Tailored legal solutions that keep businesses moving with clarity and confidence, providing trusted support as brands navigate growth, regulation, and risk.
(ATTORNEY AS A SERVICE)
On-demand legal support, on your terms
(ABOUT ME)
Legal Counsel. Reimagined.
Let's be honest… no one wants to deal with lawyers. Good thing my firm only has one, me. I've spent 15 years in solo practice learning what actually matters: being strategic, responsive, and willing to think differently about legal problems. You can say I’m a legal Swiss Army knife. I've spent my career not just practicing law, but anticipating where it's headed. And right now? It looks like it’s heading straight into AI, data privacy, and the messy intersection of innovation and compliance. But whether you're in tech, a brand protecting your IP, or a business that needs contracts you can understand, then I’m here. Strategic counsel that cuts through the noise. The Credentials (Because They Matter): Law Degree-Check! CIPP/US (U.S. Privacy Certification)-Check! AIGP (AI Governance Professional)-Check! What actually matters is that I know how to meet clients where they are, understand what keeps you up at night, and build legal strategy that protects what you're building. The Extracurriculars (Because They Add Depth): Governor, Washington State Bar Board of Governors. Past President, Washington State Bar Foundation. Lecturer and staff attorney at the University of Washington. A decade volunteering in eviction defense. Named one of South Sound Business Magazine's 40 Under 40. The Bottom Line. My Attorney as a Service model has been running since 2012 — designed for modern businesses that need someone strategic, responsive, and willing to think beyond 'that's not how we've always done it.' I'm not your average lawyer. And I'm guessing you're not looking for one.
(FIXED-SCOPE SERVICES)
Defined projects with transparent pricing
( WORKING WITH ME)
Step by Step
Have questions? Book a paid consultation to get guidance on your situation and determine the best approach. Know what you need? Book a free 15-minute scoping call to discuss a specific fixed scope service and get started. Need ongoing support? Schedule a freelance counsel discovery call to explore monthly office hours or custom retainer arrangements.
(FAQ)
Legal answers in plain English
Running a business means dealing with contracts, trademarks, privacy policies, and now — AI? It’s a lot. And while I’m always happy to explain things one-on-one, here are answers to some of the most common questions I hear. Don’t see your burning question here? Reach out — or better yet, let’s talk.
What’s fractional counsel, and why do you call yourself ‘freelance’?
They're the same. I just think 'fractional' sounds like you're only getting 1/8th of a lawyer. I've been freelance way before 'fractional' became the buzzword du jour. Full strategic legal support on your schedule, without the cost of a full-time hire. No fractions. No buzzwords. Just solid counsel when you need.
Why can’t I use a standard contract for my SaaS product?
SaaS contracts need to cover things traditional contracts don't; like data ownership, uptime guarantees, subscription billing, and what happens to customer data if you shut down. A generic template will miss these critical protections for both you and your customers.
Do I really need a privacy policy on my site?
Yes, 100%. If you're collecting emails, using cookies, tracking behavior, or doing anything else with user data, you need a privacy policy. It’s often legally required — and it also shows your customers you take their privacy seriously.
Can’t I just copy one from another site or use a free template?
It’s risky. Privacy policies aren’t one-size-fits-all — they need to reflect how your business collects, uses, stores, and shares data. A generic policy might leave out something crucial (or include things you don’t actually do), which can lead to legal trouble. A custom policy helps ensure you're protected and compliant.
Do small businesses really need to care about this privacy stuff?
Absolutely. Privacy laws don’t just apply to big tech anymore — and the cost of getting it wrong can be huge (think fines, lost trust, and lawsuits).
What is AI governance, and why should I care?
AI governance is about making sure AI is used responsibly and legally — with transparency, fairness, and compliance. If your business uses or builds AI, it's worth paying attention to.
tesy
Written for the November issue of the King County Bar Association Bar Bulletin.
