back to top

Privacy and Cybersecurity

Privacy and Cybersecurity

Share

Cybersecurity and privacy risks, and liability exposure continue to rise. The risks have heightened for any organization that touches personal, hospital and healthcare, financial, human resources, trade secret, and other sensitive information in the course of domestic and international business operations.

Companies of all sizes, and in every industry and market vertical, face an increasingly toxic brew of cyber-threats, financial loss, and legal liability from employees, clients, shareholders, federal, state, and international regulators, as well as consumers of goods and services. The cyber-threat arena now includes:

  • Ransomware
  • Data breaches
  • Business Email Compromise
  • Phishing
  • Trade Secret Misappropriation
  • Wire and payment fraud
  • Connected (aka "Smart" device) compromise (medical, supply chain, industrial, and consumer)
  • Identity Compromise
  • Smart Product liability

State and local governments are also at increased risk from cyber-threats and should take appropriate steps to investigate, assess, and then mitigate risks from ransomware and other cyber-attacks. The objectives for these attacks can be focused on:

  • Ransomware - Extortion for payment by locking out (encrypting) municipality data
  • Dispuption of vital services (traffic, power, law enforcement, and waste management)
  • Election data interference

The legal and regulatory environment surrounding involving data breaches, and failures to prepare for those and other cyberthreats is also expanding:

  • All 50 states now require some form of breach notification. Some states require only an intrusion (and not an outflow) of Personally Identifiable Information (PII) to trigger notification.
  • California’s Consumer Privacy Act of 2018 imposes new online disclosure requirements and grants consumers new opt-out rights
  • General Data Protection Regulation – covering sensitive data of residents of the European Economic Area, but has world-wide application and significant monetary penalties
  • Securities and Exchange Commission –
    • Increased its cybersecurity oversight and investigatory role for public companies, including issuing a Section 21(a) report indicating that companies that fail to have adequate internal controls (which include assessing and addressing cyber-security threats) may be in violation of Section 13(b)(2)(B)
    • Increased vigilance in enforcing the Safeguards Rule and the Identity Theft Red Flags Rule, both of which generally requires broker-dealers to adopt written policies and procedures “that address administrative, technical and physical safeguards for the protection of customer records and information,” and the Identity Theft Red Flags Rule.

  • Shareholder Litigation – for violations of management fiduciary duty
  • Federal Trade Commission investigations and penalties
  • Department of Health and Human Services Office of Civil Rights (for HIPAA violation investigations) investigations and penalties
  • Federal Food and Drug Administration (for connected medical devices)
  • Banking - New York State enacted 23 NYCRR 500 in 2017, which generally requires covered entities regulated by the state’s Department of Financial Services to comply with enhanced cybersecurity requirements, including risk assessment, adequate cybersecurity funding, policy development and reporting. Covered entities include licensed lenders, state-chartered banks, trust companies, service contract providers, private bankers, mortgage companies, insurance companies doing business in New York, and non-U.S. banks licensed to operate in New York. 

Addressing cyber-threats must be every company’s new normal. Each client’s cyber-security needs differ, and while our cyber-security and privacy practice services are comprehensive, we endeavor to tailor them to your needs – keeping in mind a minimum-security baseline, as well as budgeting for immediate, intermediate, and long-term objectives.

Among the services we offer are the following:

  • Risk assessment and investigation
  • Internal Policy development (cybersecurity, incident response, incident investigation and remediation, etc.)
  • Drafting policies, disclosures, and procedures that govern the collection, use, storage, and sharing of sensitive data and use of technology
  • Drafting and implementing privacy and security compliance plans around state, national, and international laws and standards
  • Reviewing, revising, and preparing contracts and releases with third-parties to ensure compliance and limit liability
  • Assisting our clients during transactions with privacy due diligence and protective deal mechanisms
  • Advising clients on cyber-insurance policies and other applicable insurance policies
  • Advising clients on digital advertising and marketing, virtual currencies, and social media
  • Handling data breaches and privacy complaints
  • Representing clients during privacy-related matters before federal and state courts, administrative agencies, and professional boards
  • Responding to subpoenas and law enforcement inquiries as well as privacy torts / class actions
  • Managing eDiscovery and data governance

Our goal is simple: to help our clients reduce their cyber, privacy, and data liability risks. We accomplish this through education and implementing a variety of risk-transfer mechanisms focused on each client’s unique needs. These mechanisms include training, risk assessments, policy creation, contracts, or insurance. While no level of cybersecurity prevention can completely eliminate the risk cyber-risk, the firm’s holistic and pragmatic approach can help reduce the likelihood of occurrence, and in conjunction with cyberforensic experts, help mitigate the legal, liability, and other consequences arising out of a cyber-security incident.

