Amber Thomson counsels a wide range of clients, including private equity firms, financial institutions, retailers, and technology companies, on complex and cutting-edge issues related to cybersecurity and privacy. She also helps clients assess and implement compliance and remediation efforts across a broad range of domestic and international privacy and cybersecurity regulations, including US state comprehensive privacy laws, CPRA, HIPAA, TCPA, PCI DSS, CAN-SPAM, and GDPR.

Amber regularly advises organizations that develop online services, mobile applications, connected devices, and educational technologies on compliance with COPPA, state children’s privacy laws, age-appropriate design requirements, app store accountability laws, and evolving regulatory expectations for minors’ data. Her work includes designing youth specific data governance frameworks, developing age verification and parental consent mechanisms, and guiding clients through product assessments involving children’s data, profiling, and targeted advertising.

Her cybersecurity incident experiences spans deepfakes, business email compromise, and double- and triple-extortion ransomware attacks. Carrying out these efforts, she advises clients throughout the incident response life cycle, from investigation and containment to remediation and notification. Amber also represents organizations in class-action data breach litigation and in responding to federal and state regulatory inquiries arising from security incidents.

Amber regularly collaborates on privacy and data security due diligence and provides executive and board-level training on incident response, privacy legal compliance, children’s privacy obligations, and the broader US cybersecurity and privacy law landscape. Clients trust and rely on her subject-matter depth and practical, business-focused approach to risk management.

Amber is recognized as a Certified AI Governance Professional (AIGP) by the International Association of Privacy Professionals (IAPP).