Odia Kagan

Of Counsel

Tel 215.864.8349
Fax 215.864.8999

Odia Kagan combines her in-depth knowledge of privacy and data security regulations and best practices with her keen understanding of emerging and information technologies, to provide clients with practical advice on how to design and implement their products and services, consummate their M&A transactions, and engage third party vendors, in the US and abroad. She utilizes her ability to break down complex concepts into easy to understand action items to provide effective ongoing counseling to clients in their day-to-day operations.

With a transactional practice focus, Odia negotiates cloud computing, outsourcing, and e-commerce agreements both on the vendor and on the client side, and prepares privacy and information security policies and procedures. A former partner in a Tel-Aviv, Israel law firm, Odia has substantial experience working with Israeli startups and assisting multinational companies with cross border transactions.

Odia is a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional in the laws of the United States – private sector (CIPP/US) and in the laws of the European Union (CIPP/E). She is also certified as a Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals (IAPP). She serves on the board of advisors of Prifender, a privacy compliance startup. Odia also serves on the Publications Advisory Board of IAPP, and is co-chair of the IAPP's Philadelphia KnowledgeNet chapter. She serves as co-chair of the Philadelphia Bar Association Business Section's Cyberlaw Committee.

Representative Capabilities and Engagements:
  • Drafted and negotiated master services agreements, EU data processing agreements, and information security policies for a company providing services for clinical trials conducted worldwide.
  • Assisted clients, including a supplier of aerospace systems and a medical device company, in the formulation and documentation of a cross-border data transfer strategy for employee information, preparation for certification under Privacy Shield, and preparation for compliance with the EU General Data Protection Regulation (GDPR).
  • Drafted and negotiated complex licensing, services and service level agreements for IT systems, data mining applications and equipment management services, for a large healthcare organization.
  • Assisted a global investment management firm in privacy and data security aspects of the extension of a $40,000,000 line of credit to a provider of retail installment sale financing to consumers. The representation included conducting privacy and data security diligence, and negotiation of the deal representation and warranties, as well as post-closing compliance.
  • Represented a large broadcasting and telecom provider in sourcing of hosted services related to its consumer information.
  • Assisted an augmented reality platform for retailers and an influencer marketing platform with vendor assessment questionnaires, as well as internal and customer-facing information security policies.
  • Assisted a provider of Voice over Internet Protocol (VoIP) telephony platform with sophisticated call analytics in design of its service incorporating security considerations and in the negotiation of its services agreement and terms and conditions of use.
  • Drafted an information security plan for a digital publishing company and advised it on COPPA (Children's Online Privacy Protection) issues related to its advertising campaigns.
  • Advised regarding compliance with EU Data Protection Directive and "Cookie Directive" for a leading professional development membership organization.
  • Assisted a provider of professional mailing services with EU -US Privacy Shield Certification and preparation for GDPR compliance.
  • Assisted a large international hospitality provider with its global privacy compliance efforts including: revision of vendor agreements, revision of privacy and information security policies, assistance with EU- US Privacy Shield compliance and preparation for GDPR compliance.
  • Advised and negotiated Controller–Processor data processing agreements for a company providing services to clinical trials.
  • Advised leading organization for professional credentialing on its privacy policies (internal and customer facing) and on data transfer agreements.

Professional Activities

Co-chair, IAPP Philadelphia KnowledgeNet Chapter

Publications Advisory Board Member, IAPP

American Bar Association Science and Technology Law Group, E-Privacy Law Committee

American Bar Association Business Law Section, Cyberspace Law Committee

Recognition & Accomplishments

CIPP/US, CIPP/E, Certified Information Privacy Professional (US – Private Sector; EU), IAPP

CIPM – Certified Information Privacy Manager, IAPP

Fellow of Information Privacy, IAPP 

Selected one of Pennsylvania's "Lawyers on the Fast Track," The Legal Intelligencer, 2013


Ms. Kagan writes often on current privacy and data security issues of concern. Some recent publications include:

Co-author, "Uber Settles FTC Dispute Over Consumer Data Privacy and Security Allegations," Ballard Spahr alert, August 18, 2017

Co-author, "Nevada Becomes the Third State to Enact Website Privacy Notification Law," Ballard Spahr alert, August 1, 2017

Co-author, "To DPO or Not to DPO: Revised Guidance Issued on Data Protection Officers Under GDPR," Ballard Spahr alert, May 3, 2017

Co-author, "United Kingdom Privacy Office Issues Guidance on Consent Under GDPR," Ballard Spahr alert, March 15, 2017

Co-author, “Disclosure Is Key for Cross-Device Tracking, FTC Staff Report Says,” Ballard Spahr alert, January 25, 2017 

Co-author, "EU e-Privacy Regulation Raises Stakes for Compliance," Ballard Spahr alert, January 12, 2017

