Paul Rice has extensive experience advising clients on a range of state and federal privacy and data security laws, state data breach statutes, information security and privacy governance, product security and privacy by design, incident response, vendor contracting, and internal investigations. Having served in a variety of technology, privacy, and information security roles, both as a consultant and in house, Paul leverages his experience and in-depth industry knowledge in order to provide results-oriented, business-minded, and practical advice to his clients. His unique background as an information security practitioner and later attorney aids him in counseling clients in a variety of roles, from the most technical to senior board members and everything in between.
Paul’s practice includes advising clients on a variety of matters related to information security, privacy and data protection, payments, fintech, data governance, and transactions. Paul assists clients with policy development, vulnerability disclosures, risk assessments, and incident response. He also helps clients comply with state and federal privacy and data security laws, including the CCPA and other emerging state privacy laws, GDPR, and FCRA. Paul also counsels financial companies on issues regarding SEC Reg SCI and the GLBA.
During his time in house, Paul worked for sophisticated financial services companies, serving internal business clients and assisting them with product security and privacy by design, information security and privacy governance, incident response, legal advocacy for emerging legislation, routine regulatory exam preparation and response, and information security transactional vendor management. He has structured and negotiated domestic and international information security and privacy terms for transactions with vendors, consulting companies, outside counsel, and financial companies, including clearing members and exchanges. Paul has also advised a variety of companies on all stages of incident response, including preparation, investigation and containment, analysis of data breach obligations, regulatory reporting, and post-incident review. Most recently, he helped co-write the novel and historic SEC Advance Notice filing requesting permission from the regulator to run core clearing, risk, and settlement operations within the cloud.
Prior to joining ZwillGen, Paul served as a Sr. Manager and Counsel for Discover Financial Services where he led the legal advisory aspects of GDPR preparedness, and most recently as the Assistant General Counsel for Information Security and Privacy at the Options Clearing Corporation where he was responsible for all aspects of enterprise-wide data, privacy, technology, and security legal matters. Paul is a Certified Information Systems Security Professional [CISSP # 52056]-(ISC)2].