Nathan Salminen

Nathan Salminen

Washington, D.C.

Email [email protected]​

Phone +1 202 637 5413

Fax +1 202 637 5910

Practice groupGlobal Regulatory

Nathan Salminen helps clients evaluate and manage cybersecurity risks in the contexts of security incidents, security program development, commercial agreements and mergers. Nathan's combination of technical, legal, and business experience enables him to understand, explain, assess, and mitigate data security risks that span those areas.

Nathan helps clients navigate the chaotic stream of legal, reputational and technical issues that arise following the discovery of a potential security incident.  He also advises clients on mitigating the risks that such an incident will occur by working with companies to assess the compliance of their security program with legal obligations and industry standards, and by helping clients assess the privacy and data security risks associated with commercial relationships by developing robust contractual terms and assessing cybersecurity risks associated with mergers.  Nathan has helped guide many prominent companies through some of the largest security incidents, and some of the commercial matters with the most complex security aspects, that have arisen in recent years.

Before becoming a lawyer, Nathan worked as a software engineer and manager of technical teams for 13 years, and he recently updated and focused his technical knowledge by completing one of the most technically demanding penetration testing and ethical hacking certifications: the Offensive Security Certified Professional (OSCP). Nathan's technical background allows him to assess the technical implications of legal issues and the legal implications of technical issues.

Nathan also helps clients meet their privacy, data protection, and data security obligations under the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Payment Card Industry Data Security Standard (PCI DSS).

Education and admissions


J.D., Columbia Law School, Harlan Fiske Stone Scholar, 2013

B.S., Georgetown University, School of Foreign Service, 1997

Bar admissions and qualifications

District of Columbia

New York

Representative experience

Advised Equifax regarding its 2017 data breach and the audits required by the FTC afterwards by providing advise spanning the legal and technical realms.

Advised the maker of a major app regarding an attack on that app by nation-state-sponsored attackers and regulatory inquiries related to that attack.

Managed the investigation and response to a cyber attack on a major global energy company by nation state actors.

Drafted and negotiated data security terms in vendor agreements for a major technology company.

Oversaw both the technical and the legal aspects of the forensic investigation of an attack on a major university.

Evaluated the privacy and data security risks associated with the acquisition of an US$80bn company.

Assisted a software company with creating a product development strategy around compliance with the HIPAA.

Assessed the compliance of a multinational health company with the GDPR's data security requirements.

Loading data