
Rita S. Heimes
Senior Counsel
Areas of Focus
- Cybersecurity, Privacy & Data Protection
- Digital Assets, Cryptocurrency & Blockchain
- Government Contracts
- Intellectual Property
- National Security & Global Investigations
- Regulatory
- Technology
- Transportation Policy & Regulation
- Over 20 years of experience advising clients in cybersecurity, artificial intelligence (AI) regulatory and data privacy matters.
Rita advises clients across industries—from startups and major technology companies to Tier 1 research institutions—on navigating the risks and opportunities presented by emerging technologies. Her deep knowledge of state, federal, and global privacy and data protection laws, combined with fluency in digital technologies, enables her to support clients in managing complex, high-stakes data issues across both transactional and dispute contexts. She also has extensive experience guiding organizations through cybersecurity incident response, from breach investigation to regulatory notification, and helps ensure compliance with evolving federal cybersecurity requirements. Rita holds the following IAPP certifications: CIPP/E, CIPP/US and CIPM.
Rita recently served as General Counsel and Chief Privacy Officer at the International Association of Privacy Professionals (IAPP), where she gained unique experience guiding a multinational client with pressing business-to-business (B2B) and business-to-consumer (B2C) privacy and data protection issues and solutions. She also managed organization-wide legal issues for IAPP in collaboration with the senior executive team, including overseeing litigation and other disputes, risk management, international operations strategy, insurance portfolio, talent opportunities, terminations, and supporting leadership with Board relations.
Through her service on the faculty at the University of Maine School of Law, where she is currently a Senior Affiliate Fellow and Adjunct Law Professor, Rita developed the University’s acclaimed privacy program, including organizing and hosting the annual Information Privacy Summer Institute and annual conference. She also launched and grew one of the nation’s first intellectual property law school clinics in both patent and trademark law, supporting inventors and start-ups to address a multitude of IP issues and worked with universities and non-profit research laboratories to develop collaborative tech transfer conversations and programs to support state economic development initiatives.
Rita’s legal career has spanned geography, skills, and subject matters, starting with a Ninth Circuit clerkship and developing through commercial litigation, IP acquisition and tech transactions, teaching and scholarship in multiple legal areas, and executive roles in higher education and business.
Cybersecurity, Privacy, Data Protection & AI
- Developed and managed interdisciplinary privacy and data protection program for global non-profit (data inventory and mapping; global privacy law compliance; consumer-facing privacy statements and consent management; employee training; privacy and security policies; data protection impact assessments; international data transfers).
- Drove time-sensitive responses (internally and with outside counsel) to European regulatory investigations relating to GDPR.
- Guided cybersecurity incident victims and associated data controllers in the supply chain through investigation, risk management, notification analysis, and follow-on residual risk assessment, in myriad industries including government contractors.
- Developed guidelines for assessing risk and opportunity to incorporate AI tools into products, services and use of suppliers’ platforms.
- Collaborated across disciplines on development of internal AI governance program.
- Supported M&A team on privacy and cybersecurity due diligence in asset acquisitions.
EducationJ.D., Drake University Law School, summa cum laude, 1993
B.A., University of Iowa, with highest distinction, 1990
J.D., Drake University Law School, summa cum laude, 1993
B.A., University of Iowa, with highest distinction, 1990
ClerkshipsU.S.C.A., 9th Circuit
U.S.C.A., 9th Circuit
Bar AdmissionsDistrict of Columbia
Maine
District of Columbia
Maine
- International Association of Privacy Professionals, General Counsel and Chief Privacy Officer, 2019-2025, Research Director and Data Protection Officer, 2015-2019.
- Judicial Clerk, The Honorable Robert R. Beezer, U.S. Court of Appeals for the Ninth Circuit, 1993-1994.
- Presenter, “Emerging AI Legal Issues,” University of Maine School of Law, Spring 2025.
- Presenter, “In-House Privacy Practice,” Information Privacy Summer Institute, University of Maine School of Law, May 30, 2024.
- Presenter, “What keeps a CEO or Managing Partner up at night? – Artificial Intelligence,” Maine Law Business and Society Summit, January 25, 2024.
- Presenter, “Privacy and Security Implications of Data Sharing,” Information Privacy Summer Institute, University of Maine School of Law, June 6, 2022.
- Presenter, “Data Monopolies: Competition Law for Privacy Pros,” Information Privacy Summer Institute, University of Maine School of Law, June 1, 2021.
- Presenter, “California Consumer Privacy Act: Implications for Financial Institutions,” CBA Live, 2019.
- Presenter, “Sausage Making in Privacyland,” Annual Meeting of the Consumer Financial Services Committee of the American Bar Association, 2019.
- Presenter, “The impact of GDPR on Fintech Data Portability,” Michigan Technology Law Review Symposium on Data Privacy and Portability in Financial Technology, U. Michigan School of Law, 2019.
- Presenter, “Building a Strong Data Privacy and Ethics Program: From Theory to Practice,” United Nations Global Pulse, May 2017.