Dafina Buçaj

Dafina is a member of the Constangy Cyber Team and assists clients on various matters regarding data privacy and cybersecurity. Her practice focuses on data privacy and regulatory security assessments, information privacy and security protocols and procedures, external policies, data collection, vendor risk assessments, contract development and review, and the development of threat mitigation plans.

Dafina helps clients implement enterprise-wide data security and privacy programs following federal, state, and global privacy regulations. She is committed to assisting global organizations in developing data security and privacy programs to ensure adherence to global regulations, such as the General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA), and China Personal Information Protection Law (PIPL), as well as U.S. state laws, such as the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act (VCDPA). She has worked with clients to mitigate legal risk by identifying vulnerabilities and implementing procedures and controls using practical solutions.

Prior to joining Constangy, Dafina practiced at a technology law firm focusing on data security and privacy compliance, incident response, and litigation, where she advised clients on privacy and security matters globally, helping to build robust security and privacy programs and develop tailored privacy and security policies and procedures that align with their business objectives and meet regulatory requirements. She also served as Data Privacy and Security Manager for a major not-for-profit organization, where she spearheaded the development and implementation of a large-scale global privacy program, including a vendor risk management policy and procedures for cross-border data transfers, risk mitigation, and compliance with international privacy regulations. She has served in several prominent legal positions for the Government of Kosovo, including as Legal Adviser to the Deputy Prime Minister and Minister of Justice and as a Legal Professional working with international organizations (OSCE, UNDP, USAID).

She is a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional for the United States (CIPP/US) as certified by the International Association of Privacy Professionals (IAPP). Dafina is pursuing a Doctor of Juridical Science (J.S.D.) degree from Loyola Law School with a focus on Cyber Law, where she explores the interaction between law and technology, with a particular focus on the prevention of cyberattacks.

Associations

• International Association of Privacy Professionals (IAPP), Member

Certifications

• Certified Information Privacy Professional for the United States (CIPP/US) through the International Association of Privacy Professionals (IAPP)
• Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP)

• Speaker, “Practical Cybersecurity Strategies for You and Your Firm 2023”, webinar, Pennsylvania Bar Institute, February 2023
• Speaker, “Understanding and Mitigating Cyber and Data Privacy Risk Throughout Your Supply Chain”, 17^th API Annual Cybersecurity Conference, Houston, TX, November 2022
• Speaker, “Best Practices for Developing an Enterprise-wide Approach to Data Security and Privacy”, Society of Corporate Compliance and Ethics Annual conference, Phoenix, AZ, October 2022
• Speaker, “Preventing transboundary cyber harm: rethinking the applicable norms or continue avoiding responsibility” at the American Society of International Law Research Forum, New York, NY, November 2019

 Publications

• “The Obligation to Prevent Transboundary Cyber Harm: Expand The Regulatory Regime or Continue Deflecting Responsibility”, The George Washington International Law Review , VOLUME 54 NUMBER 2 2023
• “Navigating the Rapidly Evolving Data Privacy Regulatory Landscape, Financier Worldwide”, Risk and Compliance Magazine, January- March 2023 edition
• “Cyber Conflict”, The Palgrave Encyclopedia of Peace and Conflict Studies, February 2020