Cybersecurity and Data Privacy

Kaplan Hecker & Fink lawyers have extensive experience helping corporations and corporate executives navigate complex challenges involving cybersecurity, data privacy, and related regulatory compliance. We advise our clients on compliance with swiftly evolving domestic and cross-border laws and regulations, conduct internal investigations and help refine our clients’ policies and procedures, and guide our clients through government investigations conducted by federal and state prosecutors and by a range of regulatory agencies.

We know that rapid advances in technology represent tremendous opportunities for our clients, but also carry significant risk. Data protection is paramount for companies, as they navigate through complex regulatory environments and best practice expectations that vary according to industry and geography. From privacy audits; to breach mitigation; to compliance with the GDPR, CCPA, or any number of domestic or international data security and privacy regimes; our clients depend on our broad subject matter expertise to manage known and emerging risk and protect critical business interests.

Marshall Miller is a widely-recognized expert on cybersecurity, data privacy, and regulatory compliance, and has published numerous articles on related topics. During his tenure as Principal Deputy Assistant Attorney General & Chief of Staff at the U.S. Department of Justice and as Chief of the Criminal Division in the Eastern District of New York, Marshall oversaw some of the country’s most high-profile cybersecurity prosecutions. He supervised the Department of Justice’s flagship cybercrime unit, the Computer Crime & Intellectual Property Section, overseeing the launch of its Cybersecurity Unit. At the U.S. Attorney’s Office, Marshall spearheaded the formation of the Office’s National Security & Cybercrime Section.

Prior to joining Kaplan Hecker, some of our lawyers’ representative cybersecurity and data privacy matters included:

  • Representing an international corporate client in responding to a far-reaching cyber intrusion, including breach notification requirements, public disclosure responsibilities, interactions with law enforcement and regulatory agencies, and technical and legal remediation actions. 
  • Representing a Fortune 200 company in responding to a data breach, including incident investigation and breach notification to affected individuals, regulators, and law enforcement agencies.
  • Representing a corporate client in responding to a significant business email compromise incident, including incident investigation and reporting and responding to law enforcement and industry regulator.
  • Advising multiple multinational companies regarding the drafting and implementation of cyber incident response plans.
  • Advising a Fortune 100 company regarding response to a ransomware incident, including legal and regulatory requirements, notification and disclosure responsibilities, and strategic considerations.
  • Advising boards of directors on data security and privacy risks and execution of risk mitigation oversight responsibilities.
  • Advising a Fortune 100 company regarding the drafting and implementation of a vulnerability disclosure policy.
  • Presenting to industry Information Sharing and Analysis Centers (ISAC) regarding legal, policy, and practical issues associated with vulnerability disclosure policies.
  • Providing cybersecurity and data privacy due diligence services to companies engaging in M&A transactions.

Lawyers who specialize in this Practice Area

Marshall L. Miller, Partner
Michael Ferrara, Counsel