Amy Mushahwar
Amy Mushahwar

Amy S. Mushahwar

Of Counsel
Tel 202.661.7644
Fax 202.661.2299
Washington, DC

Amy S. Mushahwar is an experienced data privacy, security, and management attorney with more than 15 years' experience in the technology industry in both legal and engineering capacities. She defends companies in privacy-related matters, including breach of security litigation, and advises on regulatory issues involving e-commerce, including social networking sites, the use of mobile platforms in banking transactions, and PCI compliance for payment cards. She also assists clients in the development of integrated digital platforms, particularly those using the Internet, cloud computing, emerging payments, database APIs, and mobile technology.

Ms. Mushahwar has developed in-house compliance policies, procedures, and training programs for Fortune 500 companies across the nation, including those in the mortgage, banking, and consumer finance space as well as other industries. She conducts online and offline privacy assessments and information security policy audits and advises on all state, federal, and international privacy requirements and data protection laws.

Recently, Ms. Mushahwar conducted a full-scale consumer privacy assessment that involved extensive data flow mapping, remediation, and the development and implementation of information privacy, security, and records management policies for an online financial services firm and one of the world's largest fast-food chains. She advises on advertising privacy compliance and litigation, counsels clients on FTC and state attorneys general data security investigations and settlements, and drafts and negotiates agreements involving data usage, privacy, and security.

Ms. Mushahwar regularly attends and negotiates for businesses on privacy, cybersecurity, and Internet governance issues within international bodies, including the World Wide Web Consortium (WC3) and the Internet Corporation for Assigned Names and Numbers (ICANN). She has attended the past three ICANN meetings in Prague, Toronto, and Beijing.  

Before entering the law, Ms. Mushahwar spent several years as a technology consultant, performing network security design and implementation. From 1997 to 2001, she owned and operated a technology consulting company.

Professional Activities

American Bar Association

Federal Communications Bar Association
Co-Chair, Data Privacy Committee; Co-Chair, National Telecommunications Moot Court Committee (2005-2009); Co-Chair, Commendations Committee (2008-2009)

International Association of Privacy Professionals

American Women in Radio and Television

Institute of Electrical and Electronics Engineers, Communications Society

Internet Society of Greater Washington

International Engineering Consortium

U.S. Supreme Court Bar


Editor, American Bar Association's Data Security Handbook


"Preparing for Cloudy Weather: Cloud Computing Privacy & Data Security Due Diligence," Information Security Magazine, August 2011

Co-author, "Question Worth Answering Under the Telephone Consumer Protection Act: U.S. Supreme Court to Hear Whether the TCPA Contemplates Suits in Federal Courts, Adlaw® By Request™, July 11, 2011

"Department of Commerce Calls for Voluntary Cyber Security Standards, Adlaw® By Request™, June 13, 2011

Co-author, "Navigating International Privacy Laws," Information Security Magazine, May 2011

"Much-Anticipated McCain-Kerry Privacy Bill Introduced," Adlaw® By Request™, April 15, 2011

"Commerce Privacy Green Paper Released, But It's No Second Fiddle to the FTC," Nymnity, December 20, 2010

"How Privacy and Data Security Legislation Will Fare after Nov. 2," Information Security Magazine, October 28, 2010

Co-author, "Consumer Privacy Issues Abound in the Dodd-Frank Wall Street Reform and Consumer Protection Act," BNA World Data Protection Report, July 20, 2010

Co-author, "Data and Privacy" chapter, Network Interference: A Legal Guide to the Commercial Risks and Rewards of the Social Media Phenomenon, 2nd edition, November 16, 2009

"FCC Solicits Comments for a Declaratory Ruling Regarding the TCPA," Adlaw® By Request™, March 4, 2009

Guest author, CIO Leadership for Cities & Counties: Emerging Trends & Practices, Government Privacy, 2009

Speaking Engagements

"Web Suffix Explosion May Create .Concern: Strategies for Protecting Brands and Enhancing Data Security," Ballard Spahr webinar, January 13, 2014

