Theodore P. Augustinos

Partner

860.541.7710

More ways to contact Theodore P. Augustinos

Ted advises clients on cutting-edge privacy and data protection matters. Clients trust him to help them navigate emerging state privacy laws including the California Consumer Privacy Act, and cybersecurity requirements such as the NY DFS Cybersecurity Regulation.

Speaking Engagements

Privacy + Security Forum: Spring Academy
Overview
Representative Matters
Insights
Awards

Ted advises clients across various industries — including financial services, insurance, health care, consumer products, technology, and telecommunications — on privacy and data protection, cybersecurity compliance, and breach response. He has led key initiatives related to the California Consumer Privacy Act (CCPA), cybersecurity incident preparedness and response, and the New York DFS Cybersecurity Regulation. Ted helps clients handle all aspects of emerging legal and regulatory requirements, including designing and implementing privacy policies, drafting and negotiating contracts, and developing cybersecurity risk management programs.

Ted has deep experience preparing for and responding to data breaches, including leading forensic investigations, coordinating responses to regulatory inquiries, and counseling on necessary notifications.

Ted’s clients appreciate his ability to simplify complex regulations and provide actionable insights across the rapidly evolving landscape of privacy and data protection.

  • Guided diverse clients on compliance with emerging legal and regulatory frameworks, including state privacy laws such as the CCPA, and the New York DFS Cybersecurity Regulation.
  • Advised international, national, and regional insurance companies and producers on privacy and data protection issues related to innovative business initiatives, including the applicability and interplay of federal, state, and foreign disclosure and other requirements, such as GLBA, HIPAA, the CCPA, and the New York DFS Cybersecurity Regulation.
  • Advised companies in various industries on legal and regulatory issues related to use of AI and processing of biometric data.
  • Assisted a variety of companies in incorporating privacy and data security representations, warranties, and indemnities into acquisition agreements and vendor contracts, and conducting related due diligence, mitigating risk in complex transactions.
  • Created information security programs and specialized programs for clients to manage cybersecurity risks from service providers, including privacy and data security contract addenda, and enhancing overall security posture.
  • Coordinated comprehensive breach response activities, including directing forensic investigations, conducting legal and regulatory analyses, preparing required notifications, and responding to follow-up inquiries from government agencies.
  • Worked with multinational clients in transferring data across jurisdictions for purposes of business operations, transactions, and investigations in compliance with data transfer restrictions.
  • Provided legal guidance to national and local nonprofit organizations following the loss of donor credit card and employee personal information, coordinating responses to customers, law enforcement, and regulators, and preparing required notifications.
  • Counseled clients involved in insurtech projects on complex privacy, data transfer, protection, and cybersecurity matters, particularly in creating data lakes and utilizing anonymized and aggregated data responsibly.
  • Chambers USA: Privacy & Data Security: Cybersecurity – Nationwide (2025)
Overview

Ted advises clients across various industries — including financial services, insurance, health care, consumer products, technology, and telecommunications — on privacy and data protection, cybersecurity compliance, and breach response. He has led key initiatives related to the California Consumer Privacy Act (CCPA), cybersecurity incident preparedness and response, and the New York DFS Cybersecurity Regulation. Ted helps clients handle all aspects of emerging legal and regulatory requirements, including designing and implementing privacy policies, drafting and negotiating contracts, and developing cybersecurity risk management programs.

Ted has deep experience preparing for and responding to data breaches, including leading forensic investigations, coordinating responses to regulatory inquiries, and counseling on necessary notifications.

Ted’s clients appreciate his ability to simplify complex regulations and provide actionable insights across the rapidly evolving landscape of privacy and data protection.

