Sarah K. Caruso

Sarah is an Associate in Maynard Nexsen’s Private Markets practice group, as well as the Cybersecurity & Privacy group.

Sarah is skilled in privacy program operations and management. She synthesizes complex statutory and regulatory requirements, providing clients with actionable steps to ensure their adherence to set standards, as well as drafting and refining accompanying governance documentation.

Sarah has experience conducting audits and responding to external auditors, reviewing and drafting governance documentation, crafting compliance roadmaps and enhancing privacy programs, including realigning key program functions to improve efficiencies, maintain compliance with in-scope regulations and provide pathways to address individual privacy rights.

Sarah drafts privacy and security programs and regulations to ensure regulatory compliance with U.S. and international laws and standards, such as GDPR, CCPA/CPRA, LGPD, PIPEDA, NIST Cybersecurity Framework (CSF) and ISO 27002:2022.

Prior to joining Maynard Nexsen, Sarah served as a Data Privacy Consultant at Deloitte, where she conducted privacy process reviews and impact assessments. She also regularly provided privacy risk workshops and drafted guidelines on technical implementation and regulations for new business units. Prior to her time at Deloitte, Sarah worked with a financial services fintech company, where she drafted internal policies and terms of use, ensured compliance with federal and state financial compliance and worked closely with the product development and management teams to identify privacy and data security compliance challenges and solutions. 

Sarah holds a J.D. from Northeastern University School of Law and a B.A., magna cum laude, from Quinnipiac University.