Gregory P. Stein

Associate | Vice Chair, Data Privacy & Information Security

Practice Areas:

Greg’s practice focuses on the areas of information technology, technology transactions, and data security and data privacy. His experience includes licensing and cloud computing transactions, private equity transactions, and mergers and acquisitions and has advised clients about actual and suspected data breaches. Greg is a Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals (IAPP). Leveraging his significant experience in the space, Greg frequently speaks and presents on the topic of data privacy and information security.

Education & Admissions


  • University of Rochester

    (B.A., cum laude, 2004)

  • University at Buffalo, The State University of New York

    (M.B.A., with distinction, 2008)

  • University at Buffalo, The State University of New York

    (J.D., magna cum laude 2008)
    1st place, 2008 Mugel National Tax Moot Court Competition, Robert J. Connelly Trial Technique Award


  • State of Ohio
  • U.S. Court of Appeals, Sixth Circuit
  • U.S. District Court, Northern District of Ohio
  • U.S. Tax Court



Data Privacy & Security/ Technology Transactions

  • Developed information security programs for financial services companies.
  • Advised clients in analyzing and responding to data breaches, including a data breach requiring notice in 50 states and other U.S. jurisdictions.
  • Developed Information Security Program for company’s protection of sensitive information and compliance with federal and state legal obligations.
  • Advised public company about compliance with privacy laws in the context of collecting and analyzing large quantities of behavioral data (i.e., Big Data).
  • Advised public company regarding Payment Card Industry Data Security Standards (PCI DSS) issues with respect to the acquisition of a payment processing solution provider.
  • Represent a cloud-service provider in contract negotiations for the use of its manufacturing Software as a Service (SaaS) solution.
  • Advised public company about development of a new business website that would collect information about young adults, including negotiating a cloud computing agreement for a vendor that would handle the sensitive information and compliance with the Children’s Online Privacy Protection Act.
  • Negotiated a cloud computing agreement for marketing services with a vendor for the processing of personal information and credit card information.
  • Negotiated significant technology agreements on behalf of public and private companies, including:
    • Cloud agreements, such as SaaS and Infrastructure as a Service (IaaS)
    • Software Development Agreements
    • Data Outsourcing Agreements
    • Colocation Agreements
    • Software Licensing Agreements, including Enterprise Resource Planning (ERP) software
    • Professional Services Agreements for the implementation of technology solutions on behalf of customers and vendors
    • Distribution Agreements
  • Counseled clients on a variety of issues related to compliance with HIPAA and HITECH, including in negotiating agreements with business associates and preparation of HIPAA security policies.
  • Implemented privacy policies for public and private companies that comply with federal and state laws.
  • Collaborated as a member of a multi-disciplinary team at a Fortune 100 company to analyze the business and legal issues related to a services agreement for critical healthcare information technology infrastructure.
  • Represented company in negotiation of significant, multi-national telecommunications agreement.
  • Advised clients about e-commerce and technology laws that include the Digital Millennium Copyright Act, the Communications Decency Act, the E-Sign Act, and the Computer Fraud and Abuse Act.


  • Represented clients in trademark matters including filing trademark applications, entering into trademark license agreements, and review of potential trademark infringement issues.
  • Coordinated international trademark on behalf of multiple clients.

Corporate/Mergers & Acquisitions

  • Represented a public company in the payment processing industry in its $361 million acquisition of an E-commerce payment processor.
  • Represented public company in its acquisition of a manufacturer of adhesive dispensing equipment.
  • Represented U.S. subsidiary of an Indian public company in the acquisition of a metal stamping manufacturer.
  • Represented shareholders in the sale of technology consulting company to a private equity fund’s portfolio company.
  • Represented shareholders in the sale of company providing online educational content.
  • Represented private equity fund in the sale of an adhesives manufacturer.
  • Represented an Ohio grocery store in the sale of its pharmacy division.
  • Represented U.S. affiliate of a European energy company in the acquisition of an Ohio engineering company.
  • Represented manufacturing company in the acquisition of a tool manufacturing company.

Publications & Presentations



  • “Cybersecurity and the Public-Private Partnership,” moderator, Cleveland-Marshall College of Law 2017 Cybersecurity and Privacy Protection Conference (April 2017)
  • “Perpetual Motion: How the Supreme Court and Technology have Changed Class Actions and Privacy Law,” A Closer Look: The Intersection of Privacy & Technology Client CLE Seminar (October 2016)
  • “Managing Cyber Threats and Privacy Compliance as a Global Company,” Association of Corporate Counsel, Northeast Ohio Chapter CLE Seminar (September 2016)
  • “Confidential: Protecting Attorney-Client Privilege and Corporate Documents,” panelist, American Bar Association, (August 2016)
  • “Practical Cybersecurity: Translating Legal Requirements into Business Decisions,” Nationwide CLE Series (November 2015)
  • “Protecting Your Clients in the Digital Age: How Data Security Affects Your Practice,” Cleveland Metropolitan Bar Association, Hot Topics for Estate Planners (June 2015)
  • “Data Privacy & Security for Startups,” Queen City Angels (June 2015)
  • “FBI Cyber Squad Panel,” Financial Executives International (February 2015)
  • “Practical Cybersecurity: Translating Legal Requirements into Business Decisions,” Association of Corporate Counsel, Northeast Ohio (February 2015)
  • “The Risk that Keeps on Giving Understanding How Cybersecurity Affects Your Business,” Hot Topics in Financial Services & Securities Litigation (October 2014)
  • “Understanding how to protect the information of customers, employees, and business partners has become a cost of doing business,” The IT Association of Greater Cincinnati (April 2014)
  • “United States Privacy,” Lawyers Associated Worldwide (LAW) IP Teleconference (April 2014)
  • “Privacy and Data Breaches – Q&A,” Cintrifuse (February 2014)
  • “Legal Advice for Growth Stage Companies,” Cleveland Entrepreneurship Week (November 2013)
  • “Overview of Intellectual Property,” Bizdom (various times)
  • “Life Cycle of a Loan,” various financial institutions (June 2010)
  • “A Comprehensive Overview of the Alphabet Programs: TARP, ARRA, PPIP and More,” Bailout/Stimulus Forum (July 2009)
  • “Sarbanes-Oxley: As It Applies to Smaller Businesses,” The Ohio Society of CPAs (January 2009)



  • Cleveland Metropolitan Bar Association
  • International Association of Privacy Professionals, Cleveland KnowledgeNet Chapter (Co-Chair)


  • Thea Bowman Center (Board Member, 2015-present)


  • Data Privacy & Information Security, Vice Chair
  • Security Advisory Board



  • Named to the Ohio Super Lawyers Rising Stars list (2016)


  • Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals (IAPP).