The current state of data privacy laws is constantly in motion. From new state laws, to proposed federal laws, and laws that will look to the future of technology. It can be difficult to keep up, here is a summary of where we are now and where we are going:
The State of the States
For the last few years there were really only two types of privacy alphabet soup you needed to know– the GDPR and the CCPA. The General Data Protection Regulation is widely considered as the European gold standard of privacy protection and the California Consumer Privacy Act was a first for the US when it comes to consumer privacy protections. However, come next year 4 states will be throwing in some new letters; Virginia, Colorado, Utah, and Connecticut have all enacted data privacy laws that will go into effect in 2023.
The Virginia Consumer Data Protection Act will lead the year off with their act going into effect in January 2023. The Colorado Privacy Act as well as the Personal Data Privacy and Online Monitoring Act out of Connecticut are both set to go into effect July 1, 2023. Rounding out the year will be the Utah Consumer Privacy Act which goes into effect December 2023. All of these new laws have similarities to the CCPA and grant consumers several rights including the right to access their data, right to opt-out the sale of personal data, and the right to deletion. In addition to these 4 at least a dozen other states discussing their own potential data privacy laws.
On the California front the CCPA is being amended and the California Privacy Rights Act (CPRA) will go into effect on January 1, 2023. The CPRA will now apply to B2B and Employee Data which was exempt under the CCPA; additionally consumers will have the right to correct their personal data.
With more and more states enacting privacy legislation one has to wonder if Washington will enact legislation. The good news is that is seems to be more of “when” instead of “if”. The Washington Privacy Act “WPA” (SB 5062) [1] and the Washington’s People’s Privacy Act “PPA” (HB 1433) were both introduced in 2021. The PPA, as the name suggests is more people centered and unlike the WPA gives Washingtonians a private right of action for enforcement. In 2022, HB 1850, the Washington Foundational Data Privacy Act “WFDPA” was introduced and lands somewhere in between the WPA and PPA. With so many bills on the table eventually one of them will have to pass.
On the Federal Level
It is no secret that US is lagging behind several countries when it comes to a comprehensive national data privacy law. You already know the GDPR but there is also Brazil ‘s Lei Geral de Proteção de Dados (LGPD), Bahrain’s Data Protection Law, and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
As the world moves toward comprehensive data privacy laws to protect their citizens, the hope is that the US will enact a Federal law sooner rather than later. While the American Data Privacy and Protection Act “ADPPA” was introduced in June 2022 and a month later sailed through the House Energy & Commerce Committee with support from both Democrats and Republicans it will probably be quite a while before it makes it to the House and Senate. With the recess in August and the hotly contested midterms coming up it is unlikely that action on this will be seen before the legislative session ends on January 3, 2023. As proposed the ADPPA’s purpose would be “To provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement.”[2]
While the idea of a federal privacy law sounds like something everyone should get behind it has its naysayers including Washington’s own Senator Maria Cantwell who does not feel the ADPPA is strong enough.[3] Cantwell had proposed her own bill in 2019, the Comprehensive Online Privacy Rights Act (COPRA)[4] which seems closer to the CCPA than the ADPPA. The compromise will lie somewhere between making compliance uncomplicated for businesses and not enacting a law that would preempt stronger state laws.
Data Privacy in a Post Roe United States
With the fall of Roe individuals have been looking at the privacy of their data in ways they never have before, from menstrual cycle tracking apps to how devices track locations. In response, the My Body, My Data Act of 2022,[5] sponsored by Rep. Sara Jacobs out of California would establish “protections, subject to certain limits, for personal reproductive or sexual health information. This includes information relating to past, present, or future surgeries or procedures, such as the termination of a pregnancy.” This would protect personal data collected by companies that are not currently covered (HIPAA).
