Jason Wool’s practice focuses on cybersecurity, including cyber risk management, incident response, and compliance with global data protection laws, regulations, and standards, including the PCI-DSS. He has advised organizations ranging from small businesses to Fortune 500 companies during complex, privileged computer crime investigations; provided ongoing advice on the development of cybersecurity programs and cybersecurity governance structures; conducted tabletop exercises and other data breach simulations; assisted clients with large scale audits to determine compliance with complex cybersecurity standards; advised on cyber risk in connection with transactional due diligence; devised complex cybersecurity schedules in connection with outsourcing agreements and conducted training on cybersecurity for audiences ranging from IT operations personnel to boards of directors. He also actively monitors cybersecurity-related legislative and regulatory developments (including participating in all six National Institute of Standards and Technology (NIST) workshops on the development of the Cybersecurity Framework) in order to provide advice on potential impacts.
Jason holds a B.A. from Haverford College and a J.D. from William & Mary. He is certified as a CIPP/US and CIPP/E.
Nearly three years after adding a mandatory data breach notification provision to its federal privacy law, Canada has taken steps that will effectuate the dormant requirement. The Governor General in Council, on the recommendation of ...Read More
Alabama became the 50th and final state to enact data breach notification legislation when Governor Kay Ivey signed into law the Alabama Data Breach Notification Act of 2018. Alabama’s law comes on the ...Read More
- Risky Business: Five Considerations for Security in Vendor Contracting
- What Will Be Tech’s Hot Topics in 2018 and Beyond? Our Predictions
- T Minus 72 Hours – Managing Breach Notification Under the GDPR
- GDPR & Data Breach: Takeaways from the WP29 Guidance
- S3 Buckets: Not so Simple?
- Podcast: Data Do, Data Don’t
- Not a Bank or Insurer? The NY Department of Financial Services Cyber Regulations Could Still Apply to You
- Setting Up Segregated Accounts for Your Fantasy Sports Company: A Beginner’s Guide