Jason’s practice focuses on information security, risk management, product counseling, technology, and data security and privacy compliance. He regularly advises companies ranging from startups to Fortune 100 companies during privileged security incident investigations; provides ongoing advice on the development of cybersecurity programs and cybersecurity governance structures; advises on vulnerability management and disclosure; conducts tabletop exercises of incident response plans; advises on cyber risk in connection with transactional due diligence and new product designs; designs vendor risk management programs; devises complex cybersecurity schedules in connection with outsourcing agreements; advises on de-identification; and conducts training on cybersecurity for audiences ranging from IT operations personnel to senior management. He is well-versed in numerous data security and privacy laws and regulations, including GLBA, HIPAA, the GDPR, NERC CIP, and the New York Department of Financial Services’ cybersecurity regulations, and is also highly familiar with a multitude of NIST and ISO standards, among others.
Jason holds a B.A. from Haverford College and a J.D. from William & Mary and is a three time Super Lawyers Rising Star.
On June 17, 2020, in a 28-page report released on the topic of online platform liability, the U.S. Department of Justice proposed four material modifications of Section 230 of the CDA: Narrowing Section ...Read More
The Federal Trade Commission (“FTC”) recently gave final approval to a settlement with the Canadian smart locks company Tapplock, Inc. over alleged deceptive practices in the data security context. Tapplock offers ...Read More
- SEC Releases InfoSec “Roadmap” for GLBA Entities
- Washington Strengthens Breach Notification Law
- HHS Announces Reduced Annual Limits on Civil Money Penalties for Most HIPAA Violations
- This Old Reg: FTC Proposes Major Updates to the Safeguards Rule
- Is Your Token a Security? The SEC Wants to Help You Figure That Out.
- Ready for It? Canada’s Data Breach Record Keeping Requirements
- Ohio Provides Breach Litigation Safe Harbor to Businesses