Representation Matters
  • Guided diverse clients on compliance with emerging legal and regulatory frameworks, including state privacy laws such as the CCPA, and the New York DFS Cybersecurity Regulation.
  • Advised international, national, and regional insurance companies and producers on privacy and data protection issues related to innovative business initiatives, including the applicability and interplay of federal, state, and foreign disclosure and other requirements, such as GLBA, HIPAA, the CCPA, and the New York DFS Cybersecurity Regulation.
  • Advised companies in various industries on legal and regulatory issues related to use of AI and processing of biometric data.
  • Assisted a variety of companies in incorporating privacy and data security representations, warranties, and indemnities into acquisition agreements and vendor contracts, and conducting related due diligence, mitigating risk in complex transactions.
  • Created information security programs and specialized programs for clients to manage cybersecurity risks from service providers, including privacy and data security contract addenda, and enhancing overall security posture.
  • Coordinated comprehensive breach response activities, including directing forensic investigations, conducting legal and regulatory analyses, preparing required notifications, and responding to follow-up inquiries from government agencies.
  • Worked with multinational clients in transferring data across jurisdictions for purposes of business operations, transactions, and investigations in compliance with data transfer restrictions.
  • Provided legal guidance to national and local nonprofit organizations following the loss of donor credit card and employee personal information, coordinating responses to customers, law enforcement, and regulators, and preparing required notifications.
  • Counseled clients involved in insurtech projects on complex privacy, data transfer, protection, and cybersecurity matters, particularly in creating data lakes and utilizing anonymized and aggregated data responsibly.
Insights

Speaking Engagements

Privacy + Security Forum: Spring Academy

Articles + Publications

2024 Privacy, AI & Cybersecurity Year in Review

Articles + Publications

Practical Approaches to the CCPA

Articles + Publications

Data Minimization Under the CCPA

See all insights from Theodore P. Augustinos

Awards
  • Chambers USA: Privacy & Data Security: Cybersecurity – Nationwide (2025)

Top areas of focus

  • Certified Information Privacy Professional, International Association of Privacy Professionals (IAPP)
  • Co-chair, World Law Group’s Data Protection and Privacy Group
  • Member, Connecticut Bar Association
  • South Park Inn Homeless Shelter
    • Board of directors, 1992-2023
    • Vice president, 2015-2022
  • Hellenic College Holy Cross Greek Orthodox School of Theology
    • Board of trustees, 2020-2024
  • The Bushnell Center for the Performing Arts
    • Board of ambassadors, 2015-present

Education

  • Boston University School of Law, J.D.
  • St. Lawrence University, B.A., cum laude

