07 / TECHNOLOGY & AI LAW
A technology lawyer who actually built technology.
HIPAA compliance, data privacy, AI governance, emerging technology counsel. Most ‘technology lawyers’ learned technology in continuing legal education seminars. I learned technology by building it — for nearly two decades before law school. That foundation informs everything I do in this practice area.
20+
Years technology experience
2010
Published thesis on data privacy
~15
Years legal practice
WHY IT MATTERS
Technology law requires understanding the technology.
HIPAA risk is real
If you’re a covered entity or business associate, you have legal obligations whether you address them or not. The cost of compliance counsel is consistently lower than the cost of a breach handled poorly.
Privacy law is fragmenting
California, Virginia, Colorado, and a growing list of states have different requirements. Federal sector-specific laws (HIPAA, GLBA, FERPA, COPPA) add complexity. We help you navigate this without overengineering.
AI governance is emerging
EU AI Act has extraterritorial reach. State laws are emerging in Colorado, California, and beyond. Companies are signing AI vendor contracts with terms they don’t understand. New, but real.
Technical fluency matters
Lawyers who don’t understand the technology can’t competently advise on contracts, compliance, or risk. We read source code, evaluate security architectures, and review data flows — fluently.
THE TECHNICAL BACKGROUND
I worked inside the systems most lawyers only describe.
Before law school, I was a director at OptiCon, where I helped lead the acquisition of Corning Cable Systems’ fiber optic monitoring division. I helped create Valor Telecom, which merged into Windstream Communications — a publicly traded company today serving millions of customers.
I taught CA Easytrieve programming and IBM DB2 data warehousing — enterprise data tools used by financial institutions, telecoms, and government agencies. I founded a technology startup. My 2010 law school thesis examined data privacy, surveillance, and constitutional law convergence — issues now central to technology practice.
WHAT WE HANDLE
HIPAA, privacy, AI, and emerging technology.
01
HIPAA Compliance
Risk assessments for covered entities and business associates. Business Associate Agreement drafting. Privacy and Security Rule compliance programs. Breach response and OCR investigation response.
02
Data Privacy
Privacy policies and terms of service. Data processing agreements. State privacy law compliance (CCPA, Virginia, Colorado, emerging regimes). GDPR for clients with EU data subjects. COPPA for clients serving minors.
03
AI Governance
AI procurement and licensing contracts. Internal AI use policies. Algorithmic bias and discrimination risk assessment. EU AI Act preparation. State AI regulation tracking.
04
Technology Contracts
SaaS agreements (customer and vendor side). Software licensing. Open-source compliance. Cybersecurity contractual frameworks. Technology M&A diligence on IP, security, and privacy issues.
05
Healthcare Technology
Sitting at the intersection of HIPAA, FDA, and software regulation. Particularly relevant for healthtech startups, telehealth platforms, and clinical software providers.
06
Breach Response
When a data breach happens, you have hours and days — not weeks — to respond correctly. We help across federal, state, and contractual notification regimes.
ORIGINAL SCHOLARSHIP
The 2010 thesis that anticipated this field.
Derek’s University of Akron Law thesis — Personal Data Collection, Data Mining, Privacy, Fairness and National Security — examined the convergence of federal privacy law (ECPA, SCA, Privacy Act), Fourth Amendment doctrine, government data collection authority, private-sector data mining and behavioral targeting, and the intersection of cybercrime, terrorism, and warfare.
Written in 2010, the issues it identified — predictive profiling, ‘guilt by association’ inference, government use of telecommunications data, the consent fiction in privacy policies, the cyber-physical attack scenario — have become central to technology and privacy law since. This scholarly foundation differentiates the firm’s work in this practice area.
HOW WE ENGAGE
Three engagement models for technology work.
1
Project work
Discrete matters — privacy policy drafts, BAA reviews, individual contracts — handled as flat-fee projects with clear scope. You know the cost before we begin.
2
Outside general counsel
Monthly retainer for ongoing relationships. Routine privacy questions, contract reviews, emerging issues. Particularly suited to startups, healthcare organizations, and data-significant businesses.
3
Hourly engagement
For complex matters, regulatory investigations, or breach response. Rates disclosed in writing before engagement.
WHY HAAKE LAW GROUP
Built around your situation, not our office hours.
Built technology before practicing law
20+ years in telecommunications, software, and data warehousing before law school. I bring technical fluency that most technology lawyers genuinely don’t have.
Published scholarship in the field
Original academic work on the convergence of privacy, surveillance, and constitutional law. The issues my 2010 thesis identified define an entire practice area today.
Founder-friendly for startups
Having co-founded a technology startup, I know what early-stage companies actually need — and what they can defer until later. We don’t sell unnecessary legal work.
Virtual-first practice
Technology businesses are virtual-native. We are too. Secure document exchange, encrypted communications, video meetings on your schedule.
MEET DEREK HAAKE
Real legal work. Modern delivery.
I have been a licensed Missouri attorney since September 27, 2011. Before law school, I spent more than a decade in telecommunications and technology — including leading the acquisition of Corning Cable Systems’ fiber optic monitoring division, and helping create Valor Telecom, which became part of Windstream Communications.
After law school, I spent years as an Estate Settlement Officer at Bank of America, administering taxable estates including a single estate exceeding $100 million in value. That experience — actually settling estates and working in technology before that — is what I bring to every matter today.
WHAT CLIENTS SAY
Outcomes for Missouri clients.
Testimonials section ready for your shortcode when you collect client testimonials. Edit this section to add the shortcode from your testimonials plugin.
COMMON QUESTIONS
What clients ask before they hire us.
Do we really need a HIPAA attorney?+
If you are a covered entity or business associate, you have legal obligations whether you address them or not. The cost of compliance counsel is consistently lower than the cost of a breach or an OCR investigation handled poorly.
Is AI governance actually a real practice area?+
Yes, increasingly. The EU AI Act has extraterritorial reach. State laws are emerging. Companies using AI tools are signing contracts with provisions they do not understand. The discipline is new but the legal questions are real.
Are you the right firm for our SOC 2 audit?+
We are not auditors and do not provide audit services. We can review the legal contracts that surround SOC 2 commitments, draft data processing terms that align with your security controls, and help you understand your contractual obligations. For the audit itself, you need a CPA firm.
Can you help with our AI tool selection?+
We can review the contracts and identify legal, privacy, and security risk in proposed AI vendor relationships. We are not procurement consultants and will not tell you which AI tool to buy. We can tell you what risks each contract creates.
Do you handle ransomware response?+
We coordinate the legal aspects of breach response — notification obligations, regulatory filings, contractual disclosure requirements, and post-incident counsel. For the technical response and remediation, you need incident response specialists.
What about international data transfers?+
Standard Contractual Clauses for EU transfers, transfer impact assessments, and related compliance work. We coordinate with EU counsel for member-state-specific issues when needed.
READY TO START?
Get counsel that actually understands the technology.
Whether you’re a healthcare organization with HIPAA obligations, a SaaS company with privacy compliance issues, or an enterprise evaluating AI vendor contracts — we have the technical fluency to help.