Our Privacy & Cyber Security Practice Group Contacts

Mark Perelman, Senior Shareholder

Direct: 415.962.2841

Anjali Kulkarni, Associate *

Direct: 415.962.2820

Angela S. Rho, Associate

Direct: 415.962.2827

Allen Kuo, Associate

Direct: 415.651.2883

* CIPP/US Certified

Articles and Presentations

  • Data & Cyber Security for Lawyers, Presented by Simone McCormick, Director at MPBF, Winston Krone, Managing Director of Kivu Consulting, and Sylvia Johnson, Senior Director, Financial Services Compliance at, Bar Association of San Francisco, July 2016
  • Managed Cyber Risks in Healthcare: How to Prepare for and Respond to a Data Breach, Guy Carpenter Medical Liability Network, April 2015
  • 2015 The Year of the Law Firm Hack: Why Preserving Privacy and Data Security is Critical for Law Firms with Winston Krone of Kivu Consulting and Lara Forde of ePlace Solutions, Inc., March 2015
  • Interview: Steps Law Firms Should Take to Protect Private Client Data by Mari Frank on the Privacy Piracy Radio Show, a public affairs radio program from the University of California, Irvine, February 2015
  • Law firms must take steps to protect private client data, Daily Journal, Nov. 27, 2014

If interested in a customized Presentation or Article, please contact our Privacy & Cyber Security team.

Privacy & Cyber Security

Data Incident Analysis / Breach Coaching / Data/Information Privacy and Security

Businesses face increasingly sophisticated cyber threats and aggressive regulatory enforcement finding that hackers do not discriminate against their victims–no company is too small or too big to target. We can help you understand those threats, mitigate those risks, and respond to the unthinkable. We have helped our clients in nearly one hundred privacy data breach incidents and investigations, representing clients in variety of industries, including: health care, financial services, professional services, and insurance and the capacity to represent other industries such as hospitality and small retailers. We can help you develop a privacy policy for your organization, guide you through immediate forensics investigations, and coordinate initial crisis management including the maze of legal notification requirements, data governance standards, regulatory compliance issues, and contractual obligations. When litigation follows a data security incident, we will defend you from beginning to end.

Highlights and Services Provided


Compliance and risk management services, including prophylactic counsel; internal privacy and security program creation; policy development; program audits; and other services as needed.

  • Guidance on information management practices to help ensure ongoing compliance with the wide variety of federal and state regulatory regimens governing how confidential, personal information, and private financial records must be protected against inappropriate disclosures.
    • Assess technical, administrative and physical security risk
    • Prioritize and address risks identified
    • Review and/or develop comprehensive and compliant policies and procedures
    • Develop incident response plans
    • Develop training programs and conduct trainings for Boards and employees
    • Prepare employee contracts including security provisions
    • Review subcontractor agreements (Business Associate Agreements) to improve the organization’s position with regard to data that is shared with these partners

Investigations and Regulatory

We routinely respond to regulatory inquiries and investigations.  Specifically, we handle:

  • Security breach investigations and related incident response and crisis management
    • Manage the crisis of a cyber event
    • Guide clients through immediate forensics investigations
    • Coordinate initial crisis management, including:
      • Federal and state legal notification requirements
      • Data governance standards
      • Regulatory compliance issues including media notice
      • Contractual obligations
  • Defend actions, inquiries, and investigations by the Federal Trade Commission, Department of Health and Human Services, Office of Civil Rights, Federal Communications Commission, state Attorneys General, financial regulators, and individuals.


Finally, when necessary following investigations, we vociferously defend against all litigation.

Attorneys | Practice | About | News | Careers | Contact | Search | Disclaimer