Skip to main content

Heidi Wachs

Managing Director

Stroz Friedberg


Heidi L. Wachs is Managing Director, Engagement Management, and head of the Washington, D.C. office of Stroz Friedberg, an Aon Company, where she helps clients prepare for and respond to data breach and cybersecurity incidents and develop and implement data privacy and information security programs. Ms. Wachs oversees complex investigations involving the collection, use, and sharing of data and personal information, in particular through the use of APIs, scraping, hacking, cookies, and other third-party web page integrations. Ms. Wachs' experience includes serving as a technical analyst and Chief Privacy Officer for a leading national research university, and she frequently lectures and publishes on best practices for data privacy and breach response, information security, and information governance.

Ms. Wachs has led numerous incident responses to ransomware attacks, business e-mail compromises, wire transfer fraud, malware infections, and large scale data breaches involving personal information. She advises clients and works closely with in-house and outside counsel through the entire lifecycle of matters by quickly assembling digital forensics and incident response teams, supervising the deployment of proprietary incident response technologies, briefing C-suite executives and other business and legal stakeholders, and coordinating supplemental resources across multiple practice areas, such as the intelligence division to conduct deep and dark web monitoring.

In proactive matters, Ms. Wachs guides companies in developing and implementing information governance and information security policies, programs, and procedures, including leading tabletop exercises for executives and technical teams. Ms. Wachs has also co-led large-scale investigations to assist clients in understanding and reviewing their data collection, use, and retention policies. These complex technical and privacy investigations, including retroactive reviews, enable companies to identify historical and ongoing abuse of APIs and help clients to remediate the excessive collection, unauthorized sharing, misuse, and unauthorized scraping of data by third parties.

Before joining Stroz Friedberg, Ms. Wachs helped lead the Data Privacy and Cybersecurity practice at an AmLaw 100 law firm, where she counseled clients across a broad range of industries on privacy, information governance, and cybersecurity issues. Her practice spanned proactive and reactive advice on data breaches and cybersecurity incidents, including developing incident response plans, creating and facilitating tabletop breach response exercises, managing all aspects of breach response including drafting internal and external communications, engaging third-party cyber forensic investigators on behalf of clients to preserve applicable attorney-client and/or attorney work product privilege, and coordinating notification to regulators, federal and state government agencies, and affected individuals. She also advised clients on developing, reviewing, and revising privacy, information security, and information governance policies to mitigate information and cybersecurity risk.

Prior to her law firm experience, Ms. Wachs worked with information technology professionals in higher education and the private sector. She served as a Research Director on the Identity & Privacy Strategies team at a global research and consulting firm, where she authored technical publications for a global client base and presented at worldwide events on topics including privacy, information classification, and identity governance and administration. As the first University Chief Privacy Officer and Director of IT Policy for a leading national research university, she established and managed university-wide data privacy initiatives for information technology operations and data breach response. Earlier in her career, Ms. Wachs represented technology-focused clients as a public relations executive.

In 2017, Ms. Wachs was recognized by the National Law Journal as a Cybersecurity and Data Privacy Trailblazer. She was also named to the Legal 500 in 2017 and 2016. Ms. Wachs earned her B.A. in Journalism from Lehigh University and her J.D. from the Benjamin N. Cardozo School of Law, where she served as Managing Editor of the Women's Law Journal. She is admitted to the bars of the District of Columbia and the United States Supreme Court and is a certified information privacy professional, CIPP/US.