Print

Privacy and Cybersecurity

Our Privacy and Cybersecurity attorneys help businesses of all sizes reduce their cyber, privacy, and data liability risks through education and risk-transfer mechanisms such as policy creation.

Cybersecurity and privacy risks, and liability exposure continue to rise. The risks have heightened for any organization that touches personal, hospital and healthcare, financial, human resources, trade secret, and other sensitive information in the course of domestic and international business operations.

Companies of all sizes, and in every industry and market vertical, face an increasingly toxic brew of cyber-threats, financial loss, and legal liability from employees, clients, shareholders, federal, state, and international regulators, as well as consumers of goods and services. The cyber-threat arena now includes:
  • Ransomware
  • Data breaches
  • Business Email Compromise
  • Phishing
  • Trade Secret Misappropriation
  • Wire and payment fraud
  • Connected (aka “Smart” device) compromise (medical, supply chain, industrial, and consumer)
  • Identity Compromise
  • Smart Product liability

State and local governments are also at increased risk from cyber-threats and should take appropriate steps to investigate, assess, and then mitigate risks from ransomware and other cyber-attacks. The objectives for these attacks can be focused on:
  • Ransomware – Extortion for payment by locking out (encrypting) municipality data
  • Disruption of vital services (traffic, power, law enforcement, and waste management)
  • Election data interference

The legal and regulatory environment involving data breaches, and failures to prepare for those and other cyberthreats is also expanding:
  • All 50 states now require some form of breach notification. Some states require only an intrusion (and not an outflow) of Personally Identifiable Information (PII) to trigger notification.
  • California’s Consumer Privacy Act of 2018 imposes new online disclosure requirements and grants consumers new opt-out rights
  • General Data Protection Regulation – covering sensitive data of residents of the European Economic Area, but has world-wide application and significant monetary penalties
  • Shareholder Litigation – for violations of management fiduciary duty
  • Federal Trade Commission investigations and penalties
  • Federal Food and Drug Administration (for connected medical devices)
  • Banking – New York State enacted 23 NYCRR 500 in 2017, which generally requires covered entities regulated by the state’s Department of Financial Services to comply with enhanced cybersecurity requirements, including risk assessment, adequate cybersecurity funding, policy development and reporting. Covered entities include licensed lenders, state-chartered banks, trust companies, service contract providers, private bankers, mortgage companies, insurance companies doing business in New York, and non-U.S. banks licensed to operate in New York.
  • Department of Health and Human Services Office of Civil Rights (for HIPAA violation investigations) investigations and penalties
  • Securities and Exchange Commission –
    • Increased its cybersecurity oversight and investigatory role for public companies, including issuing a Section 21(a) report indicating that companies that fail to have adequate internal controls (which include assessing and addressing cyber-security threats) may be in violation of Section 13(b)(2)(B)
    • Increased vigilance in enforcing the Safeguards Rule and the Identity Theft Red Flags Rule, both of which generally requires broker-dealers to adopt written policies and procedures “that address administrative, technical and physical safeguards for the protection of customer records and information,” and the Identity Theft Red Flags Rule.
Addressing cyber-threats must be every company’s new normal. 
Each client’s cyber-security needs differ, and while our cyber-security and privacy practice services are comprehensive, we endeavor to tailor them to your needs – keeping in mind a minimum-security baseline, as well as budgeting for immediate, intermediate, and long-term objectives.
Among the services we offer are the following:
  • Risk assessment and investigation
  • Internal Policy development (cybersecurity, incident response, incident investigation and remediation, etc.)
  • Drafting policies, disclosures, and procedures that govern the collection, use, storage, and sharing of sensitive data and use of technology
  • Drafting and implementing privacy and security compliance plans around state, national, and international laws and standards
  • Reviewing, revising, and preparing contracts and releases with third-parties to ensure compliance and limit liability
  • Assisting our clients during transactions with privacy due diligence and protective deal mechanisms
  • Advising clients on cyber-insurance policies and other applicable insurance policies
  • Advising clients on digital advertising and marketing, virtual currencies, and social media
  • Handling data breaches and privacy complaints
  • Representing clients during privacy-related matters before federal and state courts, administrative agencies, and professional boards
  • Responding to subpoenas and law enforcement inquiries as well as privacy torts / class actions
  • Managing eDiscovery and data governance

