John P.Tomaszewski


Corporate governance, contracts, and privacy laws are all about trust. In a complex and constantly changing regulatory environment where data knows no boundaries, John uses a wide range of practical legal tools to help companies build trust and generate growth.

More About John

Historically, the protection of a company's data has been the responsibility of the company's information technology specialists. But at a time when a client’s data is often its No. 1 capital asset, clients can depend on John’s sophisticated advice and counsel, as well as his creation of legal frameworks and trust models that enable new and disruptive technologies and businesses to thrive.

As part of our International Data Protection practice group and co-leader of the Global Privacy & Security team, John has significant experience counseling companies regarding data protection and information security throughout the Americas, Europe, and Asia. John has prepared data protection documentation for human resource outsourcing companies, cloud service providers, social media companies, and a host of traditional brick-and-mortar and emerging-technology clients. He has also developed data licensing agreements, fair information practice statements, digital signature policies, nondisclosure agreements, and similar information security and confidentiality instruments. His clients have included myriad technology companies, as well as financial services, pharmaceutical, and e-commerce businesses of all sizes.

John brings an important perspective to this practice area. John was the first chief privacy officer for CheckFree (now FISERV), where he created internal and external global privacy programs for the online bill payment pioneer. In his role as general counsel at TRUSTe, the most successful privacy Trustmark in the world, he ensured that privacy certification programs were recognized as best-in-class on an international scale.

As a result of those 13 years of in-house experience, John has developed a unique point of view that allows him to provide holistic solutions for his clients; he believes a good solution should always solve at least three problems. John uses the tools and thinking of Lean Six Sigma to ensure compliance and improve quality, and he leverages Seyfarth resources in project management and technology to continually improve service delivery. This allows him to manage large, complex, cross-border data protection frameworks, while effectively controlling costs.

John has been a co-author of several information security and privacy publications, including the PKI Assessment Guidelines and Privacy, Security and Information Management: An Overview, as well as publishing a number of scholarly works of his own on the topic. He has also provided input to the drafting of various security and privacy laws around the world, such as the APEC Cross-Border Privacy Rules system. He is a frequent speaker globally on the topics of cloud computing, self-regulatory organizations, data protection, and cross-border privacy frameworks.

Since joining Seyfarth in 2013, John and his clients have enjoyed the outcomes-oriented approach that is hard-wired into the DNA of the firm, motivating a collegial practice among all the attorneys. He appreciates working with colleagues that focus on solving client problems in practical, real, and measurable ways. In his words: "We don't just want to be 'right,' we want to be effective."

  • JD, St. Mary's University School of Law

    St. Mary's Law Journal, articles editor (1997-1998)
    Phi Delta Phi, Tarleton Inn

  • BA, University of Texas, Austin
  • Florida
  • Texas