Cybersecurity Law

Cybersecurity is one of the most significant risk management issues for executives and boards of directors. Businesses are increasingly dependent on digital technologies and software applications to conduct their operations, and reports of data breaches are commonplace and are not likely to stop anytime soon.

The challenge is how to achieve your business objectives while also protecting proprietary, confidential, and personal information.

I counsel our clients with respect to how to manage data privacy and cybersecurity risks before they materialize, and work with them to review data privacy and protection policies, and design and implement new policies when necessary.

Drawing on my broad experiences in law, compliance, and information technology, I also provide legal and strategic counsel for effectively managing the crisis that often surrounds a data breach or loss of sensitive information.


The cybersecurity practice also advises clients across a broad range of data protection and privacy laws, including obligations under the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the CAN-SPAM Act, the Electronic Communications Privacy Act (ECPA), the Children’s Online Privacy Protection Act (COPPA), the Fair Credit Reporting Act (FCRA), the Federal Trade Commission Act, Sarbanes-Oxley, and other federal and state laws.

I also advise companies on the data privacy and security implications of mergers and acquisitions, outsourcing arrangements, and other transactions.

Managing Cybersecurity Risks

Every business – no matter the size – is vulnerable to cyberattack and data loss. Although understanding cybersecurity risks as they relate to your business is a fundamental part of managing your business, the question of how to identify and manage cybersecurity risks remains a challenging one.

Identifying and managing your cybersecurity risks requires a company-wide assessment of business practices, the development of policies and practices, and the harnessing of resources to have the ability to respond in a timely way. I am well-situated to provide counsel to your business and to help you develop and implement the critical corporate infrastructure, policies, and procedures necessary to protect against, and react to, cybersecurity, data protection, and privacy threats.

Data Breach Response

In the event of a breach, I can provide comprehensive incident response assistance. This assistance can take the form of assisting in the investigation of data breach incidents, managing the activities of outside experts, and interaction with state and federal law enforcement authorities and regulators.