Alexandra Sumner

Your part-time lawyer for full-time problems.

Licensed in: Indiana

About

Sumner Privacy Law helps companies of all sizes navigate complex privacy laws with clear, practical guidance. My approach is collaborative and business-minded, translating regulatory requirements into decisions teams can actually implement. The goal is simple: thoughtful privacy practices that scale as your company grows. My practice focuses on the day-to-day legal and operational needs that arise as organizations collect, use, and share data. I advise clients on compliance with major privacy frameworks including HIPAA, the GDPR, the CCPA/CPRA, and other evolving U.S. state privacy laws, helping translate legal obligations into workable policies and processes. This includes conducting HIPAA compliance analyses, reviewing and drafting Business Associate Agreements (BAAs), evaluating vendor and data-processing relationships, and advising on appropriate safeguards for protected health information and other sensitive data. I also assist companies with GDPR and cross-border data transfer reviews, privacy notice and policy development, data processing agreements, and vendor privacy assessments. My work often includes reviewing product features and data flows to identify privacy risks early, supporting privacy-by-design initiatives, and helping companies prepare for regulatory inquiries or internal audits. In addition, I counsel organizations on data governance, incident response planning, and employee training so that privacy compliance is embedded into everyday business operations rather than treated as an afterthought.

Practice Areas

Health & Life > BAAsTechnology Law > HealthtechData Privacy > EU Privacy ShieldData Privacy > HIPAAData Privacy > Privacy PoliciesData Privacy > Int'l PrivacyHealth & Life

Services

Fractional General Counsel and Privacy Leadership
Experienced, part-time legal and privacy leadership embedded within your organization — managing legal risk, overseeing privacy programs, and providing strategic counsel on data protection and AI governance without the overhead of full-time hires.
Contact
Privacy and AI Product Counseling
Embedded legal guidance for product, engineering, and business teams to integrate privacy and AI compliance from design through deployment.
Contact
Startup and Growth-Stage Legal Support.
Flexible, right-sized legal counsel for early and growth-stage companies managing the legal foundations needed to scale responsibly.
Contact

Work

Chief Privacy Officer and Corporate Counsel
MicroHealth
Apr 2024 - Present
Data Privacy and Security Program Manager
Endotronix
Apr 2023 - Apr 2024
Privacy and Product Counsel
Mahana Therapeutics
Aug 2022 - Feb 2023

Education

Indiana University Robert H. McKinney School of Law
J.D.
Valparaiso University
Bachelor of Arts (English and Spanish) • 2016