Joshua R. Fattal is an associate in Morrison Foerster’s Privacy + Data Security Group. He advises clients across industries on data protection best practices, product development, complex national and international regulatory compliance, transaction diligence, incident preparedness and response, and emerging topics, such as the use of artificial intelligence (AI).

Joshua regularly counsels clients in a variety of industries on complex data privacy issues related to local, state, and federal legal frameworks, including the California Consumer Privacy Act (CCPA) and other U.S. state privacy laws; the Biometric Information Privacy Act (BIPA) and other U.S. state and local biometric laws; the Gramm-Leach-Bliley Act (GLBA); the Fair Credit Reporting Act (FCRA); the Telephone Consumer Protection Act (TCPA); the Children’s Online Privacy Protection Act (COPPA); and the Family Educational Rights and Privacy Act (FERPA). Joshua also advises clients on cybersecurity laws, regulatory requirements, and best practices, including the SEC’s cybersecurity disclosure rules for public companies, registered investment advisors, and broker-dealers; the New York State Department of Financial Services’ (NYDFS) Cybersecurity Regulation; and the NIST Cybersecurity Framework. Joshua also advises global clients on foreign privacy and security frameworks, including the General Data Protection Regulation (GDPR), the EU-U.S. Data Privacy Framework, and the EU’s e-Privacy Directive.

Joshua works with clients ranging from emerging to public companies across a variety of industries, including technology, life sciences, EdTech, Fintech, crypto, consumer services, and AdTech. Joshua assists clients in developing information security policies and procedures, standing up cybersecurity governance processes, negotiating data transfer and processing agreements, designing third-party vendor risk management programs, and product development and design. Joshua also advises clients on incident response strategy, assisting companies in investigating data breaches and preparing notifications to customers, affected individuals, and regulators. As part of his practice, Joshua performs privacy and cybersecurity due diligence and negotiates transaction documents in connection with public and private corporate deals.

Joshua maintains an active pro bono practice. He has worked on numerous immigration matters, helping to reunite separated families and obtaining a grant of asylum for a Honduran woman escaping sexual violence. Joshua has also represented tenants in litigation against their landlords over unhabitable living conditions. Additionally, Joshua regularly helps nonprofits build and develop their privacy and cybersecurity programs.

Prior to joining Morrison Foerster, Joshua was an associate in the data privacy and cybersecurity practice at another international law firm. Joshua previously worked in the U.S. Intelligence Community, including as an attorney advisor in the Intelligence Law Division at the U.S. Department of Homeland Security, where he advised government officials on compliance with domestic and international privacy regimes and data security matters related to information sharing, data analytics, and cloud computing technology. In 2020, Joshua was a judicial law clerk for the Honorable Sarah Netburn, U.S. Magistrate Judge, Southern District of New York.

Joshua received his J.D. from New York University School of Law, where he graduated cum laude and was recognized as a Robert McKay Scholar. Joshua was also awarded the ASPIRE Cybersecurity Scholarship, a prestigious full-tuition merit scholarship providing a select group of students with a cybersecurity education from a multidisciplinary perspective. Joshua received his B.A. from Columbia University, where he graduated magna cum laude and was a member of Phi Beta Kappa.