Privacy and Cybersecurity

Our Privacy and Cybersecurity attorneys help businesses of all sizes reduce their cyber, privacy, and data liability risks through education and risk-transfer mechanisms such as policy creation.

Cybersecurity and privacy risks, and liability exposure continue to rise. The risks have heightened for any organization that touches personal, hospital and healthcare, financial, human resources, trade secret, and other sensitive information in the course of domestic and international business operations.

Companies of all sizes, and in every industry and market vertical, face an increasingly toxic brew of cyber-threats, financial loss, and legal liability from employees, clients, shareholders, federal, state, and international regulators, as well as consumers of goods and services. The cyber-threat arena now includes:
  • Ransomware
  • Data breaches
  • Business Email Compromise
  • Phishing
  • Trade Secret Misappropriation
  • Wire and payment fraud
  • Connected (aka “Smart” device) compromise (medical, supply chain, industrial, and consumer)
  • Identity Compromise
  • Smart Product liability

State and local governments are also at increased risk from cyber-threats and should take appropriate steps to investigate, assess, and then mitigate risks from ransomware and other cyber-attacks. The objectives for these attacks can be focused on:
  • Ransomware – Extortion for payment by locking out (encrypting) municipality data
  • Disruption of vital services (traffic, power, law enforcement, and waste management)
  • Election data interference

The legal and regulatory environment involving data breaches, and failures to prepare for those and other cyberthreats is also expanding:
  • All 50 states now require some form of breach notification. Some states require only an intrusion (and not an outflow) of Personally Identifiable Information (PII) to trigger notification.
  • California’s Consumer Privacy Act of 2018 imposes new online disclosure requirements and grants consumers new opt-out rights
  • General Data Protection Regulation – covering sensitive data of residents of the European Economic Area, but has world-wide application and significant monetary penalties
  • Shareholder Litigation – for violations of management fiduciary duty
  • Federal Trade Commission investigations and penalties
  • Federal Food and Drug Administration (for connected medical devices)
  • Banking – New York State enacted 23 NYCRR 500 in 2017, which generally requires covered entities regulated by the state’s Department of Financial Services to comply with enhanced cybersecurity requirements, including risk assessment, adequate cybersecurity funding, policy development and reporting. Covered entities include licensed lenders, state-chartered banks, trust companies, service contract providers, private bankers, mortgage companies, insurance companies doing business in New York, and non-U.S. banks licensed to operate in New York.
  • Department of Health and Human Services Office of Civil Rights (for HIPAA violation investigations) investigations and penalties
  • Securities and Exchange Commission –
    • Increased its cybersecurity oversight and investigatory role for public companies, including issuing a Section 21(a) report indicating that companies that fail to have adequate internal controls (which include assessing and addressing cyber-security threats) may be in violation of Section 13(b)(2)(B)
    • Increased vigilance in enforcing the Safeguards Rule and the Identity Theft Red Flags Rule, both of which generally requires broker-dealers to adopt written policies and procedures “that address administrative, technical and physical safeguards for the protection of customer records and information,” and the Identity Theft Red Flags Rule.
Addressing cyber-threats must be every company’s new normal. 
Each client’s cyber-security needs differ, and while our cyber-security and privacy practice services are comprehensive, we endeavor to tailor them to your needs – keeping in mind a minimum-security baseline, as well as budgeting for immediate, intermediate, and long-term objectives.
Among the services we offer are the following:
  • Risk assessment and investigation
  • Internal Policy development (cybersecurity, incident response, incident investigation and remediation, etc.)
  • Drafting policies, disclosures, and procedures that govern the collection, use, storage, and sharing of sensitive data and use of technology
  • Drafting and implementing privacy and security compliance plans around state, national, and international laws and standards
  • Reviewing, revising, and preparing contracts and releases with third-parties to ensure compliance and limit liability
  • Assisting our clients during transactions with privacy due diligence and protective deal mechanisms
  • Advising clients on cyber-insurance policies and other applicable insurance policies
  • Advising clients on digital advertising and marketing, virtual currencies, and social media
  • Handling data breaches and privacy complaints
  • Representing clients during privacy-related matters before federal and state courts, administrative agencies, and professional boards
  • Responding to subpoenas and law enforcement inquiries as well as privacy torts / class actions
  • Managing eDiscovery and data governance

Our goal is simple: to help our clients reduce their cyber, privacy, and data liability risks. We accomplish this through education and implementing a variety of risk-transfer mechanisms focused on each client’s unique needs. These mechanisms include training, risk assessments, policy creation, contracts, or insurance. While no level of cybersecurity prevention can completely eliminate the risk cyber-risk, the firm’s holistic and pragmatic approach can help reduce the likelihood of occurrence, and in conjunction with cyberforensic experts, help mitigate the legal, liability, and other consequences arising out of a cyber-security incident.

Check out Chair Steven Teppler’s Litigation Intelligence Cyber Security Blog.

