Bio

April Goff assists her clients in the areas of data privacy/security, employee benefits, and labor and employment. April has significant firsthand experience managing a variety of cybersecurity and data privacy issues, both in-house in a Fortune 200 company, and as a trusted advisor and partner to her clients upon her return to private practice. Her in-house experience provides her with a unique business-forward approach, taking into account the law, risk tolerance, and the competing voices of employees, customers, shareholders, regulators, and members of the public. A Certified Information Privacy Professional/United States (CIPP/US), she advises companies on legislative developments affecting data privacy and security as well as the development, implementation, and continuous review of incident response plans; routine fiduciary and privacy training at all levels of an organization; the development, monitoring, and implementation of privacy policies and terms of use; and negotiation of thousands of data privacy agreements and governing contracts. Given her significant retail in-house experience, she is regularly called upon by clients to evaluate data monetization, consumer tracking, and consumer rewards programs. April also regularly counsels education clients on issues of Family Educational Rights and Privacy Act (FERPA) compliance and healthcare and healthcare-adjacent industries with respect to all privacy and security issues raised via Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), Institutional Review Board (IRB) oversight of research participants, and the diverse technologies used in the growing telehealth and medical device industries. She also has significant experience assisting clients with avoiding and navigating ransomware issues. April is often called to opine on cybersecurity and data privacy compliance in mergers and acquisitions matters, along with overlapping areas of labor and employment and benefits. April has managed national incident response and necessary notification processes under federal and applicable state law. She has years of experience designing and directing tabletop exercises for a variety of entities, including C-suite-level executives. She has often been called in by clients to provide executive-level training to boards of directors regarding the pressing need for increasing resources devoted to cybersecurity and data privacy. Additionally, April has implemented policies to assess, document, and mitigate physical, technical, and administrative risks to the privacy and integrity of a company’s customer and employee data and drafted proxy language for shareholders regarding such risks. April routinely reviews cyber policy riders with insurance brokers, and provides attorney-client privileged coordination with third-party vendors such as public relations entities, data forensics, code reviewers, endpoint protection, and threat intelligence and response providers at all stages of incident response from preparation through post-debriefing. She has led incident response notifications to the U.S. Department of Health and Human Service (DHHS) Office for Civil Rights, states, state regulators, other legal entities, and members of the public in data incident and compliance investigations, including sectoral-specific privacy laws. She has worked alongside information technology and information security departments to develop strategic software applications to oversee data subjects’ rights to inspect, amend, and access personally identifiable information and to mask inappropriate use or disclosure within reporting environments or data lakes. She has also handled grievances from data subjects regarding alleged violations of contractual data security provisions, or federal and state law. April has personally vetted the attraction, selection, and retention of privacy and security officers, including drafting job descriptions and interviewing candidates, and has developed separate Privacy Officer and Healthcare Privacy bootcamps covering compliance in areas ranging from FERPA, General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Telephone Consumer Protection Act (TCPA), Gramm-Leach-Bliley Act (GLBA), Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), HIPAA, HITECH, Confidentiality of Substance Use Disorder Patient Records regulations, among other statutes, to ensure executives understand the role they play in protecting a company’s most valued asset: its data. April is a frequent national speaker in the burgeoning area of employee data privacy, including areas such as employee surveillance, ransomware, and the growing cybersecurity risk in employee benefits data. April helps companies leverage their employee benefits plans and human resource policies to attract and retain the best talent and address every legal challenge along the way. Her experience, both in-house and in private practice, enables her to negotiate the full life cycle of employment for C-suite and other high-level executives, from negotiating employment agreement terms and coordinating governmental filings to preparing termination agreements and designing severance packages. Public and private companies across a broad range of industries call on April for sophisticated counsel on healthcare, 401(k), profit sharing, pension, and other high-value benefits programs. In her role as senior counsel for a national retailer, April designed, operated, and implemented compliance plans for more than $6 billion in 401(k) and pension plans serving more than 100,000 employees. She also managed health and welfare benefits worth more than $150 million a year and negotiated more than $700 million worth of benefit vendor contracts. When issues arose, she successfully handled U.S. Department of Labor (DOL) investigations and Pension Benefit Guaranty Corporation (PBGC) inquiries, and advised on associate benefit grievances before government agencies and in state and federal courts. She successfully led significant pension plan de-risking projects, and counseled plan fiduciaries regarding obligations under the Employee Retirement Income Security Act (ERISA). April is extremely active in the legal community. She was appointed by the Internal Revenue Service commissioner to the IRS Advisory Council, where she advances the interests of employer plans and other tax-exempt and government entities. She previously served in multiple leadership positions at both the national and local levels with the Association of Corporate Counsel (ACC) and the American Bar Association (ABA).