Matthew H. Berger


Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.


Matthew Berger advises clients on data privacy and cybersecurity issues to ensure companies comply with the ever-evolving national and international regulations related to data protection and use. As part of his practice, he regularly provides advice on emerging data privacy initiatives and efforts, including changes and ruling regarding the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (CDPA) and European Union General Data Protection Regulation (GDPR).

Matthew works closely with his clients to support global business growth initiatives by developing strategies, policies and programs in compliance with privacy and information security issues, including matters related to the California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), online privacy, marketing and advertising, operational and third-party risks, M&A privacy due diligence, GDPR, cross-border data transfers protocols, supply chain data vulnerabilities, and data and cybersecurity breach prevention and response. He also helps clients develop security compliance and risk assessments and, when necessary, respond to cybersecurity incidents and data breaches including responses to regulators and managed action plans to notify affected individuals and mitigate harm.

Prior to joining Bass, Berry & Sims, Matthew was an associate at Epstein Becker Green in Washington, D.C. in the healthcare and life sciences practice where he counseled clients in data privacy and cybersecurity matters. In addition, Matthew worked at several technology companies, where he served as the Team Lead and Highest-Level Privacy Advisor to the U.S. Department of Energy’s Chief Privacy Officer, as the Lead Data Privacy Incident Associate to the Federal Deposit Insurance Corporation’s Chief Information Officer Office, and as a Privacy Advisor to the National Nuclear Security Administration.


International Association of Privacy Professionals — Washington D.C. KnowledgeNet Chapter Chair (2020-2021)

International Association of Privacy Professionals — Certified Information Privacy Professional (CIPP/US)

International Consortium of Minority Cybersecurity Professionals

L’association Internationale pour la Protection de la Propriété Intellectuelle

American Health Law Association (AHLA)