Our goal is simple: to help our clients reduce their cyber, privacy, and data liability risks. We accomplish this through education and implementing a variety of risk-transfer mechanisms focused on each client’s unique needs. These mechanisms include training, risk assessments, policy creation, contracts, or insurance. While no level of cybersecurity prevention can completely eliminate the risk cyber-risk, the firm’s holistic and pragmatic approach can help reduce the likelihood of occurrence, and in conjunction with cyberforensic experts, help mitigate the legal, liability, and other consequences arising out of a cyber-security incident.

Check out Chair Steven Teppler’s Litigation Intelligence Cyber Security Blog.

Deal Alert: Jacqueline Greenberg Vogt & Steven W. Teppler Achieve Amazing Victory for Contractor Defrauded of Cryptocurrency

May 3, 2024

Jacqueline Greenberg Vogt, Chair of the Construction Law Group and Steven W. Teppler Partner and Chair of the Privacy and Cybersecurity Practice Group at Mandelbaum Barrett PC, recently achieved an amazing victory for a contractor client who was the victim of theft of his cryptocurrency.

Join Tom Brennan, CIO of Mandelbaum Barrett PC, in Discussing Cybersecurity and More at the Upcoming SSCA Event on September 12!

September 9, 2023

Cybersecurity is a global concern for both businesses and governments. The Software and Supply Chain Assurance Forum (SSCA) provides a platform for experts worldwide to discuss cyber risks, best practices, and solutions. Led by organizations like National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DoD), and General Services […]

Navigating App Security Challenges: Insights from Tom Brennan at OWASP Global AppSec Conference

September 5, 2023

Tom Brennan, the CIO of Mandelbaum Barrett PC, will be joined by two additional speakers to present at this year’s OWASP Global AppSec Conference and Training event in Washington, DC. In a time of increasing cyber threats, the importance of hiring app security experts becomes paramount for businesses. However, this process is like supply chain […]

Massive Data Breach at HCA Healthcare Sparks Class-Action Lawsuits and Regulatory Concerns

July 17, 2023

A massive data breach at HCA Healthcare, a hospital chain, has resulted in the filing of the first of many proposed class-action lawsuits. The breach involved the exposure of potentially 11 million patients’ information on a dark web forum. Key concerns surrounding the breach include the possible involvement of a third-party storage vendor and the […]

Insights from William Barrett: New York County Dental Society Article Explores Cybersecurity Risks in Dental Practices

June 22, 2023

Dental health professionals handle a vast amount of sensitive patient data, ranging from personal information to medical records. To protect themselves and their patients, it’s important for them to understand cybersecurity risks and take appropriate measures. Staying aware of the latest threats and trends is crucial for adequate protection. Learn about some of the ways […]

Steven W. Teppler, Chair of Privacy and Cybersecurity and Chief Cybersecurity Legal Officer, featured in article titled “Health Entities Should Vet Risks of ChatGPT Use”

January 20, 2023

Steven W. Teppler, Partner and Chair of the Firm’s Privacy and Cybersecurity practice group, as well as our Chief Cybersecurity Legal Officer, was featured in an article discussing the importance of healthcare entities carefully vetting the use of ChatGPT and similar AI-enabled tools for potential patient data security and privacy risks. Click the link to […]

New IRS Cybersecurity Requirements for CPAs and Accounting Practices

January 17, 2023

Stay ahead of the game and protect your business and clients’ information with the latest IRS cybersecurity requirements for CPAs and Accounting practices. Learn about the new Written Information Security Plan (WISP) and FTC SafeGuards Rule. Partner and Chief Cybersecurity Legal Officer Steven Teppler, and Partner in the Firm’s Trusts & Estates and Taxation practice […]

