Skip Navigation or Skip to Content
NJL People: Katheryn A. Andresen

Katheryn A. Andresen (Kate)

Attorney

Kate is a highly experienced Shareholder with a unique background that sets her apart. Her expertise lies in complex transactional matters for business clients, particularly in the field of technology law with a focus on data privacy and security. Relatedly, she provides sharp insights into HIPAA-related considerations for her healthcare clients.

Her career journey is quite remarkable. She initially started in military intelligence as a linguist interrogator and later worked as a systems engineer for a multinational IT company. These experiences honed her communication and observation skills and instilled deep technological knowledge and proficiency. Her fluency of several languages—including Serbo-Croatian, German, French, Spanish, and even “Geek” (technology speak)— allows her to serve a diverse range of clients who trust her ability to understand their needs and challenges, simplify complex issues, and translate legal intricacies into practical business conclusions.

Kate’s diplomatic and honest approach also makes her a peacemaker among her professional contacts, colleagues, and even within her large family of six siblings. She’s known for finding innovative solutions to contentious issues and connecting clients with valuable resources.

Beyond her legal practice, Kate is a sought-after speaker and lecturer. She travels globally to share her expertise with various audiences. When not representing clients or speaking, she enjoys spending time on the golf course or immersing herself in books.

Key Practice Experience

Data and Cyber Security

  • Privacy Policies
  • Privacy Shield self-certification assistance
  • Health Insurance Protection and Portability Act (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act (enacted as a part of the American Recovery and Reinvestment Act (ARRA) of 2009)
  • General Data Protection Regulation (GDPR) (compliance, privacy policy updates, data use agreements)
  • California Consumer Protection Act (CCPA) and California Privacy Rights Act (CPRA) (compliance, privacy policy updates, website modifications)
  • Other state data privacy regulations (assessing applicability and compliance obligations)
  • Security Policies (development, assessment, training guidelines)
  • Security Incidents / Breaches (assessment, investigation, reporting, publication, notification, etc.)
  • Cyber liability insurance coverage (assessing coverage, and verifying types of policies to cover risk)
  • Complex agreements dealing with privacy and security obligations

Licensing

  • Complex Licenses, including SOWs and support services
  • Client-hosted, ASP, and Software as a Service (SaaS) agreements
  • Database development/hosting
  • Software development
  • Joint development (shared IP)
  • Source code escrows
  • Hardware purchase/lease
  • Data center space lease
  • Open source

Internet Agreements

  • Website development
  • Terms of use; browse-wrap, and click-wrap
  • Privacy policies (both regulated entities and unregulated entities)
  • Internet service provider
  • Hosting, including cloud computing
  • Mobile application terms (Apple, Android, Windows)

Technology Agreements

  • Co-branded products/services
  • Professional services
  • Outsourcing
  • Disaster recovery/technology support
  • eCommerce services
  • Service level agreements (SLAs) for systems maintenance
  • B2B and B2C eCommerce/services
  • Strategic partner agreements

Intellectual Property

  • Copyright
  • Trademark
  • Trade secret
  • Patentability assessment refer for prosecution

Corporate

  • Incorporations/organizations of entity
  • Corporate books
  • Due diligence assessment
  • Commercial lease assessment
  • Asset purchase agreements
  • Acquisition agreements
  • Shares acquisition
  • Purchase of assets
  • Loan backed shares acquisition
  • Subscriptions tied to investment funding
  • Retention of key personnel and related employment agreements
  • Conversion plans
  • Buy-sell agreements
  • Shareholder or member control agreements
  • Stock Purchase Agreements
  • Subscriptions
  • Employment Agreements
  • Financing Arrangements (including 8 figure tiered funding to acquire airline)

Key Industry Experience

  • Technology
  • Cyber Security
  • eCommerce
  • Entertainment
  • Software
  • Banking

