Sasha Hondagneu-Messner

SASHA HONDAGNEU-MESSNER focuses his practice on privacy, cybersecurity, and AI matters.

Sasha’s practice includes regulatory investigations involving data processing and protection, security incident response, privacy and information security program development and management, and compliance counseling.

Sasha also regularly assists in government investigations, enforcement actions, and litigation, as well as a wide range of transactional matters, including contract review, privacy and cybersecurity diligence, and integration planning for mergers and acquisitions.

Sasha has represented clients in a wide range of industries and in particular has represented several financial and insurance companies with cybersecurity investigations, enforcement actions, examinations, and compliance with evolving laws and regulations, including several clients before NYDFS.

He is an IAPP Certified Information Privacy Professional/U.S. and Certified Information Privacy Manager.

Regulatory and Enforcement Experience

• Advised companies on a range of security incidents, including business email compromises, credential stuffing attacks, ransomware, supply chain incidents, and cyber extortion.
• Assisted clients before various regulators, including the New York Department of Financial Services (NYDFS), the U.S. Securities and Exchange Commission (SEC), the U.S. Department of Justice (DOJ), the U.S. Department of Health and Human Services (HHS), the Financial Industry Regulatory Authority (FINRA), the Cyber Safety Review Board (CSRB), the Federal Trade Commission (FTC), state attorneys general, and state insurance and financial regulators.
• Advised companies with respect to national security and cross-border data transfer issues, including with respect to the DOJ’s Data Security Program.
• Assisted clients in class action litigation and regulatory inquiries related to security incidents, consumer protection, data processing, and securities law.
• Drafted comments on proposed rules to agencies, including HHS and the SEC.

Counseling and Advice

• Advised financial services companies on cyber examinations with the NYDFS, various state insurance and financial regulators, Federal Financial Institutions Examination Council (FFIEC), FINRA, and the SEC.
• Advised clients on cyber insurance coverage and indemnity.
• Counseled clients on privacy and cybersecurity compliance issues related to evolving laws and regulations, including the NYDFS cybersecurity regulation, NAIC cybersecurity and AI regulations, COPPA, FCRA, GLBA, HIPAA, state privacy laws, TCPA, VPPA, and various industry standards.
• Revised agreements relating to privacy and cybersecurity, including data processing addendums, information security addendums, business associate agreements, and transition service agreements.
• Drafted privacy policies, terms of service, and information security policies and procedures.
• Advised on privacy and cybersecurity public disclosures, including with respect to 8-K and 10-K filings.

Transactional Experience

Sasha has advised on privacy and cybersecurity aspects of transactions totaling in the billions of dollars, including:

• Acquisition by Arthur J. Gallagher of AssuredPartners from GTCR for gross consideration of US$13.45 billion (pending).
• Ryan Specialty in its US$525 million acquisition of Velocity Risk Underwriters, LLC. Velocity is a managing general underwriter.
• A consortium, headed by APG Asset Management N.V. (APG), on behalf of the largest Dutch pension fund, ABP, and Australian Retirement Trust (ART), in the acquisition of Riverstone Holdings’ equity stake in Pattern Energy Group LP (pending).
• Clearlake Capital Group, L.P. in its US$4.4 billion take-private acquisition of Alteryx, Inc.
• Clearlake Capital and Motive Partners-Backed BetaNXT in its acquisition of Mediant Communications.
• United Airlines in a historic agreement to purchase 100 Boeing 787 Dreamliners with options to purchase 100 more.
• Stonepeak in its agreement to provide a US$200 million strategic growth investment to TeleGuam Holdings, LLC.
• Stone Point Capital LLC in their investment in IEQ Capital, LLC, an independent wealth management firm and alternative investment solutions provider with over US$18.3 billion in regulatory assets under management.
• Avid Technology, Inc. (NASDAQ: AVID) in its all-cash US$1.4 billion acquisition by an affiliate of STG.
• Symplr in its purchase of healthcare supply chain management software provider GreenLight Medical, Inc.

Sasha serves as a young lawyer representative for the ABA Antitrust Law Section’s Privacy and Information Security Committee.

Sasha is a member of the American Bar Association and the International Association of Privacy Professionals (CIPP/US, CIPM).

Sasha maintains an active pro bono practice, which includes advising non-profit organizations on cybersecurity, regulatory, and data privacy issues. Additionally, Sasha represents clients on matters pertaining to immigration law and veterans advocacy.