Applying new knowledge to real problems for measurable results.
Home > Penn State Executive Programs > Outside Faculty > Odia Kagan, CIPP/E, CIPP/US, CIPM


Privacy and Data Security Attorney
Ballard Spahr LLP

Odia Kagan combines her in-depth knowledge of privacy and data security regulations and best practices with her keen understanding of emerging and information technologies, to provide clients with practical advice on how to design and implement their products and services, consummate their M&A transactions, and engage third party vendors, in the US and abroad. She utilizes her ability to break down complex concepts into easy to understand action items to provide effective ongoing counselling to clients in their day-to-day operations.

With a transactional practice focus, Ms. Kagan negotiates cloud computing, outsourcing and e-commerce agreements both on the vendor and on the client side and prepares privacy and information security policies and procedures. A former partner in a Tel-Aviv, Israel law firm, Ms. Kagan has substantial experience working with Israeli start-ups and assisting multinational companies with cross border transactions.

Ms. Kagan is a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional in the laws of the United States – private sector (CIPP/US) and in the laws of the European Union (CIPP/E). Previously a first lieutenant in the Israeli Defense Forces, Ms. Kagan served as a military advocate and as a legal adviser to the Military Advocate General and as an adviser to the head of the Council for Cable and Satellite Broadcasting of the Israel Ministry of Communications.

Representative Capabilities and Engagements:

  • Drafted and negotiated complex licensing, services and service level agreements for IT systems, data mining applications and equipment management services, for a large healthcare organization.
  • Drafted and negotiated master services agreements and extensive privacy and data security exhibits for a provider of hosted data analytics service for healthcare organizations.
  • Drafted and negotiated privacy policies, terms of use and end-user agreements for a provider of a hosted mobile app for sports teams, a provider of services for the gaming industry and a provider of a platform for online investments.
  • Managed a privacy and information security focused legal due diligence process, negotiated privacy and information security representations and warranties and advised clients as to deal and post- closing strategy based on diligence findings in merger and acquisition transactions, including a mobile payment provider, a provider of a cybersecurity platform, a provider of land registration title service and a purchaser of a mortgage lending portfolio .
  • Advised and negotiated provisions with respect to US/EU Safe Harbor framework compliance and intra company transfer agreements for the transfer of personal information from EU countries to countries outside the EU for a large corporation providing corporate and title registration services, for a company providing services to clinical trials and for a company providing services to mobile gaming applications.
  • Advised on privacy and security by design in the formulation of services and product offerings for a provider of an enterprise data analytic application, a provider of software for gaming applications, a provider of services for clinical trials, etc.