Sandy Garfinkel, co-chair of McNees’ Privacy & Data Security Group, has over a decade of experience and expertise advising businesses on compliance with electronic data security laws, consumer privacy laws and industry standards and in responding to breaches of data security.

As a nationally regarded authority on data security and privacy matters, Sandy is regularly published and speaks at numerous industry conferences on compliance with consumer privacy laws and preparing for and responding to data breaches. He is a strong proponent of “information hygiene” best practices in the workplace and he urges that companies and organizations need good cyber insurance to hedge against the numerous types of exposure that can arise from theft or loss of information. Sandy is frequently invited to present and give trainings on cybersecurity topics and is part of the curriculum development team for Diligent Institute’s Cyber Risk & Strategy Certification program, designed to give directors and executives knowledge to better respond to cybersecurity challenges.

What is Sandy’s Approach to the Practice of Law?
Sandy regards client satisfaction as the most important priority in his practice. He recognizes that responsiveness, high quality work product, and cost-effective solutions are the keys to providing excellent legal services.

What does Sandy do for Clients?
Businesses struggle to stay ahead of the increasing threats to sensitive data and the emerging regulatory requirements, which is why Sandy counsels his clients on laws relating to the collection, use, and protection of personal information as well as mitigating risks and reducing exposure to investigations and litigation arising from the loss, theft, or exposure of personal data. He guides clients across a variety of industries and sectors — including hospitality, consumer products, insurance, education, health care, manufacturing, and telecommunications — through all stages of breach matters, such as:

  • Advanced planning and preparation
  • Response and notification
  • Government investigations
  • Regulatory response
  • Litigation, when necessary

He also has expertise concerning the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and multiple new state consumer privacy laws which are due to go into effect in 2023.

Sandy also serves as board solicitor and primary outside legal counsel to Pittsburgh Regional Transit (“PRT,” formerly the Port Authority of Allegheny County), the public transit agency for the Greater Pittsburgh region.  In the course his work for PRT, Sandy advises the agency’s board members and counsels the agency concerning day-to-day legal issues and major transit projects.

His practice additionally includes a busy and diverse business litigation practice, with a particular emphasis in the hospitality industry. He has deep trial and appellate experience and enjoys a long, consistent track record of producing cost-effective, positive results for his litigation clients.

Prior to joining McNees, Sandy founded the data security and privacy group at an Am Law 200 firm, where he served as chair of that group.  He handled more than 200 data breach response matters and counseled clients in virtually every industry regarding compliance with consumer privacy laws.

How does Sandy spend his free time?
Sandy is a musician and enjoyed a successful music career prior to shifting to the practice of law.  He toured and recorded with nationally renowned bands, including the Atlanta folk duo Indigo Girls. He lives in Fox Chapel with his wife. Together, they have a 26-year-old daughter who works for Michael Baker International, Inc., and a 23-year-old son, who graduated from Duquesne University and is now attending Charleston School of Law.


Emory University, B.A.

Duquesne University School of Law, J.D., Duquesne Law Review, Appellate Moot Court Board


Pennsylvania Super Lawyers®, 2013, 2014, 2018, 2019

Modern Governance 100, Risk & Strategy Advisor, 2023


Global Alliance of Travel, Tourism & Hospitality Attorneys, Member

International Association of Privacy Professionals (IAPP)

Reading is FUNdamental Pittsburgh, elementary school reading mentor


U.S. Court of Appeals for the Third Circuit

Bar Admissions