Check out Chair Steven Teppler's Litigation Intellegience Cyber Security Blog.

September 13, 2019Steven Teppler to Speak at the 2019 ACC Annual Meeting on Cybersecurity

Steven Teppler, Chair of Mandelbaum Salsburg's Privacy and Cybersecurity Practice Group will be speaking at the 2019 Association of Corporate Counsel's Annual Meeting on cybersecurity vulnerabilities and liability. Read more here: https://l.feathr.co/2019-annual-meeting-speakers-steven-teppler...

Read More

August 30, 2019Steven Teppler Quoted in "Google, Medical Center Ask Court to Dismiss Privacy Lawsuit"

Steven Teppler was quoted in a recent HealthcareInfoSecurity.com article on "Google, Medical Center Ask Court to Dismiss Privacy Lawsuit." Read more here....

Read More

June 4, 2019Steven Teppler Comments on Gov Info Security Article on $74M Settlement of Premera Breach Lawsuit

Chair of Mandelbaum Salsburg's Privacy and Cybersecurity Practice Group Steven Teppler commented on an article for Gov Info Security on "$74 Million Settlement of Premera Breach Lawsuits Proposed." Read the full article here....

Read More

May 17, 2019Steven Teppler Spoke at Sonatype's DevSecOps Conference on Supply Chain Cybersecurity

Steven Teppler, Chair of Mandelbaum Salsburg's Privacy and Cybersecurity Practice Group spoke at Sonatype's DevSecOps Conference last week in New York City on supply chain cybersecurity. Learn more about our practice and the importance of protecting critical information and data for both your business and clients here....

Read More

May 13, 2019Steven Teppler Quoted in Healthcare Info Security on 'Anthem Cyberattack Provides Defense Lessons'

Steven Teppler, Chair of Mandelbaum Salsburg's Privacy and Cybersecurity Practice Group lends his expertise in a recent Healthcare Info Security article, 'Anthem Cyberattack Indictment Provides Defense Lessons.' Read the article here....

Read More

April 23, 2019Steven Teppler Quoted in Bank Info Security on What Led to a $4.7M Breach Lawsuit

Steven Teppler, Chair of Mandelbaum Salsburg's Privacy and Cybersecurity Practice Group was quoted in an article for Bank Info Security on "What Led to a $4.7 Million Breach Lawsuit Settlement?" Click here to read the full article....

Read More

April 3, 2019Steven Teppler Quoted in Healthcare Info Security on a Medical Practice Closing In Wake of a Ransomware Attack

Chair of Mandelbaum Salsburg's Privacy and Cybersecurity Practice Group Steven Teppler was quoted in an article for Healthcare Info Security about a medical practice closing in the wake of a ransomware attack. Click here to read the full story....

Read More

March 29, 2019Steven Teppler Featured on Healthcare Info Security Podcast on the $7.5M UCLA Health Data Breach

Steven Teppler, Chair of Mandelbaum Salsburg's Privacy and Cybersecurity Practice Group was featured on a Healthcare Info Security Podcast on "Analyzing the $7.5 Million UCLA Health Data Breach Settlement."...

Read More

March 6, 2019Steven Teppler Spoke at the RSA Conference 2019 in San Francisco

Steven Teppler, Chair of Mandelbaum Salsburg's Privacy and Cybersecurity Practice Group spoke at the RSA Conference 2019 in San Francisco yesterday. This is one of the largest cyber security conferences in the world with over 50,000 attendees. His session was entitled "Blockchain Anchored Swap Meet: A Mock Trial" and along with an expert panel that included a security architect, CTO, and Chief United States Magistrate Judge, he helped attendees explore whether a recording using a voiceprint for an electronic signature can be a legal writing, if voice prints are robust enough to resist forgery and if blockchain can provide fine enough granularity to be a trusted timestamp service.To learn more about this conference, visit www.rsaconference.com....

Read More

25 FebSteven Teppler is a Special Guest on Security Profiles Episode 1 - Where Legal Meets Security

Check out Craig Sandman of Symbol Security and Steven Teppler, Chair of Mandelbaum Salsburg's Privacy & Cyber Security Practice's Podcast, "Where Legal Meets Security."...

Read More

February 19, 2019Steven Teppler Featured On The Kim Komando Show About The Non-Consensual Use Of People's Information

Steven Teppler, Member and Chair of Mandelbaum Salsburg's Privacy & Cybersecurity Practice talks on a recent episode of the The Kim Komando Show about the non-consensual use of people's information. Learn about privacy and data protection in the age of the "internet of things." Click here to listen....

