Marci Rozen counsels companies on a wide variety of issues involving cybersecurity and privacy. She has extensive experience in cybersecurity preparedness counseling, including policy development, risk assessment, and compliance with laws, regulations, and standards (including the Massachusetts Standards for Protection of Personal Information, Gramm-Leach-Bliley, PCI-DSS, the NIST Cybersecurity Framework, and ISO 27001). She also advises on security issues in contracting, vendor management, e-commerce, due diligence, and mergers and acquisitions.
Marci guides clients through all stages of incident response, including intrusion containment and investigation, analysis of obligations under state and federal breach notification laws, drafting consumer and regulator breach notices, remediation, public relations strategy, and responding to regulator inquiries. In this capacity, she has worked with a diverse range of clients in managing and recovering from many different types of incidents, such as malware intrusions, state-sponsored hacking, extortion, and inadvertent information disclosures. She also helps companies ensure that they are prepared for data security incidents by drafting incident response plans and developing tabletop exercises to test response capabilities.
In addition to her incident response work, Marci assists clients in complying with privacy and data protection laws and best practices by developing internal data governance programs and drafting privacy policies, terms of service, and consumer- and employee-facing disclosures. Most recently, she has worked with companies to comply with the requirements of the European Union General Data Protection Regulation (“GDPR”) and US-EU Privacy Shield by conducting readiness assessments, drafting policies and processes for handling data subject requests, revising data protection agreements, and evaluating security and data retention practices.
Prior to joining ZwillGen, Marci was an associate in the Privacy, Data Security, and Information Law Group at Sidley Austin LLP, where she counseled technology, telecommunications, retail, and industrial companies on a range of issues involving data security and privacy.
The North Carolina Attorney General’s Office issued a letter to Google on October 11th demanding that the company answer questions about the recent breach affecting its Google+ network. The NC AG’s ...Read More
Note: SB 1121 was signed into law on September 23, 2018. On August 31, 2018, the California legislature unanimously passed a bill, SB 1121, amending the California Consumer Privacy Act (“CCPA”). While the ...Read More
- California Passes Watershed Data Privacy Bill
- One-Day Breach Notification for Colleges and Universities?
- One Month Till GDPR! Seven Insights and Predictions
- Risky Business: Five Considerations for Security in Vendor Contracting
- S3 Buckets: Not so Simple?
- Podcast: Data Do, Data Don’t
- FCC Signals a Change in Course on Broadband Privacy, but it’s Not All Smooth Sailing Ahead
- FTC Calls for Comments on Safeguards Rule