Stephanie Cipolla is an associate in the Litigation Department and a member of the firm’s Data Strategy & Security practice. Her practice focuses on cybersecurity and data privacy issues, including incident preparation and response.

Ms. Cipolla’s matters include assisting clients in the finance, tech and critical infrastructure sectors in responding to data security incidents including nation-state attacks, insider threats, email compromises, and ransomware attacks.

She also assists clients in developing tailored incident response plans, testing their plans through customized simulated breach drills, and advising on regulatory issues including compliance with the NYS Department of Financial Services cybersecurity regulation. She advises clients on compliance issues related to NYDFS Part 500, CCPA, HIPAA and GDPR and responding to regulatory inquiries including by State Attorneys General, the FTC and OCR.

Ms. Cipolla originally joined Debevoise in 2016. From 2021 to 2023, she served as Counsel at a boutique New York firm before returning to Debevoise in November 2023.

Ms. Cipolla received her J.D. cum laude from St. John’s University School of Law in 2016, where she was an editor of the St. John’s Law Review. She received a B.A. cum laude from The University of Pennsylvania in 2012.