Jason’s practice focuses on information security, risk management, product counseling, technology, and data security and privacy compliance. He regularly advises companies ranging from startups to Fortune 100 companies during privileged security incident investigations; provides ongoing advice on the development of cybersecurity programs and cybersecurity governance structures; advises on vulnerability management and disclosure; conducts tabletop exercises of incident response plans; advises on cyber risk in connection with transactional due diligence and new product designs; designs vendor risk management programs; devises complex cybersecurity schedules in connection with outsourcing agreements; advises on de-identification; and conducts training on cybersecurity for audiences ranging from IT operations personnel to senior management. He is well-versed in numerous data security and privacy laws and regulations, including GLBA, HIPAA, the GDPR, NERC CIP, and the New York Department of Financial Services’ cybersecurity regulations, and is also highly familiar with a multitude of NIST and ISO standards, among others.
Jason holds a B.A. from Haverford College and a J.D. from William & Mary and is a three time Super Lawyers Rising Star.
The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has released a new report, entitled Cybersecurity and Resiliency Observations, which stands as their most detailed and comprehensive information security guidance ...Read More
On May 7, 2019, Governor Jay Inslee signed a bill (HB 1071) that strengthens the state’s existing data breach notification law by expanding the definition of “personal information” and reducing ...Read More
- HHS Announces Reduced Annual Limits on Civil Money Penalties for Most HIPAA Violations
- This Old Reg: FTC Proposes Major Updates to the Safeguards Rule
- Is Your Token a Security? The SEC Wants to Help You Figure That Out.
- Ready for It? Canada’s Data Breach Record Keeping Requirements
- Ohio Provides Breach Litigation Safe Harbor to Businesses
- Canada’s Breach Notification Requirements to Go Into Effect
- At Last, My Alabama Breach Notice Has Come Along