Steven Teppler and Lauren X. Topelsohn Discuss the Legal and Ethic Requirements Imposed by the SHIELD Act in the New York Law Journal

October 10, 2022

The SHIELD (Stop Hacks and Improve Electronic Data Security) Act is the latest cybersecurity-based legislation, affecting businesses (including law firms) that own or license computerized private information of New York residents. Designed to protect state residents’ data, this act imposes strict requirements on firms and levies harsh fines for those that fail to meet them. […]

CIO, Tom Brennan, to be a Moderator for a Panel at SecureWorld New York on October 13

October 10, 2022

Mandelbaum Barrett PC’s CIO, Tom Brennan, will be a moderator for a panel at this year’s SecureWorld conference. As a member of the Advisory Council, Tom will be a moderator on the discussion topic: “OVS / Federal Policy vs. State Law.” For more than 21 years, SecureWorld conferences have been connecting, informing, and developing leaders in cybersecurity through […]

Steven Teppler, Chair of Privacy and Cybersecurity, featured in article titled “Hazards and Help with Cybersecurity”

October 4, 2022

Steven W. Teppler, of counsel and chair of the firm’s Privacy and Cybersecurity practice group, was featured in the New Jersey Business Magazine for October, where he highlights the importance of cybersecurity and data breach prevention/response. Since October is Cybersecurity Awareness Month, this could not have happened at a better time. This month is dedicated to raise […]

Mandelbaum Barrett PC CIO Tom Brennan authors article titled "17 Technical Controls for Effective M&A Due Diligence"

April 12, 2022

Mandelbaum Barrett PC Chief Information Officer Tom Brennan has authored a Cyber Security article in the April 6th, 2022 issue of CPO Magazine titled "17 Technical Controls for Effective M&A Due Diligence."

Steven Teppler to present webinar titled "The vCISO Engagement and Legal Liability – What You Need to Know"

February 15, 2022

Mandelbaum Barrett PC Of Counsel Steven Teppler will be the Keynote speaker for a "vCISO Engagement and Legal Liability – What You Need to Know" webinar powered by the vCISO News professional community on Wednesday, February 16th, 2022 from 10:30am to 12:00pm.

Tom Brennan Spoke on Fulfilling Network Security Requirements and Business Needs at InfoSecurity Virtual Roundtable

February 4, 2021

Tom Brennan joined a panel of cybersecurity experts on the InfoSecurity Magazine virtual roundtable, Fulfilling Network Security Requirements and Business Needs. Tom and the panelists addressed a wide range of issues, including managing a multi-vendor network environment, handling the rapid demand for network changes with automation, and ways to avoid errors and misconfigurations in a […]

Lauren X. Topelsohn Speaking at the RSA 2020 Security Conference in San Francisco

January 6, 2020

Lauren X. Topelsohn, a Member in our Privacy and Cybersecurity Practice Group will be speaking at the RSA 2020 Security Conference in San Francisco. Lauren will be participating in "If You Can't Trust The Phone Company: A Mock Trial", which involves a ransomware attack on a medical laboratory that results in the exfiltration of critical test results ("protected health information" or "PHI"). To learn more about the session and the RSA Conference, click here.

Paging Cybersecurity: Healthcare Providers Need to Make a “Change” to Protect Themselves, and Their Patients, Against Cyberattacks

April 30, 2024

In February 2024, the healthcare industry was rattled by a significant cyberattack targeting Change Healthcare (“Change”), a subsidiary of UnitedHealth Group, one of the largest health insurance companies in the world. The breach sent shockwaves throughout the healthcare ecosystem, raising concerns about patient data security, operational integrity, and the vulnerability of critical infrastructure. As the […]

Conquering Cybersecurity Challenges: A Fiduciary Perspective under ERISA

March 14, 2024

In today’s digital era, innovations like AI and quantum computing revolutionize workplaces, but cyberattacks loom large. ERISA, established in 1974, sets fiduciary standards for retirement plans. Yet, cybercrime’s $6.9 billion loss in 2021 and legal cases highlight the urgency. The DOL’s 2021 guidance emphasizes proactive cybersecurity measures for plan sponsors, urging collaboration and vigilance.

