Alexandra Sumner

Because privacy is easier to build than repair.

Licensed in: Indiana

About

SuSumner Privacy Law helps companies of all sizes navigate complex privacy laws with clear, practical guidance. My approach is collaborative and business-minded, translating regulatory requirements into decisions teams can actually implement. The goal is simple: thoughtful privacy practices that scale as your company grows. My practice focuses on the day-to-day legal and operational needs that arise as organizations collect, use, and share data. I advise clients on compliance with major privacy frameworks including HIPAA, the GDPR, the CCPA/CPRA, and other evolving U.S. state privacy laws, helping translate legal obligations into workable policies and processes. This includes conducting HIPAA compliance analyses, reviewing and drafting Business Associate Agreements (BAAs), evaluating vendor and data-processing relationships, and advising on appropriate safeguards for protected health information and other sensitive data. I also assist companies with GDPR and cross-border data transfer reviews, privacy notice and policy development, data processing agreements, and vendor privacy assessments. My work often includes reviewing product features and data flows to identify privacy risks early, supporting privacy-by-design initiatives, and helping companies prepare for regulatory inquiries or internal audits. In addition, I counsel organizations on data governance, incident response planning, and employee training so that privacy compliance is embedded into everyday business operations rather than treated as an afterthought.

Practice Areas

Health & Life > BAAsTechnology Law > HealthtechData Privacy > EU Privacy ShieldData Privacy > HIPAAData Privacy > Privacy PoliciesData Privacy > Int'l PrivacyHealth & Life

Services

Fractional Privacy Counsel, CPO, and DPO Support
Experienced, part-time privacy leadership to help organizations design, operate, and scale privacy programs without the cost of a full-time hire.
Contact
Contracts and Commercial Support
Drafting, review, and negotiation of privacy- and AI-related contractual provisions to support commercial objectives while appropriately allocating regulatory and data risk.
Contact
Privacy and AI Product Counseling
Embedded legal guidance for product, engineering, and business teams to integrate privacy and AI compliance from design through deployment.
Contact

Work

Chief Privacy Officer and Corporate Counsel
MicroHealth
Apr 2024 - Present
Data Privacy and Security Program Manager
Endotronix
Apr 2023 - Apr 2024
Privacy and Product Counsel
Mahana Therapeutics
Aug 2022 - Feb 2023

Education

Indiana University Robert H. McKinney School of Law
J.D.
Valparaiso University
Bachelor of Arts (English and Spanish) • 2016