Representative Transactions

Health

  • Serve as outside counsel for a third party administrator company offering health plan administration services for self-insured employers and their plans.
  • Served as outside counsel, since its inception, to a URAC accredited services company, offering case management services nationwide, primarily in the workers’ compensation field, which has elected to voluntarily comply with the Privacy Rule and the Security Rule under HIPAA; providing legal advice and support related to privacy, security, technology development and licensing, customer services agreements, contractor agreements and intellectual property protections.
  • Assisted in the development of privacy and security policies and corporate practices for healthcare clients in conformance with HIPAA.
  • Assisted in the review and assessment of privacy and security policies in conjunction with SOC 2 audits.
  • Assisted a large healthcare sector client with negotiating a settlement to a multi-million dollar technology agreement breach.
  • Representation of national health care entity on security breaches, working effectively with computer forensic investigators to optimize response time and reduce public and regulatory risk to organization.
  • Assessed and assisted clients in investigating and responding to numerous breach incidents related to data disclosure, both regulated and non-regulated information.
  • Assisted in the development and review of business associate agreements.

Corporate

  • Advised credit union client with regards to:
    • Negotiation and revisions to complex digital banking related agreements with national service providers;
    • Drafting and advice on required disclaimers, online terms, privacy policy and other terms; and
    • Negotiation and revisions to complex data hosting agreement and related data retention policy.
  • Assisted national bank client with review and synopsis of relevant banking regulations for internal guidance system.
  • Serve as outside counsel since its inception for a mobile application provider nationally recognized as an industry leader in the real estate industry; providing general corporate, intellectual property and transactional advice, particularly for software-as-a-service terms and Eula’s.
  • Serve as outside counsel for a technology company offering technology nationwide on a software-as-a-service basis to Fortune 500 customers in the CRM and CPQ sector; providing corporate, intellectual property and transactional advice, including SaaS agreements, strategic partner agreements, and independent contractor agreements.
  • Outside consultant in the negotiation and drafting of final agreements related to a large technology system acquisition by a government entity, including assessments under privacy requirements under the Minnesota Government Data Practices Act.
  • Representation of technology start-ups and large Fortune 500 clients with complex, multi-year and multi-million dollar licensing and technology related services agreements.
  • Assisted in the development of privacy and security policies and corporate practices for financial industry clients.
  • Assessed and assisted clients in investigating and responding to numerous breaches incidents related to data disclosure, both regulated and non-regulated information, including for financial entities subject to Gramm–Leach–Bliley Act.
  • Negotiated and finalized multi-million dollar financing structure for client’s acquisition of an airline.
  • Negotiated and drafted acquisition documents for the following multi-million dollar transactions:
    • Fortune 100 company’s acquisition of a technology company’s assets, including related intellectual property.
    • Acquisition of all shares of technology company.
    • Sale of interest in family-owned business to next generation involving nine companies, seven leases, four mortgages and dozens of agreements.
    • Sale of interest in services company to other shareholders.
    • Sale of shares in goods company to executive officer as part of estate planning process.
    • Purchase of technology company involving buy-out and release of investor/shareholders.

Recognitions and Honors

  • The International Who’s Who of Information Technology, 2013

Publications

  • Author, “Data Privacy Implications of Assessment Technology,” in Tracy M. Kantrowitz, Douglas H. Reynolds & John C. Scott, Talent Assessment – Embracing Innovation and Mitigating Risk in the Digital Age, 2023
  • Editor/Author, “The Law and Business of Computer Software – 2nd Ed.,” Thomson Reuters/West, 2007 – 2019
  • Author, “Travelers Must Cover Inadvertent Data Disclosures, Court Rules,” Risk Management Monitor, April 22, 2016
  • Chapter Author, “Privacy Torts, Minnesota Business Torts Deskbook” (Minnesota CLE) March 2008, updated February 2009, February 2011, and February 2013
  • Author, “Marketing Through Social Networks: Business Considerations – From Brand to Privacy,” William Mitchell Law Review, Vol. 38, No. 1, 2011