Navigating the New Cybersecurity Terrain: Implications of the FCC’s Latest Rule on Security Breach Notifications

February 13, 2024

Introduction: On February 12, 2024, the Federal Communications Commission (FCC) finalized a critical cybersecurity rule, Sec. 64.2011, mandating telecommunications carriers and TRS (Telecommunications Relay Services) providers to adhere to strict guidelines concerning the notification of security breaches. This rule signifies a pivotal shift in the regulatory landscape, imposing new compliance obligations that will fundamentally alter […]

Safeguarding Client Information: 5 Essential Cybersecurity and Privacy Measures for Veterinary Practices

September 7, 2023

In an era where technology permeates every aspect of business, ensuring the confidentiality and security of client data has become a paramount concern for veterinary practices. The digital age has brought with it numerous benefits, but it has also opened the doors to new threats and vulnerabilities. Just as you diligently care for animals, it’s […]

The Next Deepfake Could Come from Your Client: The Impending Threat of Deepfakes in the Legal Profession

August 30, 2023

Lawyers are not immune to the rapidly evolving landscape of technological advancements. Deepfake technology, which involves the use of artificial intelligence to manipulate audio and video content, presents a significant and emerging threat to the legal sector. Lawyers must be vigilant and prepared to address the potential misuse of deepfakes by clients or adversary counsel, […]

Your Veterinary Practice Has Been Breached – Now What?

June 28, 2023

Preventing (and Responding to) Data Breaches: What Veterinary Practices Need to Know Technology continues to revolutionize various industries, and the veterinary field is no exception. With the integration of digital systems, electronic health records, and online communication, veterinary practices have become vulnerable to cyber threats. The importance of cybersecurity in veterinary practices cannot be overstated. […]

Top 3 Things to Note as a U.S. Copyright or Trademark Owner in 2023

June 9, 2023

Joel MacMull shares his insights from the International Trademark Association’s (INTA) Annual General Meeting in Singapore. Discover the top 3 issues for U.S. copyright and trademark owners in 2023, including unconventional trademark uses, the extraterritoriality of the Lanham Act, and a significant New Mexico case.

Joel G. MacMull Explores the Potential Traps of AI in the Legal Field for the New York Law Journal

May 22, 2023

MacMull offers valuable insights from his article “AI and Practicing Law: Potential Traps for the Unwary,” covering crucial aspects such as privacy concerns, issues of quality, loss of goodwill, and intellectual property considerations. Gain a comprehensive understanding of the challenges faced by legal professionals in navigating the intersection of AI and law.

Podcast: That’s in my EULA?

April 10, 2023

“That’s in my EULA??” is a podcast hosted by Mark Miller and Joel MacMull, Partner at Mandelbaum Barrett. The podcast explores the mysterious and often overlooked world of End-User License Agreements (EULAs), revealing hidden clauses in popular app EULAs. In Episode 1, they discuss the legal implications of using AI engines such as ChatGPT, and in Episode 2, they take a deep dive into the TikTok terms of service. Tune in to discover the legal considerations users should keep in mind when using popular apps.

Why Companies Need a Cybersecurity Attorney

February 19, 2023

The Role of Cybersecurity Counsel As companies become more reliant on technology, the need for effective cybersecurity measures is greater than ever before. One critical component of any comprehensive cybersecurity strategy is the role of cybersecurity attorneys. Let’s take a look at the vital role of cybersecurity attorneys and the benefits they provide. What is […]

Cybersecurity Alert: Class Action Liability Risks for Violations of ADA and New York Human Rights Laws

July 6, 2018

Check out our latest Cybersecurity Law Alert published by Steven Teppler and Lauren X. Topelsohn on ADA Compliance for websites and the recent uptick in class action lawsuits for violations of ADA and New York Human Rights Law in light of the Federal Government's Web Content Accessibility Guidelines.