Join Tom Brennan, CIO of Mandelbaum Barrett PC, in Discussing Cybersecurity and More at the Upcoming SSCA Event on September 12!

September 9, 2023

Cybersecurity is a global concern for both businesses and governments. The Software and Supply Chain Assurance Forum (SSCA) provides a platform for experts worldwide to discuss cyber risks, best practices, and solutions. Led by organizations like National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DoD), and General Services […]

Navigating App Security Challenges: Insights from Tom Brennan at OWASP Global AppSec Conference

September 5, 2023

Tom Brennan, the CIO of Mandelbaum Barrett PC, will be joined by two additional speakers to present at this year’s OWASP Global AppSec Conference and Training event in Washington, DC. In a time of increasing cyber threats, the importance of hiring app security experts becomes paramount for businesses. However, this process is like supply chain […]

Massive Data Breach at HCA Healthcare Sparks Class-Action Lawsuits and Regulatory Concerns

July 17, 2023

A massive data breach at HCA Healthcare, a hospital chain, has resulted in the filing of the first of many proposed class-action lawsuits. The breach involved the exposure of potentially 11 million patients’ information on a dark web forum. Key concerns surrounding the breach include the possible involvement of a third-party storage vendor and the […]

Insights from William Barrett: New York County Dental Society Article Explores Cybersecurity Risks in Dental Practices

June 22, 2023

Dental health professionals handle a vast amount of sensitive patient data, ranging from personal information to medical records. To protect themselves and their patients, it’s important for them to understand cybersecurity risks and take appropriate measures. Staying aware of the latest threats and trends is crucial for adequate protection. Learn about some of the ways […]

Steven W. Teppler, Chair of Privacy and Cybersecurity and Chief Cybersecurity Legal Officer, featured in article titled “Health Entities Should Vet Risks of ChatGPT Use”

January 20, 2023

Steven W. Teppler, Partner and Chair of the Firm’s Privacy and Cybersecurity practice group, as well as our Chief Cybersecurity Legal Officer, was featured in an article discussing the importance of healthcare entities carefully vetting the use of ChatGPT and similar AI-enabled tools for potential patient data security and privacy risks. Click the link to […]

New IRS Cybersecurity Requirements for CPAs and Accounting Practices

January 17, 2023

Stay ahead of the game and protect your business and clients’ information with the latest IRS cybersecurity requirements for CPAs and Accounting practices. Learn about the new Written Information Security Plan (WISP) and FTC SafeGuards Rule. Partner and Chief Cybersecurity Legal Officer Steven Teppler, and Partner in the Firm’s Trusts & Estates and Taxation practice […]

Steven Teppler and Lauren X. Topelsohn Discuss the Legal and Ethic Requirements Imposed by the SHIELD Act in the New York Law Journal

October 10, 2022

The SHIELD (Stop Hacks and Improve Electronic Data Security) Act is the latest cybersecurity-based legislation, affecting businesses (including law firms) that own or license computerized private information of New York residents. Designed to protect state residents’ data, this act imposes strict requirements on firms and levies harsh fines for those that fail to meet them. […]

CIO, Tom Brennan, to be a Moderator for a Panel at SecureWorld New York on October 13

October 10, 2022

Mandelbaum Barrett PC’s CIO, Tom Brennan, will be a moderator for a panel at this year’s SecureWorld conference. As a member of the Advisory Council, Tom will be a moderator on the discussion topic: “OVS / Federal Policy vs. State Law.” For more than 21 years, SecureWorld conferences have been connecting, informing, and developing leaders in cybersecurity through […]

Steven Teppler, Chair of Privacy and Cybersecurity, featured in article titled “Hazards and Help with Cybersecurity”

October 4, 2022

Steven W. Teppler, of counsel and chair of the firm’s Privacy and Cybersecurity practice group, was featured in the New Jersey Business Magazine for October, where he highlights the importance of cybersecurity and data breach prevention/response. Since October is Cybersecurity Awareness Month, this could not have happened at a better time. This month is dedicated to raise […]

Mandelbaum Barrett PC CIO Tom Brennan authors article titled "17 Technical Controls for Effective M&A Due Diligence"

April 12, 2022

Mandelbaum Barrett PC Chief Information Officer Tom Brennan has authored a Cyber Security article in the April 6th, 2022 issue of CPO Magazine titled "17 Technical Controls for Effective M&A Due Diligence."

Steven Teppler to present webinar titled "The vCISO Engagement and Legal Liability – What You Need to Know"

February 15, 2022

Mandelbaum Barrett PC Of Counsel Steven Teppler will be the Keynote speaker for a "vCISO Engagement and Legal Liability – What You Need to Know" webinar powered by the vCISO News professional community on Wednesday, February 16th, 2022 from 10:30am to 12:00pm.

