Attorney Bio

smh (2)

Steve Hoffer consults with clients on legal solutions, growth strategies, corporate regulatory compliance, data privacy, and effective safeguards against risks and liability. He helps clients negotiate commercial agreements, improve marketing programs, process personal data, and enter new markets. He addresses business practices that concern innovation, sales, transactions, consumer protection laws, and remedies. Since businesses grow with trust and trust only grows with data protection, he assists business clients align their data governance approaches. He often advises on appropriate safeguards in view of their customized risk management goals.  Some highlights of his career are reflected in further detail at his linkedin profile

Steve is a Certified Information Privacy Professional (CIPP) in both the United States and the European Union (CIPP/US and CIPP/E) and has taught courses in international law. His familiarity with information privacy, regulated industries, and cross-border ecommerce enables him to assist clients by clarifying legal duties, guiding product development, drafting privacy policies, and managing the lifecycle of personal information. His services include assisting clients in:

  • Developing data privacy policies that comply with applicable law
  • Optimizing new product differentiation using Privacy-By-Design principles
  • Conducting impact assessments by vetting data processes, flows, and maps
  • Minimizing risks arising between policy and processing practices, and
  • Monitoring data flows internally and vetting transfers externally

Steve provides counsel to his clients on how to enhance business sales, augment marketing programs, and protect reputational capital. He negotiates and structures agreements for products and services, strategic alliances, partnerships, IP licenses, vendor contacts, outsourcing and teaming agreements, and claim settlements. He advises how to supervise regulatory compliance, deploy cost reduction measures, leverage intellectual property (i.e. trademarks, copyrights, trade secrets, etc.), and ensure business continuity.

Steve strives to improve brand recognition for enterprises with product development goals. He assists businesses by using consumer protection and product differentiation to stimulate brand recognition through privacy by design. He offers guidance on best practices like ones widely known among members of the International Association of Privacy Professionals (IAPP), which concern the use of vendors, cloud computing, wireless security (i.e. NIST, etc.), electronic medical records, social networks, and new media. He builds consensus through teamwork and training across disciplines from IT security specialists through executive management. He leads teams, for instance, to provide safeguards that concern potential or actual data breaches by

  • Preparing and improving an incident response plan (IRP) by a team
  • Collaborating with data security, forensics, and law enforcement agencies
  • Managing risk across stakeholders, insurers, regulators, and borders, and
  • Ensuring compliance with data breach notification laws

Different data privacy laws in the U.S. commonly protect consumers, employees, health care patients, banking customers, students, and children differently. These data privacy laws include Section 5 of the Federal Trade Commission (FTC) Act, sectoral laws like the ECPA, TCPA, HIPAA, HITECH, GINA, GLBA, FCRA, FACTA, FERPA, and COPPA, and state laws. Individual state privacy laws often concern identity theft, class actions, breach notification requirements and consumer protection (i.e. CalOPPA, etc.). He applies lessons from adjacent areas of his law practice that concern unfair trade practices, sales, U.C.C. law, corporations, fiduciary duties, ethics, IP, licensing, communications, free speech, competition, trade, and international law. For internal investigations, he protects sensitive exchanges rigorously under the more robust attorney-client privilege of outside counsel and uses advocacy skills honed while representing plaintiffs and defendants from e-discovery to appeals.

Steve has represented regulatory agencies as well as companies facing actual investigations or potential complex litigation claims that influence government relations. He has consulted on many U.S. federal statutory reforms, laws, and enforcement policies that contrast with EU law, including, for instance, the EU’s forthcoming General Data Protection Regulation, the related fate of U.S. Safe Harbor exemption rules, the Umbrella pact, the Referential, and the individual’s right to be forgotten in the EU. He is a published author on World Cyberspace Law (Juris Publishing, Inc. 1999), who participates in public-private initiatives and seminars, and is responsible for this communication. Some of these domestic law matters pertain to how to properly develop industry standards and corporate policies in view of evolving norms of constitutionality, jurisdiction, class actions, standing for data breach claims, actual or imminent privacy injury or damages, unfair and deceptive practices, de-identification, differential privacy programs, discriminatory pricing, antitrust, big data, data sharing models, and research exemptions when data is public good. Other global questions concern cross-border privacy rules (CBPRs), extraterritoriality, and conflicts of law rules. These pages may be attorney advertising or communication under applicable law.


  • B.A., Economics, University of California, Berkeley (UCB), 1980
  • J.D., University of Utah, School of Law, 1983
  • LL.M, Virje Universiteit Brussel, International Law, 1988, magna cum laude

 California Bar Membership

  • 1983 — Present


  • International Association of Privacy Professionals, CIPP/US 2014
  • International Association of Privacy Professionals, CIPP/E 2015