Nathan Salminen

Nathan Salminen

Senior Associate
Washington, D.C.

Email [email protected]​

Phone +1 202 637 5413

Fax +1 202 637 5910

Practice groupGlobal Regulatory

Nathan Salminen helps clients evaluate and manage data security risks in the contexts of commercial agreements, acquisitions, and incident response. Nathan's combination of technical, legal, and business experience enables him to understand, explain, assess, and mitigate data security risks that span those areas.

Nathan advises clients on identifying and managing privacy and data security risks and compliance obligations in commercial agreements and major mergers. Nathan routinely helps clients assess the privacy and data security risks associated with commercial relationships and designs terms and strategies to minimize those risks. He regularly advises companies on the data security risks involved in mergers that make the front page and negotiates the key data security terms in agreements that are pivotal to the strategies of some of the largest companies in the world.

Before becoming a lawyer, Nathan worked as a software engineer and manager of technical teams for 13 years, and he recently updated and focused his technical knowledge by completing one of the most technically demanding penetration testing and ethical hacking certifications: the Offensive Security Certified Professional (OSCP). Nathan's technical background allows him to assess the technical implications of legal issues and the legal implications of technical issues. Nathan frequently works with clients to evaluate, and align efforts around, security incidents, data breaches, security threats, new technologies, and security measures.

Nathan also helps clients meet their privacy, data protection, and data security obligations under the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Payment Card Industry Data Security Standard (PCI DSS). Nathan's experience working on these matters with dozens of clients, but also his experience working at software companies before going to law school, has given him a practical, balanced perspective on the management of compliance risks.

Education and admissions


J.D., Columbia Law School, Harlan Fiske Stone Scholar, 2013

B.S., Georgetown University, School of Foreign Service, 1997

Bar admissions and qualifications

District of Columbia

New York

Representative experience

Drafted and negotiated privacy and data security terms in vendor agreements for a leader in the entertainment industry.

Evaluated the privacy and data security risks associated with the acquisition of an US$80bn company.

Drafted template privacy and data security terms for a cloud-based software company.

Assisted a software company with creating a product development strategy around compliance with the HIPAA.

Advised a financial institution regarding the legal and technical aspects of a major, and technically complicated, data breach.

Assessed the compliance of a multinational health company with the GDPR's data security requirements.

Helped a company prepare technical responses to inquiries from regulators regarding a high-profile data security incident.

Advised DLH Holdings, a health care services contractor, on its US$70m acquisition of Social & Scientific Systems, a public health research organization.

Loading data