Bar Admissions

  • Connecticut
  • Speaker, “On the Hook: Understanding Personal Exposure for Data Guardians,” Privacy + Security Forum: Spring Academy, May 8, 2025.
  • Speaker, “The Art of Designing Reinsurance Contracts and Programs,” RAA Re Contracts, July 25, 2024.
  • Speaker, “Data Privacy, Security & AI Track,” Mortgage Bankers Association: Legal Issues and Regulatory Compliance Conference, May 5-8, 2024.
  • Speaker, “Information Security, Board Involvement, Preparedness, Vendor Management, and Incident Response,” FHLBanks Governance, Risk & Audit Forum, October 3, 2023.
  • Speaker, “De-Isolating the CISO,” NetDiligence Cyber Risk Summit, May 31-June 2, 2023.
  • Speaker, “Developments in State Privacy Requirements for Connecticut Businesses,” Locke Lord and the Association of Corporate Counsel – Connecticut Chapter Webinar, December 14, 2022.
  • Speaker, “Cybersecurity: The Role of Compliance in Cybersecurity,” Compliance and Ethics Forum for Life Insurers Annual Conference, September 22, 2021.
  • Speaker, “Gearing up for Privacy & Cybersecurity in 2021 Webinar Series: Incident Preparedness & Response,” Locke Lord, June 10, 2021.
  • Speaker, “Gearing up for Privacy & Cybersecurity in 2021: Cyber Updates,” Locke Lord, May 6, 2021.
  • Speaker, “Gearing Up for Privacy & Cybersecurity in 2021: Privacy Updates,” Locke Lord, April 15, 2021.
  • Speaker, “Developing U.S. Cybersecurity Requirements,” China General Chamber of Commerce U.S.A., March 24, 2021.
  • Speaker, “The Future of Data Privacy Regulation,” PDMI East, March 9, 2021.
  • Speaker, “Privacy Law Developments for U.S. Companies,” 28 Annual Corporate Counsel Symposium, October 15, 2020.
  • Speaker, “Privacy & Data Protection Issues Associated with COVID-19,” RAA RE Finance Seminar, September 10, 2020.
  • Seminar, “Insurance IT Strategy and Regulatory Compliance: COVID-19, Best Interest Industry Sales Standards, and Third-Party Risk Management,” Locke Lord, July 29, 2020.
  • Speaker, “Privacy and Cybersecurity Issues in the COVID-19 Environment,” Locke Lord, July 8, 2020.
  • Speaker, “Privacy & Data Protection Issues Associated with COVID-19,” RAA, May 27, 2020.
  • Speaker, “Privacy and Data Protection Issues Related to COVID-19,” World Law Group’s 2020 eConference: Privacy & Data Protection Group Webinar, May 7, 2020.
  • Speaker, “Insurance IT Strategy and Regulatory Compliance: NYDFS, NAIC and CCPA,” Locke Lord, January 9, 2020.
  • Contributor, “2024 Privacy, AI & Cybersecurity Year in Review,” Troutman Pepper Locke, February 12, 2025.
  • Co-author, “Practical Approaches to the CCPA,” Locke Lord, November 2024.
  • Author, “Data Minimization Under the CCPA,” Locke Lord, August 2024.
  • Author, “Texas Joins the State Privacy Law Landscape on July 1, 2024: The Texas Data Privacy and Security Act,” Locke Lord, April 2024.
  • Author, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern,” Locke Lord QuickStudy, April 1, 2024.
  • Author, “California’s Draft Proposed Regulations on Cybersecurity Audits,” Locke Lord, April 2024.
  • Author, “Tighter SEC Cybersecurity Incident Disclosure Requirements Go into Effect Today,” Locke Lord, December 18, 2023.
  • Author, “New Mechanism for Cross-Border Data Transfer: The EU-U.S. Data Privacy Framework,” Locke Lord, December 2023.
  • Author, “U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia,” Locke Lord, December 2023.
  • Author, “Challenging Recent Developments for Incident Response,” Locke Lord, December 2023.
  • Author, “New Amendments to NY DFS Cybersecurity Regulation: Big Changes for Big Companies, and Other Implications,” Locke Lord, December 2023.
  • Author, “Lessons From the General Data Protection Regulation on the Sunset of the California Consumer Privacy Act’s Personnel and Business-to-Business Exemptions,” The Computer & Internet Lawyer, October 2023.
  • Author, “The CPRA: A Missed Deadline Gives Companies a Break,” Locke Lord QuickStudy, July 3, 2023.
  • Author, “Lessons From the GDPR on the Sunset of the CCPA’s Personnel and B2B Exemptions,” Locke Lord, June 2023.
  • Author, “Waiting on Guidance From the CPPA. What to Do in the Meantime?,” Locke Lord, June 2023.
  • Author, “State Privacy Update – Iowa, California, and the NAIC,” Locke Lord, April 2023.
  • Author, “U.S. State Privacy Laws in 2023: California, Colorado, Connecticut, Utah and Virginia Referenced in Surprises Continue in the 2023 Cyber Insurance Market Article,” Locke Lord QuickStudy, February 28, 2023.
