Bio

Marci Rozen counsels companies on a wide variety of issues involving cybersecurity and privacy. She routinely develops and evaluates corporate information security policies and programs, and has helped companies to optimize such programs to comply with data security standards such as the Gramm-Leach-Bliley Safeguards Rule, the Massachusetts Standards for the Protection of Personal Information, the Center for Internet Security Critical Controls, and the Payment Card Industry Data Security Standards (“PCI-DSS”). She also advises companies on specific privacy and security issues associated with insider threat prevention and detection, cloud computing, vendor management, electronic surveillance, and handling of consumer information during mergers, acquisitions, and bankruptcy sales.

Marci has extensive experience guiding companies through all stages of incident response, including intrusion containment and investigation, analysis of obligations under state and federal breach notification laws, drafting consumer and regulator breach notices, remediation, public relations strategy, and responding to regulator inquiries. In this capacity, she has worked with a wide variety of clients (including large retailers, website and mobile app operators, telecommunications and media companies, and health care service providers) on many different types of incidents (including malware intrusions, state-sponsored hacking, insider incidents, and inadvertent information disclosures). She also helps companies ensure that they are prepared for data security incidents by drafting incident response plans and developing tabletop exercises to test response capabilities.

In addition to her data security practice, Marci also advises communications providers on their privacy and security obligations under Section 222 of the Communications Act and the FCC’s implementing regulations. She has conducted compliance assessments of data analytics programs, designed policies for safeguarding customer proprietary network information (CPNI), and provided counseling on cross-channel advertising issues. Most recently, she has assisted clients in commenting on FCC proceedings relating to broadband privacy.

Prior to joining ZwillGen, Marci was an associate in the Privacy, Data Security, and Information Law Group at Sidley Austin LLP, where she counseled technology, telecommunications, retail, and industrial companies on a range of issues involving data security and privacy.