy Manager (CIPM)
Fellow of Information Privacy (FIP)
*The Supreme Court of Washington does not recognize certification and certification is not a requirement to practice law in the State of Washington.