Cybersecurity Alert: Brand Name Spoofing Still a Popular Phishing Tactic

June 26, 2018

Check out our latest Cybersecurity Alert about Brand Name Spoofing, a popular phishing tactic that can put you and your company at risk. The Firm's Privacy & Cybersecurity Practice led by Of Counsel Steven Teppler, who co-authored the Alert with Member Lauren X. Topelsohn, helps business owners to prevent and mitigate damages from cyber attacks.

These stories are successful case results from our attorneys. Please note that results may vary depending on your particular facts and legal circumstances.

Exploitation of Power of Attorney: Agent Blocking Family Access to Nursing Home Resident

June 6, 2024

In their latest vlog, Mandelbaum Barrett PC Elder Law attorneys, Donald Dennison, Esq. and Dan Stone, Esq. discuss the implications of a Power of Attorney agent weaponizing the document to prevent well-meaning family members from visiting a nursing home resident.

What New Jersey Taxpayers Need to Know About Partnership Income Reporting

May 24, 2024

Staying informed about updates in tax regulations is vital for taxpayers to fulfill their obligations accurately. The recent update from the New Jersey Division of Taxation regarding the reporting of income from partnerships underscores the importance of staying abreast of state-specific requirements. By adhering to these guidelines and seeking professional assistance when needed, taxpayers can effectively navigate partnership income reporting in New Jersey and maintain compliance with state tax laws.

Raj Gadhok to Present for NJICLE’s “What is a Tevis Claim and What Does it Mean for My Divorce?

November 20, 2023

Navigating divorce cases in New Jersey often involves addressing domestic violence and abuse allegations. This is where the Tevis Claim often comes into play. It is essentially a personal injury claim you can bring against your spouse in the divorce complaint if instances of domestic violence have occurred. While opting for a Tevis Claim has […]

Going Green and Staying Out of Legal Trouble: The Art of Green Marketing

November 17, 2023

In today’s environmentally conscious world, green marketing has become a significant trend for businesses aiming to attract eco-minded consumers. Companies often use eco-friendly claims to promote their products and services, but they must tread carefully to avoid lawsuits and maintain their reputation. In this blog, we’ll explore green marketing and suggest some steps companies can […]

Client Alert: Corporate Transparency Act

November 16, 2023

On January 1, 2024, the Corporate Transparency Act (the “CTA”) will become law and will impose reporting obligations which will impact millions of small businesses across the United States. It is critical for business owners to understand the CTA reporting requirements as failure to comply can result in both civil and criminal penalties. If you own […]

Your Health, Your Choice: A Guide to Medicare Open Enrollment

November 7, 2023

The Medicare open enrollment period runs through December 7th, 2023.   Medicare adjusts costs, coverage, and accepted providers on an annual basis. If you have received “Evidence of Coverage,” or an “Annual Notice of Change,” from Medicare, now is the time to review your coverage, and, if necessary, make changes to your Medicare healthcare plan to better […]

Three Major Differences Between Recourse and Non-Recourse Loans

November 1, 2023

Borrower / Guarantor Liability Recourse – The borrower (or guarantor) is personally liable for the full amount of the loan, including any debt remaining after the collateral is foreclosed upon and sold. To satisfy the remaining debt, the lender can look to the individual assets of borrower (or guarantor). Non-Recourse – The borrower (or guarantor) […]

Chris Zona: Becoming a Trial Attorney

October 30, 2023

Despite the absence of legal role models, Chris Zona’s ambition as a trial attorney persisted. Immersed in civil and commercial law from an early age, Chris remained resolute. As a Senior Special Prosecutor, he broadened his horizons, delving into civil and commercial law. Join Chris in this exclusive feature, tracing his trajectory from law school to his adept handling of diverse cases, from serious felonies to complex white-collar offenses and healthcare law.

