Marci Rozen counsels companies on a wide variety of issues involving cybersecurity and privacy. She routinely develops and evaluates corporate information security policies and programs, and has helped companies to optimize such programs to comply with data security standards such as the Gramm-Leach-Bliley Safeguards Rule, the Massachusetts Standards for the Protection of Personal Information, the Center for Internet Security Critical Controls, and the Payment Card Industry Data Security Standards (“PCI-DSS”). She also advises companies on specific privacy and security issues associated with insider threat prevention and detection, cloud computing, vendor management, electronic surveillance, and handling of consumer information during mergers, acquisitions, and bankruptcy sales.
Marci has extensive experience guiding companies through all stages of incident response, including intrusion containment and investigation, analysis of obligations under state and federal breach notification laws, drafting consumer and regulator breach notices, remediation, public relations strategy, and responding to regulator inquiries. In this capacity, she has worked with a wide variety of clients (including large retailers, website and mobile app operators, telecommunications and media companies, and health care service providers) on many different types of incidents (including malware intrusions, state-sponsored hacking, insider incidents, and inadvertent information disclosures). She also helps companies ensure that they are prepared for data security incidents by drafting incident response plans and developing tabletop exercises to test response capabilities.
In addition to her data security practice, Marci also advises communications providers on their privacy and security obligations under Section 222 of the Communications Act and the FCC’s implementing regulations. She has conducted compliance assessments of data analytics programs, designed policies for safeguarding customer proprietary network information (CPNI), and provided counseling on cross-channel advertising issues. Most recently, she has assisted clients in commenting on FCC proceedings relating to broadband privacy.
Prior to joining ZwillGen, Marci was an associate in the Privacy, Data Security, and Information Law Group at Sidley Austin LLP, where she counseled technology, telecommunications, retail, and industrial companies on a range of issues involving data security and privacy.
Uber has agreed to settle a complaint stemming from allegations that the ride-hailing company made deceptive claims concerning its data security practices following a 2014 data breach. The data breach in question affected an Amazon ...Read More
Most websites and apps collect information from its users. But are you doing it in a legally-compliant way? We won’t be taking over any New Year’s countdowns, but listen to our ...Read More
- FCC Signals a Change in Course on Broadband Privacy, but it’s Not All Smooth Sailing Ahead
- FTC Calls for Comments on Safeguards Rule
- Obama Kicks Off New Cybersecurity Plan with a Tidal Wave of Executive Actions
- SEC Focus on Cybersecurity Continues and Intensifies
- GPEN Sweep Finds Mixed News for Children’s Online Privacy