Co-author, "FTC Settles with Targeted Digital Advertising Company over Supercookie Advertising Practices," Ballard Spahr alert, December 23, 2016

Co-author, “Affair Website Ashley Madison Fined $8.75 Million Over Data Breach, Misrepresentations,” Ballard Spahr alert, December 15, 2016 

Co-author, "Prepare for Compliance with General Data Protection Regulation Checklist," Ballard Spahr alert, December 7, 2016 

Co-author, "HHS Designates Cloud Service Providers as Business Associates Under HIPAA," Ballard Spahr alert, November 4, 2016 

Co-author, "European Court Of Justice Rules That Dynamic IP Addresses Are Personal Data," Ballard Spahr alert, October 25, 2016

Co-author, "UK ICO Offers Guidance on Privacy Notices Under the GDPR and the UK Data Protection Act," Ballard Spahr alert, October 18, 2016

Co-author, "To (Dis)Close for Comfort–FTC Workshop Seeks Effective Consumer Disclosures," Ballard Spahr alert, September 26, 2016

Co-author, "Important Lessons for Businesses from FTC's Opinion on LabMD's Data Security Practices," Ballard Spahr alert, August 12, 2016

Co-author, "OCR Announces First HIPAA Enforcement Action against a Business Associate," Ballard Spahr alert, July 25, 2016

Co-author, "European Parliament Adopts EU General Data Protection Regulation; Steps Businesses Should Take Now," Ballard Spahr alert, April 21, 2016

Co-author, "EU-U.S. Privacy Shield Framework Text Published: Imposes New Obligations on U.S. Entities that Seek Data Transfers from the EU," Ballard Spahr alert, March 8, 2016

Co-author, "California Data Breach Report Defines “Reasonableness” Standard for Data Protection," Ballard Spahr alert, March 2, 2016

Co-author, "President Obama Gives EU Citizens Judicial Redress for Privacy Violations," Ballard Spahr alert, March 1, 2016

Co-author, "From Safe Harbor to Privacy Shield: New EU-U.S. Agreement for Transatlantic Data Flows," Ballard Spahr alert, February 9, 2016

Co-author, "Use of Big Data May Violate Federal Consumer Protection Laws, FTC Report Warns," Ballard Spahr alert, January 13, 2016

Co-author, "FTC Takes Action against App Developers on COPPA Allegations Involving Persistent Identifiers," Ballard Spahr alert, December 23, 2015

Co-author, "President Signs Bill Creating Exception to GLBA Annual Notice Requirement," Ballard Spahr alert, December 8, 2015

Co-author, "Company Prevails in Challenge to FTC Data Security Complaint," Ballard Spahr alert, November 30, 2015

Co-author, "California Updates Data Breach Notification Statute," Ballard Spahr alert, October 19, 2015 

Co-author, "Court of Justice of the European Union Invalidates U.S. Safe Harbor Framework," Ballard Spahr alert, October 7, 2015

Co-author, "European Court of Justice May Invalidate Safe Harbor Framework," Ballard Spahr alert, October 1, 2015

Co-author, "FTC Can Regulate Cybersecurity Practices, Third Circuit Rules," Ballard Spahr alert, August 31, 2015

Co-author, "NIST Guide Highlights Cybersecurity Considerations for Utilities and Manufacturing Companies," Ballard Spahr alert, August 24, 2015

Co-author, "California, Nevada Expand Scope of Customer Personal Information Subject to Reasonable Security Measures," Ballard Spahr alert, August 12, 2015

Co-author, "New NIST Guide Advises Health Care Companies on Securing Patient Health Information on Mobile Devices," Ballard Spahr alert, August 12, 2015

Contributor, "Looking Closer At the Pay Ratio Rule — And How To Comply," Law360, August 6, 2015

Co-author, "FCC Order Creates New TCPA Challenges for Companies," Ballard Spahr alert, July 13, 2015

Co-author, "FTC Follows in CFPB Footsteps with GLBA Privacy Notices," Ballard Spahr alert, June 22, 2015

Recent and Upcoming Speaking Engagements

Ms. Kagan is an adjunct professor at Drexel University Kline School of Law as part of its JD and Master of Legal Studies programs, where she teaches the upper-level course Cybersecurity and Privacy Regulation. She speaks regularly on topics of privacy and information security. Recent speaking engagements include:

Speaker, "Keep Calm and GDPR On! How to Process Guests' Information After the EU General Data Protection Regulation," Georgetown Law CLE's 2018 Hotel and Lodging Legal Summit, Washington, D.C., October 26, 2018

Panelist, "Legal Considerations of Cryptocurrency and Blockchain," The Philadelphia Bar Association Business Law Section's Banking & Commercial Finance, Cyberlaw, and Securities Regulation Committees CLE, Philadelphia, June 26, 2018

Speaker, "Eye on Virtual Currency and Blockchain Technology," Ballard Spahr webinar, September 19, 2017 