Biometrics
While Washington is still struggling to get data privacy legislation passed, it is ahead of the game when it comes to a comprehensive Biometric Information Privacy Act “BIPA”, joining only Illinois and Texas. Though several states, including; Maine, Massachusetts, Missouri, and New York have introduced legislation for biometric data in 2022. Washington and Texas, unlike Illinois does not offer a private right of action and enforcement is done through the Attorney General. The Illinois law is considered to be the strictest in the nation and in recent years the state has become a hotbed for class action suits relating to violations of the BIPA. Over the past two years Google, TikTok, Facebook, and Snapchat have all settled their suits for hundreds of millions of dollars. In September of this year a class action was filed in U.S. District Court for the Northern District of Illinois claiming that Walmart unlawfully collects, stores, and uses customers’ biometric data. If a company is found to have violated the Illinois law, eligible residents could receive up to $5,000 per violation.
Artificial Intelligence
The next frontier of data privacy seems to lie within AI. The CPRA, along with the laws of Colorado, Virginia, and Connecticut will address “automated decision making” (ADM) in various ways. Whether it is defining what “profiling”[6] means, allowing for consumers to opt-out, or regulating how data is collected or store it is clear ADM will be a part of forthcoming privacy laws. Since AI relies heavily on collecting and processing large quantities of data the way that data is collected, stored, and whether consent was freely given is of concern. It will be a delicate balance of figuring out how to regulate the AI while not hindering the technology.
Conclusion
With several states enacting data privacy legislation in the next year and twice as many proposing and debating similar types of legislation, the US is posed to have dozens of different laws until a comprehensive federal model can be enacted. Once that happens the US will join several nations in protecting their citizens’ personal information. It is predicted that by the end of 2024, 75% of the world’s population will have its personal data covered under modern privacy regulations.[7] The way companies’ can use consumer data will become highly regulated and individuals will have the right to decide how their data is used.
[1] SB 5062 is a new version of SB 5376 that was introduced in 2019
[2] H.R.8152 – 117th Congress (2021-2022): American Data Privacy and Protection Act, H.R.8152, 117th Cong. (2022), http://www.congress.gov/.
[3] Cristiano Lima, Top Senate Democrat casts doubt on prospect of major data privacy bill, Washington Post, Updated June 22, 2022 at 5:53 p.m. EDT Published June 22, 2022 at 2:15 p.m. EDT,
[4] S.2968 – 116th Congress (2019-2020: Consumer Online Privacy Rights Act, S.2968 – 116th Congress (2019), http://www.congress.gov/.
[5] H.R.8111 – 117th Congress (2021-2022): My Body, My Data Act of 2022, H.R.8111, 117th Cong. (2022), http://www.congress.gov/.
[6] The UK GDPR defines profiling as follows:
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Regulation (EU) 2016/679, General Data Protection Regulation, Article 4 (4).
[7] Press Release, Gartner, Gartner Identifies Top Five Trends in Privacy Through 2024
(May 31, 2022), https://www.gartner.com/en/newsroom/press-releases/2022-05-31-gartner-identifies-top-five-trends-in-privacy-through-2024.
Everyone knows that pets become family for many people and it may seem strange to know that the courts simply see them as property. But they do.
In case of a divorce, outside of an agreement of the parties, the court will look at the pets just like they would look at any other property; cars, homes, accounts, etc. The court will decide who will get the pets as their own separate property. Some couples have created and courts have granted visitation rights and custody schedules for pets of divorce. However, that may change.
In a new Division I Opinion out today, In Re Marriage of Niemi (Division 1 No. 82549-6-1, 10/4/21) , it was ruled that visitation with the couple’s dogs should not have be awarded. When the parties in the above divorced, the trial court awarded visitation of the couple’s dogs to Mariah while ownership went to Douglas. That ruling was overturned today. “Because the trial court exceeded its authority in granting Mariah visitation of the dogs it awarded to Douglas as his separate property, we reverse and remand for the trial court to strike the provisions of the dissolution decree related to visitation and shared maintenance costs for Kona and Mr. Bear.”
First, Kona and Mr. Bear sound like some really cute dogs with great names. Unfortunately, this ruling can cause many couples distress, as now there is an argument to be made that once a couple splits there is no right to visitation or custody of the pets. It may be best to try to work out an arrangement with your future ex, you know, for the sake of the pets.
