Accessibility Statement

Christian M. Auty

Partner

Chicago

+1 312 577 1293

Areas of Work

AI, Data & Digital, Blockchain & Cryptocurrency

Overview

Christian Auty advises clients on the full lifecycle of data privacy and cybersecurity matters, from regulatory compliance and risk management to breach response and cross-border data governance, as well as on data privacy and governance considerations in emerging technologies such as artificial intelligence and blockchain.

Christian works with clients across a range of industries, including healthcare, financial services, insurance, and retail, to develop practical, business-aligned strategies for managing data-related risk.

Christian counsels clients on compliance with a broad spectrum of U.S. and international privacy laws. His work includes advising on the Health Insurance Portability and Accountability Act (HIPAA), state law, and interoperability and information sharing issues for healthcare data, the Gramm-Leach-Bliley Act (GLBA) for financial institutions, and the Children’s Online Privacy Protection Act (COPPA) for online services directed at children. He also helps multinational organizations navigate the European Union's General Data Protection Regulation (GDPR), as well as emerging U.S. state-level laws.

In addition to regulatory compliance, Christian has extensive experience guiding clients through cybersecurity incidents and breach response. He regularly serves as breach coach for global organizations, leading responses to dozens of data breaches each year and advising on regulatory investigations and enforcement actions. His litigation background informs a pragmatic, risk-aware approach to incident response and regulatory scrutiny.

  • Illinois
  • J.D., University of Michigan, cum laude
  • B.A., Boston College

Representative Matters

Data Privacy – Select Matters

  • Represented a health insurer in matters related to privacy and data security compliance including advice related to privacy representations, cookies and digital marketing issues, data subject access and deletion requests, contracting compliance, marketing strategies and related privacy compliance issues
  • Represented a HIPAA covered entity and public company in matters relating to security incident and data breach notification, including SEC notification procedures and materiality analysis
  • Advised a HIPAA covered entity in use and disclosure restrictions, exceptions and deidentification standards
  • Acted as lead counsel in response to dozens of data breaches and security incidents ranging from business email compromises, spear phishing and social engineering, wire fraud, and ransomware
  • Advised a GLBA financial institution on all matters related to compliance with the GLBA Privacy and Safeguards Rules, compliance with interagency guidance related to data breach notification and risk of harm, and related issues
  • Advised a financial institution and exchange on all matters related to privacy representations, cookies and digital marketing issues, data subject access and deletion requests, contracting compliance, marketing strategies and related privacy compliance issues
  • Advised multiple clients on potential liabilities and risks associated with CIPA, the VPPA, session replay software, trackers and related analytics
  • Advised multiple clients on data offshoring and data transfer strategies, adequacy considerations, standard contractual clauses and Privacy Framework issues, and other related restrictions on offshore transfers including the DOJ’s Bulk Data Transfer restrictions
  • Acted as lead counsel advising a client in all matters relating to a data breach requiring reporting in 15 international jurisdictions resulting in a declination of further investigation in all jurisdictions
  • Advised an insurance producer on all matters related to privacy and data security compliance including advice related to privacy representations, cookies and digital marketing issues, data subject access and deletion requests, contracting compliance, marketing strategies and related privacy compliance issues
  • Advised multiple clients on procurement and supplier auditing and compliance strategies
  • Represented a financial institution concerning development of AI protocols, policies and procedures including creation of risk assessment parameters

Speaking Engagements

  • "Introduction to Data Subject Access Requests: Purpose, Examples, Responding to Requests, Navigating Compliance," Strafford Webinar, July 16, 2025

News & Publications

Client Alerts

Three Key Takeaways from the NY DFS HealthPlex Settlement

August 28, 2025

By: Christian M. Auty, Tarrian L. Ellis

StepTechToe

Four Takeaways for CCPA-Covered Businesses from the Healthline Settlement

August 20, 2025

By: Christian M. Auty

Client Alerts

The Trump Administration's AI Action Plan: Deregulation and Global Dominance

July 24, 2025

By: Christian M. Auty, Evan T. Abrams, Michelle Castaline, Tyler Evans, Elizabeth Goodwin, Michelle Kallen, William M. Keyser, Michele Nellenbach, Michel Paradis, Marlon Paz, Claire Rajan, Alexandra C. Scheibe, Christopher Suarez, Jack R. Hayes, Peyton Thomas, Ross Weingarten

Press Releases

Christian Auty Joins Steptoe, Brings Global Data Privacy Focus to Elite International Trade and Compliance Team

July 16, 2025

Events

Webinars

Hot Topics in Privacy Enforcement

September 11, 2025

Speakers: Christian M. Auty, Shannon Reid

Professional Affiliations

  • International Association of Privacy Professionals (IAPP)
  • Illinois Association of Health Care Attorneys
  • American Bar Association
Press Releases Steptoe Earns "Outstanding" Recognition in World IP Review's Global Trade Secrets Rankings 2025 August 18, 2025 Press Releases Santiago Gomez Cifuentes Elected to GATT DC Board of Directors August 8, 2025 Webinars Staying Ahead of the Curve on Biocides September 17, 2025
Press Releases Steptoe Files Pro Bono Amicus Brief in Ninth Circuit Anti-Discrimination Case July 31, 2025 Press Releases Karen Bruni Recognized as a 2025 Law360 Rising Star in Energy July 30, 2025 Press Releases Steptoe Represents Amex GBT in DOJ Dismissal of Challenge to CWT Acquisition July 30, 2025 Client Alerts Navigating the "Saving College Sports" Executive Order: Key Implications for Stakeholders July 29, 2025 Press Releases Steptoe Hosts Annual Pro Bono Reception 2025 July 25, 2025 Press Releases Steptoe Earns Top Recognition in 2025 China Business Law Awards July 25, 2025 Press Releases Lena Silva Elected Houston Young Lawyers Association Board of Directors President July 23, 2025 Press Releases Galen Kast Recognized as a 2025 Law360 Rising Star in White Collar July 22, 2025 Press Releases Christian Auty Joins Steptoe, Brings Global Data Privacy Focus to Elite International Trade and Compliance Team July 16, 2025

View More