Sarah L. Rugnetta


Sarah Rugnetta is a partner in the New York City office of Lewis Brisbois and a vice chair of the Data Privacy & Cybersecurity Practice. She advises clients on strategies to reduce risk through business-oriented approaches to data privacy and security compliance. A former privacy officer and regulator, Sarah has worked in health law, regulatory compliance, risk management, and data privacy and security for over 15 years. Sarah has substantial experience advising clients on the applicability of domestic and international laws, conducting data privacy assessments, developing data privacy programs, and facilitating trainings and tabletop exercises. She drafts and negotiates technology contracts, licenses and data use agreements, and works with clients to develop third-party management programs to mitigate potential risks posed by vendor relationships.

Sarah also helps clients to prepare for and respond to data security events, counseling organizations throughout the investigation, notification and reporting phases of data incidents. A former Assistant General Counsel with the Vermont Department of Financial Regulation, Sarah regularly interfaces with state and federal agencies in response to investigations, enforcement actions and compliance audits. She also served as a Program and Policy Advisor for the U.S. Agency for International Development in New Delhi, India, where she advised on health and gender programs, and facilitated intra-agency communication, outreach and interagency coordination.

Sarah holds the CIPP/Europe (CIPP/E) credential.


Certified Information Privacy Professional/Europe (CIPP/E)


Stage a Cybersecurity Fire Drill, HEALTH TECH, Fall 2020, 43-44


  • State Bar Admissions
    • New York
    • Vermont


  • International Association of Privacy Professionals (IAPP)
  • New York State Bar Association


University at Buffalo Law School

St. Lawrence University

arrow Back to Attorneys