Co-Presenter: "Crisis Panel: Protecting Your Brand’s Reputation Against Cyber Warfare", Public Relations Society of America (Philadelphia Chapter), June 20, 2017

Presenter "Privacy and Data Security Issues in Big Data and Artificial Intelligence" Infragard Annual Training Seminar, June 9, 2017

Presenter "Hot Topics in Privacy and Data Security: GDPR"  Pension Group Core Lawyers 2017 Summit, June 8, 2017

Co-Presenter: "Privacy and Data Security in M&A"  Philadelphia Bar Association, May 19, 2017

Co-Presenter "Countdown to GDPR: Practical and Technological Solutions for Compliance",  Ballard CLE Program with Navigant, May 10, 2017

Panelist, "168 Hours: Make the Most of it", Ballard Women Workshop, May 4, 2017

Speaker: "Artificial Intelligence, Real Risks: Privacy and Data Security Considerations in Blockchain and Artificial Intelligence", Philly Tech Week, May 4, 2017

Participant, Technological Solutions for Privacy Compliance, Prifender Roundtable, April 18, 2017

Presenter, "Legal Aspects of Identity and Access Management in the US and the EU," CISO Executive Network: Philadelphia Breakfast Roundtable, April 5, 2017 

Speaker, "Chancellor's Forum CLE: Preventing the "Oh Ish" Moment: Dealing with Hacking and Data Breaches," Philadelphia Bar Association, February 15, 2017

Panelist, "Cybersecurity: How to Keep the Sky from Falling," Philadelphia Bar Association, December 2016 

Presenter "GDPR for Financial Institutions," Ballard Spahr webinar, September 27, 2016

Speaker, "GDPR and Brexit," Ballard Spahr – Stephenson Harwood Seminar, September 21, 2016

Moderator, "Just Dual It: Balancing a Two-Career Family," Ballard Women event, August 9, 2016

Presenter, "EU Regulation of Mobile Applications," CISO Executive Network: Philadelphia Breakfast Roundtable, June 15, 2016

Speaker, "Israeli Entrepreneurs & Investors Reception," IsraeliMappedinNY, New York, June 8, 2016

Panelist "Cybersecurity Oversight & the Board," Greater Philadelphia ACC, June 7, 2016

Panelist "Privacy and Data Security in M&A and Vendor Management," ACC Greater Philadelphia Chapter 8th Annual In-House Counsel Conference, April 19, 2016

Presenter, "Privacy Shield, Judicial Redress Act, CISA, and GDPR," Ballard Spahr webinar, April 14, 2016

Presenter, "Privacy and Data Security in the Hospitality Industry," Smeal College Digital Marketing in Hospitality Program, April 8, 2016

Speaker, "Negotiating Cloud Service Agreements: A Practical Guide," Pennsylvania Bar Institute: 21st Annual Business Lawyers Institute, November 5, 2015

Presenter, "Managing Vulnerabilities & Risks," CISO Executive Network: Philadelphia Breakfast Roundtable, October 14, 2015

Speaker, "Data Breaches & Cyber Threats What Law Firms & Their Clients Need to Know About 21st Century Threats to Their Businesses", Camden County Bar Association, October 13, 2015

Presenter, "The FFIEC Cybersecurity Assessment Tool: Is Your Company at Risk?" Ballard Spahr webinar, August 4, 2015

Speaker, "Big Data, Big Risk: Privacy Considerations for Individuals and Corporations," Philadelphia KnowledgeNet and Happy Hour, July 16, 2015

Speaker, "The New European Union Data Protection Framework: Issues Affecting Multinational Companies," Ballard Spahr CLE Program live in Philadelphia and via webinar, June 25, 2015

Speaker, "June NY Information Security Meetup, Philadelphia," Ballard Spahr program, June 25, 2015

Panelist, "Coulda Woulda Shoulda: Mistakes your Start Up Company Should Avoid," April 22, 2015, Scion Motivatour – Philadelphia

"Big Data – Big Risks: Privacy Considerations for Individuals and Corporations," Philly Tech Week, April 21, 2015

Panelist, "It’s Legal but Not Good Business": Panel on Legal Considerations in Big Data," Penn State Smeal College of Business, April 17, 2015

Panelist, "Igniting Innovation—Cyber Security: A Conversation with the Experts," the Information Technology Action Group of Chester County, March 12, 2015

"Cybersecurity Compliance," Middle Atlantic Chapter, Society for Corporate Secretaries and Governance Professionals — Spring Conference, Philadelphia, May 28, 2014

University of Strathclyde, Glasgow (LL.M., EU IT & Telecommunications Law, 2009, with distinction)

Temple University School of Law (LL.M. 2009)

Tel Aviv University School of Law (LL.B. 1999)

Editorial board member, Tel Aviv University Studies in Law



New York



England & Wales (Solicitor of the Supreme Court, inactive)

New South Wales, Australia (Legal Practitioner, inactive)