Read More

January 31, 2019Steven Teppler Comments on New Jersey Business Special Feature on Dealing with a Data Breach

Chair of Mandelbaum Salsburg's Privacy and Cybersecurity Practice Group Steven Teppler provides insight in a New Jersey Business Special Feature on Dealing with a Data Breach. Click here to read more....

Read More

January 9, 2019Steven Teppler Quoted in Healthcare Info Security of GDPR and HIPAA Compliance

Chair of Mandelbaum Salsburg's Privacy and Cybersecurity Practice Group, Steven Teppler was quoted in an article for Healthcare Info Security entitled "Is GDPR Compliance Tougher Than HIPAA Compliance?" Click here to read the full article....

Read More

September 14, 2018Steven Teppler Speaking at the ISG Future Networks Summit

Steven Teppler, Chair of Mandelbaum Salsburg's Privacy and Cybersecurity Practice will be speaking at the ISG Future Networks Summit on September 24th and 25th in Chicago! He is speaking as part of a panel on "The Future of Network Automation and the Reality of Blockchain." Learn more about this exciting event here....

Read More

September 10, 2018Steven Teppler's Latest Podcast on "How Well Can The Government Protect Your Online Privacy"

Check out Privacy and Cybersecurity Chair Steven Teppler's latest Podcast on The Kim Komando Show. In this episode, Steven talks with retired FBI special agent, Lawrence Wolfenden, now with the Sylint Group, about "How well can the government protect your online privacy."...

Read More

August 6, 2018Steven Teppler Featured on The Kim Komando Show About The "Internet of Things"

Check out Privacy and Cybersecurity Chair Steven Teppler's latest Podcast on the The Kim Komando Show. In this episode, Steven talks with Craig Zeigler of the Sylint Group about the "Internet of Things" and what happens when smart devices fail. Learn how to prevent problems and the legal recourse available if you suffer injury or property damage from connected devices....

Read More

July 19, 2018Steven Teppler Hosts Latest Cybersecurity Practice Podcast "Cyberlaw Now"

Steven Teppler, Chair of Mandelbaum Salsburg's Privacy and Cybersecurity Practice Group's latest podcast "Cyberlaw Now" is live! In Part 1 of this 2 Part series, he talks with Jake Simpson, a Dark web expert with Sylint Group in Sarasota, Florida. Listen to this episode to learn about the dark web and its dangers....

Read More

July 13, 2018Steven Teppler Featured on The Kim Komado Show's Cyber Law Now Podcast

Check out our Privacy and Cybersecurity Chair Steven Teppler on the The Kim Komando Show's Cyber Law Now Podcast! Learn about the steps you can take to protect yourself when you "Bring Your Own Device" or "BYOD" for work. Your personal phone can be used in a forensic investigation!...

Read More

July 13, 2018Steven Teppler's Latest "Cyber Law Now" Podcast on "Bring Your Own Device"

Check out our #Privacy and #Cybersecurity Chair Steven Teppler on the Kim Komando Cyber Law Now Podcast! Learn about the steps you can take to protect yourself when you "Bring Your Own Device" or "BYOD" for work. Your personal phone can be used in a forensic investigation!...

Read More

July 6, 2018Cybersecurity Alert: Class Action Liability Risks for Violations of ADA and New York Human Rights Laws

Check out our latest Cybersecurity Law Alert published by Steven Teppler and Lauren X. Topelsohn on ADA Compliance for websites and the recent uptick in class action lawsuits for violations of ADA and New York Human Rights Law in light of the Federal Government's Web Content Accessibility Guidelines....

Read More

June 28, 2018Steven Teppler Joins as Of Counsel and Chair of the Privacy and Cybersecurity Practice Group

We are excited to welcome Steven Teppler who has joined the Firm as Of Counsel and Chair of our Privacy and Cybersecurity Practice Group. He has been involved in cybersecurity and electronic discovery matters since 2000. Working closely with cybersecurity technology experts, his advisory activities include privacy and security evaluations and assessments. He has been involved with numerous consumer fraud related class litigation matters and is the Co-Chair of the American Bar Association's Information Security Committee....

Read More

June 26, 2018Cybersecurity Alert: Brand Name Spoofing Still a Popular Phishing Tactic

Check out our latest Cybersecurity Alert about Brand Name Spoofing, a popular phishing tactic that can put you and your company at risk. The Firm's Privacy & Cybersecurity Practice led by Of Counsel Steven Teppler, who co-authored the Alert with Member Lauren X. Topelsohn, helps business owners to prevent and mitigate damages from cyber attacks....