Tom Brennan Spoke on Fulfilling Network Security Requirements and Business Needs at InfoSecurity Virtual Roundtable

February 4, 2021

Tom Brennan joined a panel of cybersecurity experts on the InfoSecurity Magazine virtual roundtable, Fulfilling Network Security Requirements and Business Needs. Tom and the panelists addressed a wide range of issues, including managing a multi-vendor network environment, handling the rapid demand for network changes with automation, and ways to avoid errors and misconfigurations in a […]

Lauren X. Topelsohn Speaking at the RSA 2020 Security Conference in San Francisco

January 6, 2020

Lauren X. Topelsohn, a Member in our Privacy and Cybersecurity Practice Group will be speaking at the RSA 2020 Security Conference in San Francisco. Lauren will be participating in "If You Can't Trust The Phone Company: A Mock Trial", which involves a ransomware attack on a medical laboratory that results in the exfiltration of critical test results ("protected health information" or "PHI"). To learn more about the session and the RSA Conference, click here.

Safeguarding Client Information: 5 Essential Cybersecurity and Privacy Measures for Veterinary Practices

September 7, 2023

In an era where technology permeates every aspect of business, ensuring the confidentiality and security of client data has become a paramount concern for veterinary practices. The digital age has brought with it numerous benefits, but it has also opened the doors to new threats and vulnerabilities. Just as you diligently care for animals, it’s […]

The Next Deepfake Could Come from Your Client: The Impending Threat of Deepfakes in the Legal Profession

August 30, 2023

Lawyers are not immune to the rapidly evolving landscape of technological advancements. Deepfake technology, which involves the use of artificial intelligence to manipulate audio and video content, presents a significant and emerging threat to the legal sector. Lawyers must be vigilant and prepared to address the potential misuse of deepfakes by clients or adversary counsel, […]

Your Veterinary Practice Has Been Breached – Now What?

June 28, 2023

Preventing (and Responding to) Data Breaches: What Veterinary Practices Need to Know Technology continues to revolutionize various industries, and the veterinary field is no exception. With the integration of digital systems, electronic health records, and online communication, veterinary practices have become vulnerable to cyber threats. The importance of cybersecurity in veterinary practices cannot be overstated. […]

Top 3 Things to Note as a U.S. Copyright or Trademark Owner in 2023

June 9, 2023

Joel MacMull shares his insights from the International Trademark Association’s (INTA) Annual General Meeting in Singapore. Discover the top 3 issues for U.S. copyright and trademark owners in 2023, including unconventional trademark uses, the extraterritoriality of the Lanham Act, and a significant New Mexico case.

Joel G. MacMull Explores the Potential Traps of AI in the Legal Field for the New York Law Journal

May 22, 2023

MacMull offers valuable insights from his article “AI and Practicing Law: Potential Traps for the Unwary,” covering crucial aspects such as privacy concerns, issues of quality, loss of goodwill, and intellectual property considerations. Gain a comprehensive understanding of the challenges faced by legal professionals in navigating the intersection of AI and law.

Podcast: That’s in my EULA?

April 10, 2023

“That’s in my EULA??” is a podcast hosted by Mark Miller and Joel MacMull, Partner at Mandelbaum Barrett. The podcast explores the mysterious and often overlooked world of End-User License Agreements (EULAs), revealing hidden clauses in popular app EULAs. In Episode 1, they discuss the legal implications of using AI engines such as ChatGPT, and in Episode 2, they take a deep dive into the TikTok terms of service. Tune in to discover the legal considerations users should keep in mind when using popular apps.

Why Companies Need a Cybersecurity Attorney

February 19, 2023

The Role of Cybersecurity Counsel As companies become more reliant on technology, the need for effective cybersecurity measures is greater than ever before. One critical component of any comprehensive cybersecurity strategy is the role of cybersecurity attorneys. Let’s take a look at the vital role of cybersecurity attorneys and the benefits they provide. What is […]

Cybersecurity Alert: Class Action Liability Risks for Violations of ADA and New York Human Rights Laws

July 6, 2018

Check out our latest Cybersecurity Law Alert published by Steven Teppler and Lauren X. Topelsohn on ADA Compliance for websites and the recent uptick in class action lawsuits for violations of ADA and New York Human Rights Law in light of the Federal Government's Web Content Accessibility Guidelines.

Cybersecurity Alert: Brand Name Spoofing Still a Popular Phishing Tactic

June 26, 2018

Check out our latest Cybersecurity Alert about Brand Name Spoofing, a popular phishing tactic that can put you and your company at risk. The Firm's Privacy & Cybersecurity Practice led by Of Counsel Steven Teppler, who co-authored the Alert with Member Lauren X. Topelsohn, helps business owners to prevent and mitigate damages from cyber attacks.

Why do companies need a Cybersecurity attorney?

As companies become more reliant on technology, the need for effective cybersecurity measures is greater than ever before. One critical component of any comprehensive cybersecurity strategy is the role of cybersecurity attorneys. Check out our latest blog to find out more.