Experience

• • Counseling clients on privacy and cybersecurity compliance issues related to evolving laws and regulations, including the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), and the Virginia Consumer Data Protection Act (VCDPA).
  • Counseling and strategy under CAN-SPAM, COPPA, ESIGN, FCRA, FERPA, FOIA, FTC Act, GDPR, GLBA, HIPAA, TCPA, VPPA, state privacy and common law issues, as well as industry self-regulation on privacy matters, including those related to online advertising and PCI DSS compliance.
  • Broad range of experience assisting individual and institutional clients with matters before U.S. regulators, including state attorneys general, the Commodity Futures Trading Commission (CFTC), the Department of Justice (DOJ), the Federal Communications Commission (FCC), the Financial Industry Regulatory Authority (FINRA), the Federal Reserve Bank of New York (FRBNY), the Federal Trade Commission (FTC), the NYDFS, the Office of the Comptroller of the Currency (OCC), and the Securities and Exchange Commission (SEC).
  • Global public and private companies in preparing for cybersecurity and business continuity events, including ransomware attacks, insider data theft, state-sponsored hacking, and vendor compromises.
  • Several large companies regarding the SEC’s Proposed Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.
  • Multiple leading financial institutions on the U.S. banking agencies’ Computer-Security Incident Notification Final Rule requirements for banking organizations and bank service providers.
  • Global companies that have experienced sophisticated cybersecurity events, including ransomware attacks, phishing campaigns, vendor compromises, and data thefts.
  • Major professional sports leagues with respect to privacy and data security compliance program development.
  • A leading financial institution in responding to a cybersecurity incident involving insider threats.
  • Large nonprofit organization with respect to privacy and cybersecurity counseling.
  • Various clients on privacy and cybersecurity issues related to the COVID-19 pandemic, including testing, vaccination, and remote work.
  • Various clients on complex data privacy, cybersecurity, and data protection diligence issues as well as negotiation of terms in connection with large technology transactions, mergers, and post-transaction integration.
  • A leading global bank in connection with the foreign currency exchange trading investigations conducted by numerous enforcement agencies.