  • Co-author, “New York DFS Cybersecurity Regulation Update: Amendments Proposed November 2022,” Locke Lord, December 2022.
  • Author, “U.S. State Privacy Laws in 2023: California, Colorado, Connecticut, Utah and Virginia,” Locke Lord, December 2022.
  • Author, “Why Warranty Providers May Explore CCPA Exemption,” Law360, November 16, 2022.
  • Author, “New York Department of Financial Services Looks to Raise the Floor — Again — on Cybersecurity Regulation,” Locke Lord, September 2022.
  • Author, California’s Looming Privacy Deadline for Personnel and B2B Data, Locke Lord, September 2022.
  • Author, “California Privacy Fall Update: Proposed Regulations and Fading Exemptions,” Locke Lord, September 2022.
  • Author, “New Federal Trade Commission’s Safeguards Rule is a Game-Changer for Extended Warranty and GAP Waiver Industries,” The Banking Law Journal, September 2022.
  • Author, “Big Data for Insurers: Clarity About the New Connecticut Requirements,” Locke Lord, July 14, 2022.
  • Author, “NAIC Insurance Data Security Model Law Update: Vermont Becomes 21st State,” Locke Lord, June 22, 2022.
  • Author, “Emerging Requirements for Data Protection Impact Assessments,”
  • Author, “Privacy Is the Buzz in the Beehive State: Utah’s Consumer Privacy Act,” Locke Lord, Spring 2022.
  • Author, “Russian Threats and the Need to Protect Critical Infrastructure,” Locke Lord, Spring 2022.
  • Author, “SEC Proposes Tighter Cybersecurity Disclosure Requirements,” Locke Lord, March 14, 2022.
  • Author, “Evolving Privacy Requirements in the U.S.: What to Do for 2022?,” Locke Lord, January 2022.
  • Author, “New NY DFS Cyber Reg FAQs: Novel Approach to Notifications on Vendor Breaches; Cloud and Other Services Are Part of ‘Internal Networks’ and No Specific Framework Required for Risk Assessment,” Locke Lord, January 2022.
  • Author, “NY DFS Releases Guidance on Multi-Factor Authentication,” Locke Lord, December 14, 2021.
  • Co-author, “Developments in Energy Pipeline Security: TSA Directives, and Recommendations for Owners and Operators,” Locke Lord QuickStudy, October 5, 2021.
  • Author, “A Step Toward a Uniform State Privacy Law: The Uniform Personal Data Protection Act,” Locke Lord, Fall 2021.
  • Author, “New Privacy Laws From Coast to Coast: Comparing California, Virginia and Colorado,” Locke Lord, Fall 2021.
  • Author, “CCPA Quick Update: Certain Companies Must Report Consumer Request Metrics by July 1, 2021,” Locke Lord, Summer 2021.
  • Author, “Ransomware’s Scary – Be Wary and Ready to Parry,” Locke Lord, Summer 2021.
  • Author, “Updating Your ‘Reasonable Security’ During the ‘Ransomware Outbreak,’” Locke Lord, Summer 2021.
  • Author, “NYDFS Alerts Insurance Industry on Cyber Threats to Auto Quote Functions,” Locke Lord, April 6, 2021.
  • Author, “Privacy Laws Begin to Ripple Across the States Following the California Consumer Privacy Act,” Locke Lord, Winter 2021.
  • Author, “Who’s in Your Mobile Device?,” Locke Lord QuickStudy, January 25, 2021.
  • Author, “California Privacy Developments: The CPRA,” Locke Lord, November 2020.
  • Author, “Data Breaches, Leaked Documents and the Attorney-Client Privilege: Can the Bell Really Be Unrung?,” Cybersecurity Law Report, September 23, 2020.
  • Co-author, “Privacy Shield Struck Down: Schrems II – Just When You Thought it Was Safe to Go Back in the Harbor,” Locke Lord QuickStudy, July 29, 2020.
  • Author, “CCPA Update: Final Proposed Regulations,” Locke Lord, Summer 2020.
  • Author, “Malicious Cyber Actors Exploiting COVID-19, Common Attacks and Mitigation Strategies,” Locke Lord QuickStudy, May 12, 2020.
  • Author, “Home Sweet Workplace?,” Locke Lord, May 2020.
  • Author, “NY DFS Issues Guidance to Regulated Entities for Cybersecurity in the Remote Work Environment,” Locke Lord, April 20, 2020.
  • Author, “CCPA Update: Important Modifications to the Proposed Regulations,” Locke Lord, April 2020.
  • Author, “The Effective Date of the California Consumer Privacy Act of 2018 Has Come and Gone: What To Do Now?,” Locke Lord, April 2020.
  • Author, “Privacy and Cybersecurity Work from Home Considerations in the Context of Coronavirus,” Locke Lord QuickStudy, March 31, 2020.
  • Certified Information Privacy Professional, International Association of Privacy Professionals (IAPP)