Shannon Kapadia

Formerly in-house at a major technology company, Shannon advises clients on data privacy, technology transactions, and cloud services contracting.

After growing up observing the realities of business ownership, Shannon brings a business mindset to legal challenges and serves as a strategic partner for clients navigating digital transformation, data privacy, and commercial contracting. She most often represents organizations as they negotiate contracts with large technology companies, including those involving AI governance. Shannon’s practice is rooted in data privacy matters, and she is also deeply familiar with the intellectual property issues that often arise in tech agreements.

Contact:Read more about Shannon Kapadia
employee-scaled.jpeg

With three new state privacy laws that took effect on January 1, 2026 (Indiana, Kentucky, and Rhode Island), adding to an extensive list of others, many organizations are discovering that their website privacy practices haven’t kept pace. Even those that updated their websites recently are finding hidden gaps, often due to unnoticed changes in technological tools and files, such as first and third-party cookies, third-party analytics software, and/or third-party scripts, tags, and pixels. A website audit can prevent enforcement issues and potential litigation or arbitration demands.

Key point: Recent legislative efforts in Massachusetts, seeking to add another comprehensive data privacy law to the national patchwork of state laws, and in California enacting a law to regulate AI development, occurred this week when the Massachusetts Senate unanimously sent Senate Bill 2608 to the state House, and California enacted the nation’s second substantive state law regulating AI.