Presentations

  • “Agreements to Share Data – Takeaways from Recent Cases,” MSBA Corporate Counsel Section’s Advanced Business Law Series – Key Lessons for Complex Business Transactions, December 5, 2022
  • “Security Incidents – When is it time to call outside counsel,” MSBA Corporate Counsel Section – Hot Topics in In-House presentation, March 12, 2022
  • Reprised “Data, Data, Data – With Data Everywhere, How Long Do You Need It and Why Should You Get Rid of It?,” Minnesota CLE Data Privacy and Security Fundamentals, May 5, 2021
  • “Data, Data, Data – With Data Everywhere, How Long Do You Need It and Why Should You Get Rid of It?,” Minnesota CLE 2020 Midwest Legal Conference on Privacy and Data Security, February 13, 2020
  • “IP Considerations in Data Contracts,” Minnesota CLE IP Issues in Contracts, December 11, 2019
  • “Hot Privacy and Data Security Topics in Retail,” Minnesota CLE 2019 Midwest Legal Conference on Privacy and Data Security, January 31, 2019
  • “Cloud Computing: Key Considerations,” private lecture for client, April 23, 2018
  • “How to Select a Cybersecurity Insurance Carrier and Policy,” Minnesota CLE 2018 Midwest Legal Conference on Privacy & Data Security, January 25, 2018
  • “Cyber & Data Risk Insurance and Its Related Litigation Issues and Coverage Disputes Including the Travelers Decision Finding Cyber Coverage in a CGL Policy,” The Union League of Philadelphia, March 29, 2017
  • “The Cyber” and Security: Understanding HIPAA Obligations and Key Considerations in Limiting or Mitigating Liability Risk for Data Breaches,” ADTA Talk, Association of Defense Trial Attorneys, November 29, 2016
  • “Commercial Terms for E-Commerce Transactions: Traps for the Unwary,” 2016 Advising Business that Sell Goods and Services Online, Minnesota CLE, March 2016
  • Reprised “Cyber Liability Insurance: How to Help Your Client Make an Informed Decision to Mitigate Potential Breach Damages,” Midwest Legal Conference on Privacy and Data Security, Minnesota CLE, January 2016
  • “Cyber Liability Insurance: How to Help your Client Make an Informed Decision,” Computer Law Institute, Minnesota CLE, October 2015
  • Top 9 Mistakes Made in Business Contracts (including “Negotiation Strategies and Sample Contract Review,” “Preliminary Contract Considerations,” “Limitation of Liability and Insurance Landmines,” and “Price and Payment Obstacles”), National Business Institute, November 2015
  • “Clearing up the Cloud,” Computer Law Institute, Minnesota CLE, November 2014
  • “Mobile Applications: A Moving Target for Risk Management,” Computer Law Section, Minnesota State Bar Association, April 2014
  • “Patents and the Non-practicing Entity: Is this ‘troll business’ or smart business?,” Computer Law Section, Minnesota State Bar Association, January 2014
  • “U.S. Healthcare Regulations and Technology,” International Technology Law Association, Scottsdale, Arizona, May 2013
  • “Contemporary Issues in Cyberlaw,” William Mitchell Law Review Symposium, March 2012
  • “Qualifying Technology for Meaningful Use HITECH Benefits,” 2012 Cyberspace Law Committee Winter Meeting, San Francisco, California, January 2012
  • “United States Regulatory Updates – The American Recovery and Reinvestment Act,” International Technology Law Association, Oslo, Norway, October 2011
  • “Protecting Intellectual Property in Contracts,” Minnesota CLE, February 2011

Professional Associations

  • American Bar Association
    • Science & Technology Section
  • Information Technology Law Association
  • Minnesota State Bar Association
    • Computer & Technology Section, former chair

Scroll to the top of the web page anchor link.