Last the weekend I was altered by a Good Samaritan (GS) that a Facebook page had posted my blog post, without giving me credit, on their page as if it was their own. I was first excited to know that someone, actually two someone’s, were reading my blog, then I was a little annoyed. Why would someone take my post without asking? It is so easy to do. So I thanked the GS and headed to the page I was told about to see what post they were using.
HA! You wouldn’t believe they had stolen a post I wrote on Copyright Infringement. YES! They were copyright infringing on my how not to copyright infringe post. The audacity! The irony! I mean it was word for word. Just blatant! Here it is in case you are curious:
So I gave them a chance to correct their “mistake”. Though I didn’t think it was a mistake as the GS pointed out, when they told the poster they should credit my blog the GS was blocked. An innocent mistake does not block those who alert them to the mistake. Now, I would have been fine had credit been giving but know, giving credit is not enough, you must get permission to use someone else’s work. I posted a sassy comment under the post. Giving them a chance to correct their mistake. After a few hours I went to check the post. My comment was deleted and I was blocked from commenting on the page further. Now I was angry. Why can’t people just do the right thing?
So I began to weigh my options. Here is what I did, what I thought about doing, and what I may do in the future.
1. The first and easiest was to alert Facebook. Remember a couple of weeks ago when all those people and the then President got banned from Twitter? That was because Twitter said they violated their Terms of Use or Terms of Service. Like Twitter, Facebook has Terms of Use. So do most websites and other social media platforms. One common term is not to infringe on the copyright or trademark of others. Knowing this would be the fastest and easiest option I filled out the form to report the violation. Information on how to do that can be found here: https://m.facebook.com/help/325058084212425.
One of the first things I did when I saw the infringing post was take screenshots. I took shots of the post and my comment, which was good since it was deleted. The form asks you to provide the URL to your work, if you have one, and also a URL to the post that you say is in violation. You can also attach screenshots or pictures. I did both. Within 24 hours I was notified that the post was removed for violating Facebook’s terms.
2. If reporting the problem to Facebook did not work I considered sending a Cease and Desist letter. A cease and desist is letter sent to a person telling them that they are doing something wrong and they need to stop or there will be consequences. This type of letter can be effective when you want the behavior or infringement to stop. They can be particularly effective when written by a lawyer. I wasn’t sure if it was going to work in this case since this thief stole from a lawyer to begin with. They clearly don’t respect others or the law. But the letter was still an option.
3. I also thought about contacting the FBI, it was a fleeting thought but still a thought. Many of you have seen the FBI Anti-Piracy warnings before a movie. They take copyright infringement seriously. However, for the FBI to be involved it would need to be criminal infringement. Meaning the infringement brings commercial or financial gain. I don’t know if this page profited off of my post so while the FBI contacting them would have hopefully left them scared straight, I moved on from the idea.
4. The moment I wrote my blog post and posted it, it was copyrighted. A copyright is automatic as soon as you or I, the author, completes the work-music, photograph, book, blog post, etc. Additionally, my website terms lay out that all content is protected and no one is allowed to copy or use any content for their own purposes without permission. I’ll talk about the importance of website Terms in another post.
Even though my copyright was automatic it was not registered. If it had been registered I would have the benefits of it being public knowledge (well anyone who actually looks up registered copyrights) that the post is my work and I would be able to sue for infringement (which also fleetingly crossed my mind). It can take weeks to months to register a copyright so that wasn’t really going to be a quick solution for me.
5. I went through other posts on the page to see if I saw anything else that belonged to me. I didn’t which was good. I did see that the page would soon have its own website. Once up I will be checking in to see if they steal my work again. If they do I could send a takedown notice under the DMCA (Digital Millennium Copyright Act). This is a way for copyright holders to get their work removed from websites that have taken it without permission. The notice can be sent to internet service providers, search engines, hosting services, or site operators. So if my work shows up on website this is an option.
Luckily this was resolved easily and quickly. It could have been avoided if the page owner had simply asked permission.
