Our Privacy & Cyber Security Practice Group Contacts

Mark Perelman, Senior Shareholder

Direct: 415.962.2841

Anjali Kulkarni, Associate *

Direct: 415.962.2820

Angela S. Rho, Associate

Direct: 415.962.2827

* CIPP/US Certified

Articles and Presentations

  • Data & Cyber Security for Lawyers, Presented by Simone McCormick, Director at MPBF, Winston Krone, Managing Director of Kivu Consulting, and Sylvia Johnson, Senior Director, Financial Services Compliance at, Bar Association of San Francisco, July 2016
  • Managed Cyber Risks in Healthcare: How to Prepare for and Respond to a Data Breach, Guy Carpenter Medical Liability Network, April 2015
  • 2015 The Year of the Law Firm Hack: Why Preserving Privacy and Data Security is Critical for Law Firms with Winston Krone of Kivu Consulting and Lara Forde of ePlace Solutions, Inc., March 2015
  • Interview: Steps Law Firms Should Take to Protect Private Client Data by Mari Frank on the Privacy Piracy Radio Show, a public affairs radio program from the University of California, Irvine, February 2015
  • Law firms must take steps to protect private client data, Daily Journal, Nov. 27, 2014

If interested in a customized Presentation or Article, please contact our Privacy & Cyber Security team.

Privacy & Cyber Security

Data Incident Analysis / Breach Coaching / Data & Information Privacy and Security

Businesses face increasingly sophisticated cyber threats and aggressive regulatory enforcement. Oftentimes companies of all sizes and types are impacted by cyber threats and data breaches. Unfortunately, with today's sophisticated hackers, it is not a matter of if a company will experience a data breach, but when. We are here to help.

Our team has extensive experience in helping you understand those threats, mitigate those risks, and respond and recover from data privacy and security incidents. We have developed expertise in the field of information privacy and security stemming from many years of experience representing directors, officers, businesses and companies in employment matters and matters involving intellectual property. We have helped clients in a variety of industries, including healthcare, financial services, professional services, insurance, hospitality, and small retailers. Our familiarity with those specific industry's systems and policies allow our team to efficiently and effectively assist your company with any data incidents that may occur.

Additionally, our team is able to help you with preventative measures by working with you to develop a privacy policy for your organization. Even after a breach has occurred, we can help you implement an incident response plan, guide you through the immediate forensic investigations, and coordinate initial crisis management including the many legal notification requirements, data governance standards, regulatory compliance issues and contractual obligations. When litigation follows a data security incident, we will defend you from beginning to end.

Representative Matters

  • Certified Public Accountants. When there is a breach involving client financial information as a result of malware or hacking, we work with the CPA Firm to do a forensic investigation, update their security protocols, determine the source and extent of the breach, notify clients and the appropriate state agencies, as well as the IRS.
  • Healthcare Providers. When personal health information (PHI) is compromised, we work with the healthcare provider to distribute appropriate state and HIPAA compliant notifications. We also work with healthcare providers to prepare for OCR audits by DHHS.
  • Hospitality. When a restaurant experiences a POS system breach, or other data incidents, we work with them to update their security protocols by performing forensic investigations to determine the scope and origin of the incident and, if notification is necessary, provide notification in compliance with state and federal law.

Highlights and Services Provided


  • Privacy and Cyber Security Counseling Advice
  • Compliance and Risk Management Services
  • PCI DDS Requirement Guidance for Retailers
  • POS Security for Hospitality Providers
  • Data Disclosures
  • Risk Assessments and Best Practices Advice
  • Development of Incident Response Plans
  • Development and Conducting of Training Programs for Employees
  • Preparation of Employee Contracts and Subcontractor Agreements Including Security Provisions

Investigations and Regulatory

  • Security Breach Investigations
  • Data Response and Crisis Management, including:
    • Federal and State Legal Notification Requirements
    • Data Governance Standards
    • Regulatory Compliance Issues
  • Guidance through Forensic Investigations
  • Respond to Regulatory Inquires and Investigations by:
    • The Federal Trade Commission (FTC)
    • Department of Health and Human Services Office of Civil Rights (DHHS OCR)
    • Federal Communications Commission (FCC)
    • Internal Revenue Service (IRS)
    • State Attorney Generals
    • Financial Regulators
    • Individuals

Attorneys | Practice | About | News | Careers | Contact | Search | Disclaimer