Cybersecurity & Privacy

Trained insurance client executives and key employees in incident response plan protocols and advised on methods to improve security policies and procedures.

Counseled health care provider relating to alleged data breach by litigation opponent.

Counseled e-commerce retailer regarding data breach by third-party payment processor and issuance of statutory notifications.

Represented health care provider in breach response investigation and issuance of statutory notifications.

Represented university in breach response investigation and counseled on removal of private data from public websites.

Represented financial service provider in investigating and responding to data breach incidents.

Represented a gaming, hospitality and entertainment company in one the largest ever data breach investigations concerning the exfiltration of customer PII on the Darknet. Successfully avoided fines, penalties or civil actions brought by states attorneys general.

Acted as lead counsel in representing virtual payment industry client in matter involving claims under the Computer Fraud and Abuse Act (CFAA) in a civil context concerning the alleged hacking of client’s computer system and theft of trade secrets by a business competitor.

Acted as lead trial counsel in a case involving claims under the Computer Fraud and Abuse Act (CFAA) in a civil context concerning the anti-competitive hacking of client’s computer system by a business rival resulting in an award of $10 million in damages for client.

Advised clients on FTC, OCR, SEC and state attorney general investigations and enforcement actions for alleged data security and privacy violations.

Advised clients on managing FTC Consent Orders and CIDs in connection with data security incidents.

Advised major health care providers and health plans on all aspects of HITECH security breaches, including HHS OCR and state enforcement.

Advised numerous major retailers, financial institutions, and other companies on proactive cybersecurity readiness, including developing and conducting full-scale tabletop exercises for C-suite executives and boards of directors.

Counseled numerous technology companies (both as publishers and advertisers) on data collection and sharing issues (including online behavioral advertising and big data initiatives), collection and use of geolocation data, and EU-US cross border data transfers.

Counseled major retail and consumer goods companies on privacy issues associated with the use of radio frequency identification (RFID) and data collection from mobile devices.

Advised multiple clients on privacy, monitoring and surveillance issues under federal, state and international laws and prepared related customer policies and operational procedures for data sharing and monetization.

Conducted comprehensive privacy and information security policy assessments of major U.S. gaming, retail, entertainment, hospitality and consumer goods companies, including extensive data flow mapping, implementation of multiple privacy policies, information governance, and security and records management procedures.

Developed and implemented comprehensive global records management program for one of the world’s largest technology outsourced consultancy firms, including preparation and implementation of data security and privacy standards and procedures and numerous records retention schedules.

Counseled software developer on revision of privacy policies, end-user license agreements, end-of-support announcement and requirements for user sweepstakes program.

Drafted privacy policies and website terms of use revisions for multiple international fashion, food and big box retailers. Also provided advice and counsel on compliance with the New Jersey Truth-in-Consumer-Contracts, Warranties and Notices Act.

Represented multi-state financial services client in responding to government inquiries regarding product data security.

Represented multi-state insurance clients in development of incident response plans and network security policies.

Drafted cybersecurity policies, incident response plans, third-party service provider security policies, disaster recovery plan and other cybersecurity policies on behalf of national insurance broker.

Drafted data governance policy and assisted in data mapping exercises for EU GDPR compliance on behalf of international music instrument retailer.

Drafted cybersecurity policies, incident response plans, third-party service provider security policies and other cybersecurity policies for an international supply chain vendor.

Drafted data governance policy and assisted in data mapping exercises for EU GDPR compliance on behalf of international clothing retailer.

Defended corporate victim of security breaches resulting from criminal tampering of POS terminals and ATMs; managed and led forensic investigations, breach notification and PR efforts surrounding crisis management resulting in the successful prosecution of threat actor by the US Secret Service and FBI.

Lead counsel representing an enterprise software company against Crabby Hacker in a case involving a civil ex parte search warrant and claims concerning theft of trade secrets, the Digital Millennium Copyright Act (DMCA) and client’s trademark.