Web Analytics
About Sarah

Privacy and security compliance and breach counsel

Sarah Erdmann guides clients on a variety of data privacy and security compliance matters for health and non-health clients. She helps clients create and update internal privacy and security compliance programs, prepare and revise website privacy policies and terms and conditions, and aids in client response to security incidents and data breaches.

Experience in Action

  • Counsels clients during security incidents and breaches, including investigation, incident response, notification to affected individuals and notification to state and federal regulators.
  • Assists clients during investigations and audits by the Office for Civil Rights (OCR) and state attorneys general.
  • Advises clients on health-specific state and federal data privacy and security laws, including the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH), 42 CFR Part 2 (Confidentiality of Alcohol and Drug Abuse Treatment Records) and state data breach laws, as well as state laws governing the confidentiality of medical records, mental health records and records containing other sensitive information.
  • Guides clients on compliance with non-health-specific state and federal data privacy and security issues, including those related to internet terms and conditions and privacy policies.
  • Assists in preparing and updating data privacy and security compliance programs, including drafting and revising policies and procedures, preparing workforce training and developing security reminders for compliance with applicable federal and state law.
  • Advises clients on matters related to mergers and acquisitions (M&A), including due diligence review of entity privacy and security programs to determine compliance with HIPAA/HITECH, 42 CFR Part 2, state laws governing health information, medical records and other sensitive information, state laws governing personal information and state data breach laws.


  • Successfully assisted client in responding to data breach, including guiding client through investigation of incident, preparing notifications to individuals and applicable regulators, and responding to inquiries from affected individuals and regulators.
  • Guided client in assessing and updating compliance programs to comply with requirements under state comprehensive privacy laws, including assisting with the creation of data maps, revising internal privacy and security policies, and updating external privacy notices.

Professional Recognitions

  • Best Lawyers in America® (2024: Health Care Law
  • Wisconsin Super Lawyers® "Rising Stars" (2023: Health Care)

Professional & Civic Activities

  • International Association of Privacy Professionals, member
  • Wisconsin Humane Society Advisory Board, member
  • State Bar of Wisconsin, member
  • American Health Law Association, member
  • Association for Women Lawyers, member
  • Milwaukee Bar Association, member

News & Insights


Bar Admissions

Back to Main Content

We use cookies to provide you with the best user experience on our website and to analyze statistics related to our website. To understand more about how we use cookies, or for instructions to change your preference and browser settings, please see our Privacy Notice. Please note that if you choose to reject cookies, doing so may impair some of our website's functionality.