Joshua R. Fattal is an associate in Morrison Foerster’s Data, Cyber + Privacy Group. He advises clients across industries on data protection best practices with a focus on emerging issues at the intersection of data privacy, security, and new technologies, including artificial intelligence (AI) and national security regulations pertaining to sensitive U.S. personal data.

Joshua regularly counsels clients ranging from startups to multinational corporations on the legal implications of using AI and large language models (LLMs). He advises on compliance with global AI regulations, including the EU AI Act and Colorado AI Act, and provides guidance on AI governance, responsible AI use, and generative AI best practices.

He also advises clients on compliance with U.S. laws governing the protection of sensitive data from adversary countries. He has assisted in clients’ complex due diligence of their data use and disclosure practices and in developing cross-functional compliance programs to meet evolving cross-border data transfer requirements.

Joshua’s experience spans a variety of industries, including technology, life sciences, edtech, fintech, crypto, and consumer services. He counsels clients on compliance under local, state, and federal privacy regulations such as the California Consumer Privacy Act (CCPA), biometric and financial data privacy laws, and cybersecurity regulations. He also guides clients through compliance with international frameworks like the General Data Protection Regulation (GDPR), the EU-U.S. Data Privacy Framework, and the EU ePrivacy Directive.

His practice encompasses data incident response strategies, including breach investigations and regulatory notifications. He also conducts privacy and cybersecurity due diligence for corporate transactions and advises on information security policies, cybersecurity governance, vendor risk management, and privacy-by-design product development.

Joshua maintains an active pro bono practice. He has successfully secured asylum for multiple clients, including a Cameroonian political activist and a Honduran survivor of gender-based violence. He has also represented tenants in housing litigation and advised nonprofits on privacy and cybersecurity matters.

Joshua earned his J.D. from NYU School of Law, where he graduated cum laude, was a Robert McKay Scholar, and received the full tuition ASPIRE Cybersecurity Scholarship. He received his B.A., magna cum laude, from Columbia University and is a member of Phi Beta Kappa. He previously served in the U.S. Intelligence Community, including as an attorney advisor in the Intelligence Law Division at the U.S. Department of Homeland Security. He also clerked for the Honorable Sarah Netburn, U.S. Magistrate Judge in the Southern District of New York.