Arami Law: Your Bridge to the US Market

Specializing in US Market Entry, Privacy & HIPAA Compliance, and Commercial Contracts for international companies.
Contact UsPractice Areas

Who I Help

I work with companies from Asia and Europe entering the US market. Whether you're navigating HIPAA compliance, responding to enterprise security questionnaires, or drafting US law contracts, I provide the legal guidance you need in your language.

Why Work With Me

In-House Experience

Years of experience as in-house counsel for multi-national corporations. I understand what your legal needs.

Privacy & Compliance Expertise

Deep focus on HIPAA, state privacy laws, data protection, and third-party risk management.

Trilingual Support

Native-level Cantonese and Mandarin. Clear communication with your team in Asia.

Author & Subject Matter Expert

Currently writing a book on Third-Party Risk Management.

Legal Abstract

Services

01

US Market Entry & Regulatory Analysis

For: Foreign companies figuring out which US laws apply to their business. Before you can comply, you need to know what you're dealing with. I analyze your business model, data flows, and target customers to identify which federal and state laws apply, and where your gaps are. Includes: Business model review, regulatory applicability assessment (privacy, healthcare, marketing, employment), data flow analysis, compliance gap identification, and prioritized roadmap.

02

HIPAA & Healthcare Compliance

For: Companies handling protected health information or selling to US healthcare organizations. US healthcare has strict data protection requirements that go beyond standard privacy law. I help you understand your HIPAA obligations and build the compliance foundation hospitals expect to see. Includes: HIPAA applicability assessments, Business Associate Agreement review, privacy and security policy development, healthcare vendor questionnaire support, and compliance gap analysis.

03

Vendor Risk & TPRM

For: Companies facing security questionnaires or building their own vendor management programs. US enterprise customers and hospitals will assess your security and privacy posture before signing. I help you respond confidently to questionnaires and build the documentation they expect to see. Includes: Security questionnaire response support, vendor due diligence documentation, third-party risk assessment frameworks, subprocessor management, and privacy policy review for vendor readiness.

04

Commercial Contracts

For: Any company needing US-law commercial agreements. Your US customers will expect contracts governed by US law. I draft and negotiate agreements that protect your interests while meeting market expectations. Includes: SaaS and software licensing agreements, Master Service Agreements, Business Associate Agreements, NDAs, vendor and customer contracts, and terms of service.

05

Advertising & Marketing Compliance

For: Companies marketing to US consumers via email, phone, text, or digital ads. US marketing laws carry serious penalties, including class action lawsuits and per-message fines. I help you build compliant outreach from day one. Includes: TCPA compliance (calls, texts, auto-dialers), CAN-SPAM Act (email marketing), state mini-TCPA laws, FTC advertising guidelines, cookie consent and tracking requirements, and marketing vendor agreements.

06

US State Privacy Compliance

For: Companies collecting personal data from US consumers across multiple states. The US has no single federal privacy law. Instead, you face a patchwork of state laws with different rules, definitions, and requirements. I help you understand which laws apply and what you need to do. Includes: Data flow mapping and analysis, state privacy law applicability (CCPA/CPRA, Washington MHMD, Virginia, Colorado, etc.), consumer rights compliance, privacy policy review, and compliance roadmap development.

07

App & Product Privacy

For: Companies launching mobile apps or digital products for US users. Getting approved by Apple and Google, and staying compliant, requires more than a privacy policy template. I help you build privacy into your product from the start. Includes: App Store and Google Play compliance, privacy policy drafting and review, consent flows and user permissions, children's privacy (COPPA), in-app data collection practices, and App Store rejection response support.

08

HR Policies & Workplace Compliance

For: Companies hiring employees in the United States. When you hire US workers, you need compliant policies in place. I help you build the HR foundation, including handbooks, policies, and procedures, that meet federal requirements and protect your company. Includes: Employee handbook drafting, workplace privacy policies, remote work policies, confidentiality and IP assignment agreements, acceptable use of AI policies, employee monitoring policies, and federal employment law compliance.

Other Services

In addition to my core practice areas, I also assist with:

Immigration

Green card petitions, I-9 compliance, and corporate immigration programs.

AI Governance & Policies

AI acceptable use policies, AI risk frameworks, and AI vendor assessment.

Intellectual Property

Trade secrets, copyright, trademark, licensing agreements, and IP assignments.

Outside General Counsel

Ongoing US legal support for companies without in-house counsel. Contracts, compliance, and day-to-day legal questions.

Outsourced Privacy Officer

Serve as your outsourced Data Protection Officer or HIPAA Privacy Officer on a fractional basis.

Corporate Governance

Bylaws, board resolutions, meeting minutes, and corporate maintenance.

Meet the Attorney

Corina De Los Santos

Corina Kwok De Los Santos

Corina is the founder and principal Attorney of Arami Law. She serves as outside counsel to companies entering the US market, particularly in the healthcare, tech and SaaS sectors. With over a decade of experience, Corina specializes in navigating regulatory environments, ensuring HIPAA compliance, privacy compliance and negotiating commercial agreements.

Prior to founding Arami Law, Corina served as in-house counsel for major robotic, automation and digital health technology firms, where she built compliance programs from the ground up and managed third-party risk for enterprise. Her unique background allows her to provide practical, business-focused legal advice that aligns with your company's growth objectives.

Corina is fluent in English, Cantonese, and Mandarin, making her a trusted partner for international companies bridging the gap between Asia and the US.

Education & Credentials

University of Washington

LL.M — University of Washington

U.S. law and regulatory systems, including privacy law, data protection, intellectual property, FDA and commercial law

University of London

LL.B — University of London

Contract law, commercial law and legal reasoning

University of Bradford

BSc Business Management — University of Bradford

Business operations, risk management, and organizational strategy

Admissions & Certifications

Washington State Bar

Bar Admission: Washington State

Licensed to practice law in Washington State

CIPP/US Certification

CIPP/US Certification

Certified Information Privacy Professional - United States

"Practical legal guidance for companies expanding into the US market."

The Book

Third-Party Risk Management: Securing the Extended Enterprise
Status: Coming Soon

Third-Party Risk Management: A Practical Guide

Most vendor privacy assessment is broken. Generic questionnaires, scattered documentation, and security frameworks that miss what matters for privacy compliance.

The Vendor Privacy Playbook provides a different approach, the first comprehensive guide specifically for privacy professionals managing vendor risk under GDPR, CCPA, HIPAA, and emerging regulations.

You'll learn how to:

  • Design privacy-focused risk assessment methodologies
  • Build context-aware risk libraries for different data types and jurisdictions
  • Validate vendor claims with evidence, not blind trust
  • Embed privacy protections into vendor contracts
  • Implement proportional ongoing monitoring
  • Prepare for regulatory examinations

Whether building a new TPRM program or improving an existing one, you'll get practical frameworks, real-world examples, and implementation tools for organizations of any size.

Get Notified When It Launches

Join the list for launch notification and exclusive resources.

Contact

Get in Touch

Ready to discuss your US legal needs? I work with clients across time zones and communicate in English, Cantonese, and Mandarin.

Send a Message

By submitting this form, you acknowledge that Arami Law is collecting your information solely for the purpose of evaluating a potential attorney-client relationship. Submitting this form does not create an attorney-client relationship.

Subscribe to Our Newsletter

Stay updated with the latest legal insights, blog posts, and news from Arami Law.