Dan Ongaro brings more than a decade of experience as a cybersecurity and privacy consultant to inform his legal practice. He is a Certified Information Systems Security Professional (CISSP) and has worked on several high-profile data breaches that involve state, federal, and international regulators.
Since his transition into law, Dan's focus includes data breach response (identification of impacted data, analysis of applicable regulations, notification of individuals and regulators, investigations, and remediation). His practice also involves advising clients on cybersecurity and privacy compliance (e.g., National Institute of Standards and Technology [NIST] Cybersecurity Framework, California Consumer Privacy Act [CCPA], Health Insurance Portability and Accountability Act [HIPAA], and other regulatory regimes). Dan assists clients with structuring and drafting contracts or agreements that involve cloud services, technology licensing, master services agreements, and related scopes of work.
Dan maintains an active pro bono practice that includes a pretrial detainee's Section 1983 civil rights case and initiatives to combat human trafficking.
Prior to practicing law, Dan worked as a cybersecurity, privacy, and risk consultant for PricewaterhouseCoopers (PwC) for 10 years, where he led teams' assessments of organizations' compliance with IT, regulatory, and financial requirements. He also authored official reports used by agency executives and Congress to assess opportunities for federal agencies and government contractors to enhance their cybersecurity and privacy posture. He is also a Certified Information Privacy Professional (CIPP/US) and a Certified Public Accountant (CPA) licensed in Virginia.
- Georgetown University (J.D. cum laude 2019; Executive Notes Editor, Georgetown Law Journal); University of Minnesota (B.S. in Management Information Systems and Accounting 2008)
- Intern, Constituent Services, United States Senate (2006)