Sarah serves as a vice chair of the Constangy Cyber Team and practices in New York. She leads the provision of compliance advisory services for the Cyber Team, advising clients on strategies to mitigate risk associated with data privacy and security through business-oriented approaches. Sarah has more than 15 years of experience working in the privacy law area. She is a former privacy officer, a former state regulator, and has extensive experience serving as outside counsel for businesses in the fields of health law, data privacy, regulatory compliance, and risk management. She is well-versed in advising clients on the scope and applicability of domestic and international data privacy laws, including but not limited to:

  • Canada’s Personal Information Protection and Electronic Documentation Act (PIPEDA) 
  • European Union and United Kingdom General Data Protection Regulation (GDPR)
  • Family Education Rights and Privacy Act (FERPA)
  • Gramm-Leach Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA) and implementing regulations
  • State insurance regulations, including the New York State Department of Financial Service Cybersecurity Regulation
  • State privacy and consumer protection laws, including the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA).

Sarah helps clients to develop and implement customized privacy programs, data privacy assessments, executive trainings, and tabletop exercises. Sarah also works with clients on strategies to mitigate risks posed by vendor relationships through improved vendor management programs, contracting protocols, and vendor oversight. Additionally, she helps clients to anticipate and effectively respond to potential threats, and assists businesses throughout all phases of information security incidents.

A former Assistant General Counsel with the Vermont Department of Financial Regulation, Sarah regularly interfaces with state and federal agencies in response to investigations, enforcement actions and compliance audits. In addition, she worked as a Program and Policy Advisor for the United States Agency for International Development in New Delhi, India, where she provided guidance on health and gender programs. Sarah holds the Certified Information Privacy Professional for European law (CIPP/E) credential.

Professional & Civic Associations


  • International Association of Privacy Professionals (IAPP)
  • New York State Bar Association


  • Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)

News & Analysis

Speaking Engagements & Industry Publications

  • Speaker at the International Association of Privacy Professionals (IAPP) New Jersey and Toronto KnowledgeNet Webinar on building a career in the field of data privacy, April 27, 2022
  • Speaker, "People-Centric Security for Healthcare Compliance and Risk Mitigation", SECUREWORLD Webinar, September 30, 2021
  • Speaker, "Stage a Cybersecurity Fire Drill", HEALTH TECH, Fall 2020, 43-44

Blogs, Videos & Podcasts


University at Buffalo Law School

  • J.D., 2003

St. Lawrence University

Bar & Court Admissions

  • New York, 2004
  • Vermont, 2006
Back to Page