"Securing Critical Infrastructure: An Update on the Administration's Cybersecurity Standards," Ballard Spahr webinar, December 4, 2013

"Application Security," Part VI in a Series of CISO Executive Network Breakfast Roundtables, Ballard Spahr-Hosted CISO Executive Network Event, Philadelphia, November 21, 2013

"Mobile Enterprise Risk Management ... Avoid the Pitfalls of BYOD," National Mortgage News, 15th Annual Mortgage Technology Conference, Fort Lauderdale, November 19, 2013

"Enterprise Network Security," Part V in a Series of CISO Executive Network Breakfast Roundtables, Ballard Spahr-Hosted CISO Executive Network Event, Washington, D.C., October 1, 2013; and Philadelphia, October 10, 2013

"HIPAA and Financial Institutions," Ballard Spahr webinar, August 28, 2013

"Endpoint and Mobile Device Security," Part IV in a Series of CISO Executive Network Breakfast Roundtables, Ballard Spahr-Hosted CISO Executive Network Event, Washington, D.C., August 20, 2013; and Philadelphia, August 29, 2013

"The ABCs of Consumer Privacy Communications," Ballard Spahr webinar, June 28, 2013

"Avoiding the Pitfalls of 'Bring Your Own Device' Policies," Ballard Spahr webinar, June 12, 2013

"Mobile Advertising Review: Creating Effective Advertising Review Policies and Procedures in the Digital Age," Ballard Spahr webinar, June 5, 2013

"Cybersecurity and ICANN: Thousands of New Domains Are on the Horizon with Potential Operational Security Issues," Association of National Advertisers webinar, May 10, 2013

"Online Disclosures 101: FTC Dot-Com and Mobile Disclosures," Ballard Spahr webinar, April 15, 2013

"Cybersecurity – From Advanced Threat Awareness to Preparedness: Creating a Security-Aware Corporate Culture," Ballard Spahr webinar, April 2, 2013

Panelist, "Cloud Computing and Education Privacy," National Association of School Boards, April 2012

Moderator, "Mobile Privacy," Communications Law Symposium, Practising Law Institute, December 2011

Panelist, "Do Not Track" panel, Evidon Empower 2011 Annual Online Behavioral Advertising Conference, July 19, 2011

"Mobile Device Security," Chief Information Security Officers' Executive Network, July 14, 2011

"IPv6 and Online Behavioral Advertising," Association of National Advertisers Summer Legal Conference, July 2011

"Cloud Computing Security," Executive Breakfast Roundtable, Chief Information Security Officers' Executive Network, June 9, 2011

"Security Operations: Monitoring, Detection, Response & Remediation," Executive Breakfast Roundtable, Chief Information Security Officers' Executive Network, April 21, 2011

"Third-Party Risk Management," Executive Breakfast Roundtable, Chief Information Security Officers' Executive Network, March 3, 2011

"Privacy and Data Security Regulatory Update," Executive Breakfast Roundtable, Chief Information Security Officers' Executive Network, January 20, 2011

Moderator, "Major International Privacy Developments: Impacts on Multinational and Globally Networked Environments," Federal Communications Bar Association, Privacy and Data Security Committee, January 11, 2011

"Social Media, Social Butterflies" and "Cloud Computing Due Diligence," The Washington Post Company All General Counsel Annual Meeting, June 6, 2010

Panelist, "Delivered Straight from the Source: Examining the Latest Regulatory and Legal Framework for Addressing Emerging Media Forms," Children's Advertising Review Unit, October 7, 2009

Community Activities

2012 Pro Bono Outside Counsel, the Council of Better Business Bureaus

Volunteer, Obama for America

Catholic University of America Columbus School of Law (J.D. 2005, magna cum laude)
Associate Editor, CommLaw Conspectus Journal; Winner, FCBA National Telecommunications Moot Court Competition; Vice President, Communications Law Student Association

George Washington University (B.A. 2001, cum laude)

District of Columbia


U.S. District Court for the Eastern District of Virginia

U.S. Supreme Court