Jason’s practice focuses on information security, risk management, product counseling, technology, and data security and privacy compliance. He regularly advises companies ranging from startups to Fortune 100 companies during privileged security incident investigations; provides ongoing advice on the development of cybersecurity programs and cybersecurity governance structures; advises on vulnerability management and disclosure; conducts tabletop exercises of incident response plans; advises on cyber risk in connection with transactional due diligence and new product designs; designs vendor risk management programs; devises complex cybersecurity schedules in connection with outsourcing agreements; advises on de-identification; and conducts training on cybersecurity for audiences ranging from IT operations personnel to senior management. He is well-versed in numerous data security and privacy laws and regulations, including GLBA, HIPAA, the GDPR, NERC CIP, and the New York Department of Financial Services’ cybersecurity regulations, and is also highly familiar with a multitude of NIST and ISO standards, among others.
Jason holds a B.A. from Haverford College and a J.D. from William & Mary and is a three time Super Lawyers Rising Star.
On May 7, 2019, Governor Jay Inslee signed a bill (HB 1071) that strengthens the state’s existing data breach notification law by expanding the definition of “personal information” and reducing ...Read More
The Department of Health and Human Services (“HHS”) recently issued a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties (“CMPs”) in which it lowered the maximum annual fines ...Read More
- This Old Reg: FTC Proposes Major Updates to the Safeguards Rule
- Is Your Token a Security? The SEC Wants to Help You Figure That Out.
- Ready for It? Canada’s Data Breach Record Keeping Requirements
- Ohio Provides Breach Litigation Safe Harbor to Businesses
- Canada’s Breach Notification Requirements to Go Into Effect
- At Last, My Alabama Breach Notice Has Come Along
- Risky Business: Five Considerations for Security in Vendor Contracting