James counsels clients on information privacy, cybersecurity, and compliance issues. He represents a wide variety of technology companies in consumer internet, SaaS, healthtech, pharmaceutical, telecommunications, and entertainment technology industries, as well as a number of leading venture capital firms. James also routinely helps clients navigate the legal issues associated with emerging technologies, including artificial intelligence and blockchain.

James advises clients on the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act, (VCDPA), the Children’s Online Privacy Protection Act (COPPA), the Health Insurance Portability and Accountability Act (HIPAA), Massachusetts General Law Chapter 93H and 201 CMR 17.00, state breach notification laws, and other privacy and cybersecurity laws. James’s practice focuses on providing forward-thinking solutions, including by advising on product and compliance counseling, developing and implementing global cybersecurity and privacy programs to meet state, federal, and international laws and self-regulatory regimes, conducting risk assessments and identifying solutions to help safeguard consumer data, guiding incident preparedness and response, and managing messaging and media scrutiny in the wake of adverse publicity. His practice also includes advising on privacy considerations in connection with venture capital financings, mergers, asset sales, and IPOs, and negotiating the privacy and data security terms of commercial transactions.

James is a Certified Information Privacy Professional (CIPP), holding the U.S. private-sector privacy certification (CIPP/US) and the pan-European data protection certification (CIPP/E), each granted by the International Association of Privacy Professionals (IAPP), the global standard in privacy certification. James is also certified in HIPAA and US Regulation of Health Data by the Privacy + Security Academy.

Before joining Gunderson, James worked in the Boston office of a national law firm where his practice focused on assisting corporations and their boards in addressing the legal and strategic aspects of data privacy laws and cybersecurity risk, and preparing for and responding to data breaches, hacking, ransomware attempts, and other cyberattacks.