Read More

13 Feb2017 Mandelbaum Salsburg Year in Review

We are pleased to share our 2017 Year in Review which highlights some of the Firm's notable successes during the last year. We are thankful to our clients who have allowed us to continue doing what we love. We continue to expand our practice areas and bench to reflect our clients needs....

Read More

11 DecLynne Strober, Khizar Sheikh and Jennifer Presti Author Article on Using Social Media in Family Law Cases for Family Lawyer Magazine

Members Lynne Strober and Khizar Sheikh, along with Associate Jennifer Presti, authored a two-part series on the Use of Social Media in Family Law cases....

Read More

16 AugKhizar Sheikh to Speak at CLE Seminar on "Protecting Your Business and the Information it Collects"

Mandelbaum Salsburg's Privacy & Cybersecurity Practice Group Chair Khizar Sheikh is honored to be speaking at a CLE Seminar presented by First American Title Insurance Company & Two Rivers Title Company, LLC on Tuesday, October 17th! The program, entitled "Protecting Your Business and the Information it Collects," is pending approval for 2 NJ CLE Credits!...

Read More

31 JulPrivacy & Cybersecurity Chair Khizar Sheikh to speak at "Do You Have a Roadmap for EU GDPR Compliance?" Webinar August 17th!

Do You Have a Roadmap for EU GDPR Compliance? The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union. Want to learn more and make sure you are prepared? Our Privacy & Cybersecurity Chair Khizar A. Sheikh will join @Ulf Mattsson, @David Morris and @Ian West for an Atlantic Business Technologies' webinar on August 17 at 5:00 p.m.! To learn more, click here....

Read More

27 MayKhizar Sheikh Interviewed on WNBC Radio on WannaCry Ransomware Attack

Khizar Sheikh, Chair of the Firm's Privacy & Cybersecurity practice, was recently interviewed on WNBC Radio about the worldwide ransomware attack known as "WannaCry". Click here to listen to Khizar's advice on what companies should do to protect their data. https://lnkd.in/dfXKaqZ...

Read More

25 MayPrivacy & Cyber Chair Sheikh to speak at SECON 2017

On May 25, Privacy & Cyber Chair Khizar A. Sheikh will be moderating the CISO panel at SECON 2017, which will offer insight from the Chief Information Security Officers from Johnson & Johnson, Horizon Blue Cross Blue Shield of New Jersey, and Realogy Holdings. Join...

Read More

5 AprKhizar Sheikh Course Planner for Pennsylvania Bar CLE Course on Cybersecurity

Khizar Sheikh is a course planner for the Pennsylvania Bar Association's upcoming 4 credit CLE on "Current Developments in Privacy and Cybersecurity." The program will take place in Philadelphia, PA on June 27th and Pittsburgh, PA on Thursday, July 13th! The program will also be...

Read More

27 FebLauren X. Toplesohn Featured in NJBiz Triple Play About Protecting Company Information

Lauren X. Toplesohn, a Member in the Firm's Employment & Labor and Cybersecurity Practice Groups recently authored an NJ Biz Triple Play feature that discussed ways to help employers protect their company information. The article, which ran on February 26 and 27th in NJ Biz, can...

Read More

22 AprMember Khizar Sheikh to Present at NJPSMG Event on April 22, 2016

Khizar Sheikh, Chair of Privacy and Cybersecurity, will present at the next NJPSMG Event: Protecting Your Digital Marketing Efforts on Friday, April 22, 2016 from 12:00 PM - 1:30 PM at the offices of Mandelbaum Salsburg. Join Mr. Sheikh as he walks you through a...

Read More

9 MarMember Khizar A. Sheikh Appointed as a Member of InfraGard in February 2016

Khizar A. Sheikh, Chair of our Privacy and Cybersecurity Law Group, was appointed as a Member of InfraGard in February of 2016. InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state...

Read More

3 MarMember Khizar A. Sheikh Participates in Drone Law Roundtable

Khizar A. Sheikh, Chair of our Cyber-Security Practice area, participated in a roundtable on “New Practice Areas - Drone Law” in the January 2016 issue of Law Practice Today, an electronic publication from the ABA, Law Practice Division, available here...

Read More

2 JanTraveling a Long Road with Tumi

Tumi, Inc., the worldwide premiere brand of high-end luxury luggage, leather goods, bags and business accessories, continues to be one of Mandelbaum Salsburg’s most well-known clients. Tumi has engaged the firm as outside counsel for more than 20 years, under the direction of relationship manager...

Read More

To receive current news and events concerning our Privacy and Cybersecurity Practice Group, please provide your contact information.