Nathan Salminen

Nathan Salminen

Senior Associate
Washington, D.C.

Email [email protected]​

Phone +1 202 637 5413

Fax +1 202 637 5910

Practice groupGlobal Regulatory

Nathan Salminen helps clients evaluate and manage cybersecurity risks in the contexts of security incidents, security program development, commercial agreements and mergers. Nathan's combination of technical, legal, and business experience enables him to understand, explain, assess, and mitigate data security risks that span those areas.

Nathan helps clients navigate the chaotic stream of legal, reputational and technical issues that arise following the discovery of a potential security incident.  He also advises clients on mitigating the risks that such an incident will occur by working with companies to assess the compliance of their security program with legal obligations and industry standards, and by helping clients assess the privacy and data security risks associated with commercial relationships by developing robust contractual terms and assessing cybersecurity risks associated with mergers.  Nathan has helped guide many prominent companies through some of the largest security incidents, and some of the commercial matters with the most complex security aspects, that have arisen in recent years.

Before becoming a lawyer, Nathan worked as a software engineer and manager of technical teams for 13 years, and he recently updated and focused his technical knowledge by completing one of the most technically demanding penetration testing and ethical hacking certifications: the Offensive Security Certified Professional (OSCP). Nathan's technical background allows him to assess the technical implications of legal issues and the legal implications of technical issues.

Nathan also helps clients meet their privacy, data protection, and data security obligations under the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Payment Card Industry Data Security Standard (PCI DSS).

Education and admissions


J.D., Columbia Law School, Harlan Fiske Stone Scholar, 2013

B.S., Georgetown University, School of Foreign Service, 1997

Bar admissions and qualifications

District of Columbia

New York

Representative experience

Drafted and negotiated privacy and data security terms in vendor agreements for a leader in the entertainment industry.

Evaluated the privacy and data security risks associated with the acquisition of an US$80bn company.

Drafted template privacy and data security terms for a cloud-based software company.

Assisted a software company with creating a product development strategy around compliance with the HIPAA.

Advised a financial institution regarding the legal and technical aspects of a major, and technically complicated, data breach.

Assessed the compliance of a multinational health company with the GDPR's data security requirements.

Helped a company prepare technical responses to inquiries from regulators regarding a high-profile data security incident.

Advised DLH Holdings, a health care services contractor, on its US$70m acquisition of Social & Scientific Systems, a public health research organization.

Loading data