Navigating Back-to-School Safety: Preventing the Most Common Injuries

August 13, 2023

As the school season kicks into gear, safety should be at the forefront of everyone’s minds. At Mandelbaum Barrett PC, we are committed to ensuring your children have a safe and joyful academic year. While schools are expected to provide a secure learning environment, the reality is that unintentional injuries can occur on school grounds, around buses, and even in the neighborhood. It’s a collective responsibility of parents, students, school staff, and the community to take proactive measures to safeguard our children.

Navigating the Shifting Terrain of Subchapter V: Vincent J. Roldan Sheds Light on Conflicting Court Rulings in the ABI Law Journal

June 26, 2023

Discover the latest in the still-evolving landscape of Subchapter V. This insightful article, published in the American Bankruptcy Institute Law Journal, examines the application of nondischargeability provisions to corporate debtors. Written by Vincent J. Roldan, a Partner in Mandelbaum Barrett PC’s Bankruptcy and Creditors Rights, and Banking and Financial Services groups, this piece sheds light on conflicting court […]

Insights from William Barrett: New York County Dental Society Article Explores Cybersecurity Risks in Dental Practices

June 22, 2023

Dental health professionals handle a vast amount of sensitive patient data, ranging from personal information to medical records. To protect themselves and their patients, it’s important for them to understand cybersecurity risks and take appropriate measures. Staying aware of the latest threats and trends is crucial for adequate protection. Learn about some of the ways […]

Professional Liability Insurance for Dentist Owners: Types of Coverage Recommended

March 23, 2023

As a dentist owner of a practice, your top priority is to provide quality dental care to your patients. However, despite your best efforts, malpractice lawsuits can still occur. Therefore, it is crucial to have professional liability insurance to protect yourself, your practice, and your employees from the financial burden of a lawsuit. In this […]

Filial Responsibility: Requiring Adult Children to Pay for Aging Parents’ Care

July 6, 2022

Did you know that in many states you could be responsible for your parents’ unpaid medical bills? In fact, more than half of all states currently have laws making adult children financially responsible for their parents, including their parents’ long-term care costs. However, these laws are rarely enforced. Notably, New Jersey does not have filial […]

Top 5 Tips for Commercial Real Estate Brokers for Achieving Better Exclusive Listing Agreements

July 5, 2022

Any Exclusive Listing Agreement should cover both a sale and a lease. Deals change and you want to be protected for either scenario. The Exclusive Listing Agreement must have a definitive end date and cannot contain automatic renewals. As to payment of the commission on a sale, include language that the commission will be paid […]

The Tax Consequences of Selling a House After the Death of a Spouse

July 5, 2022

If your spouse dies, you may have to decide whether or when to sell your house. There are some tax considerations that go into that decision.  The biggest concern when selling property is capital gains taxes.  A capital gain is the difference between the “basis” in property and its selling price. The basis is usually […]

WHAT IS THE AMERICAN ACADEMY OF MATRIMONIAL LAWYERS AND WHY SHOULD YOU HIRE ONE OF THEIR FELLOWS?

July 5, 2022

AAML is a national organization with chapters in most states.  There are approximately 1,650 Fellows in the United States and 52 Fellows in New Jersey.  Our Family Law Co-Chair Lynne Strober is proud to be one of those Fellows. The AAML is dedicated to providing and promoting the highest degree of professionalism and excellence in […]

Spring 2022 Vet Law Newsletter

March 24, 2022

Momentum: Our Year in Review

March 24, 2022


Why do companies need a Cybersecurity attorney?

As companies become more reliant on technology, the need for effective cybersecurity measures is greater than ever before. One critical component of any comprehensive cybersecurity strategy is the role of cybersecurity attorneys. Check out our latest blog to find out more.