Overview

Today’s businesses operate in an environment marked by evolving and complex data protection laws and relentless cyber attacks by both private and state-sponsored actors. Remaining competitive while ensuring regulatory compliance across multiple jurisdictions and implementing a strong cyber defense can be daunting. Crowell offers companies an integrated approach to managing privacy and cybersecurity risks combining legal, technical, and regulatory experience in a single seamless team across global markets.

Crowell’s Privacy and Cybersecurity Group includes lawyers with extensive government, in-house, consulting, and technical experience across multiple industries. Where necessary, we integrate Crowell’s intellectual property, corporate, insurance, white collar, trade secrets, health care, energy, transportation, and government contracts capabilities to address the privacy and cybersecurity risks faced by our clients. We also work closely with our affiliate, Crowell Global Advisors, which is deeply involved with the privacy laws of Pacific Rim nations. Our lawyers regularly work with forensic professionals and coordinate with law enforcement.

Our Services

Risk Assessment and Compliance

Our team facilitates enterprise-wide cybersecurity and privacy risk assessments to mitigate threats and enhance legal compliance, including:

Holistic compliance strategies and assessments focused on industry-specific best practices and applicable laws, such as GDPR, CPRA, COPPA, HIPAA, and GLBA, as well as other government standards, such as the DFARS and CMMC.
Custom-designed incident response plans and training—through tabletop exercises and other tools—to ensure organizations respond efficiently and effectively to an incident.

Crisis Management and Investigations

We represent a wide range of clients who have experienced cyber and data incidents. Our work includes:

Responding to and managing privacy and data security incidents.
Crisis management when a privacy or security vulnerability is made public.
Collaborating with technical consultants as appropriate to determine the cause of the incident or system compromise.
Implementing long-term remediation solutions.
Engaging with federal and state enforcement agencies, as well as private stakeholders.

Regulatory and Litigation Defense

Our lawyers defend clients against class actions, regulatory enforcement actions, and other high-profile privacy/cyber–related matters that pose an existential threat in the digital economy. The team is recognized for developing proactive cyber strategies to disrupt and dismantle criminal organizations engaged in cybercrimes.

Resources

CMMC Registered Provider Organization

Certified Information Privacy Professionals (CIPP)

Crowell’s Privacy and Cybersecurity Group includes lawyers with extensive government, in-house, consulting, and technical experience across multiple industries. Where necessary, we integrate Crowell’s intellectual property, corporate, insurance, white collar, trade secrets, health care, energy, transportation, and government contracts capabilities to address the privacy and cybersecurity risks faced by our clients. We also work closely with our affiliate, Crowell Global Advisors, which is deeply involved with the privacy laws of Pacific Rim nations. Our lawyers regularly work with forensic professionals and coordinate with law enforcement.

Our Services

Risk Assessment and Compliance

Our team facilitates enterprise-wide cybersecurity and privacy risk assessments to mitigate threats and enhance legal compliance, including:

Holistic compliance strategies and assessments focused on industry-specific best practices and applicable laws, such as GDPR, CPRA, COPPA, HIPAA, and GLBA, as well as other government standards, such as the DFARS and CMMC.
Custom-designed incident response plans and training—through tabletop exercises and other tools—to ensure organizations respond efficiently and effectively to an incident.

Crisis Management and Investigations

We represent a wide range of clients who have experienced cyber and data incidents. Our work includes:

Responding to and managing privacy and data security incidents.
Crisis management when a privacy or security vulnerability is made public.
Collaborating with technical consultants as appropriate to determine the cause of the incident or system compromise.
Implementing long-term remediation solutions.
Engaging with federal and state enforcement agencies, as well as private stakeholders.

Regulatory and Litigation Defense

Our lawyers defend clients against class actions, regulatory enforcement actions, and other high-profile privacy/cyber–related matters that pose an existential threat in the digital economy. The team is recognized for developing proactive cyber strategies to disrupt and dismantle criminal organizations engaged in cybercrimes.

Resources

CMMC Registered Provider Organization

Certified Information Privacy Professionals (CIPP)

Contacts

See All Professionals

Jeffrey L. Poston
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2775
anBvc3RvbkBjcm93ZWxsLmNvbQ==
Emma Wright
Partner
- London
  - D | +44.20.7413.1315
ZXdyaWdodEBjcm93ZWxsLmNvbQ==

Insights

Webinar | 04.21.26

From Covert to Kinetic: Escalating Cyber Threats in a Time of Conflict

As geopolitical tensions escalate around the world—from the ongoing conflict in Ukraine to rising hostilities involving Iran—the line between cyber warfare and kinetic military action has never been more blurred. Nation-state actors are no longer limiting their aggression to the battlefield. Join us for an urgent and timely discussion on what these escalating threats mean for your organization—and what you can do about them today.

Webinar | 04.16.26
Innovation Insights: Navigating the Complexities of Employment Law Impacting Geographically-Dispersed Workforces April 2026
Client Alert | 2 min read | 04.10.26
Federal Agencies Warn of Iranian-Affiliated Cyber Actors Exploiting Internet-Facing Operational Technology Devices
Publication | 04.09.26
Navigating Deepfakes in Litigation, Arbitration, and Mediation

View All Insights

Insights

Webinar | 04.21.26

From Covert to Kinetic: Escalating Cyber Threats in a Time of Conflict

Webinar | 04.16.26

Innovation Insights: Navigating the Complexities of Employment Law Impacting Geographically-Dispersed Workforces April 2026

Client Alert | 2 min read | 04.10.26

Federal Agencies Warn of Iranian-Affiliated Cyber Actors Exploiting Internet-Facing Operational Technology Devices

Publication | 04.09.26

Navigating Deepfakes in Litigation, Arbitration, and Mediation

Navigating Deepfakes in Litigation, Arbitration, and Mediation
|
04.09.26
American Bar Association, GPSolo March/April 2026
California Court Of Appeal Expands ALPR Privacy Liability: What Businesses Need To Know
|
03.16.26
Daily Journal
Dealing with Deepfakes: The Role for Lawyers and Law Firms
|
02.26.26
The ABA Cybersecurity Handbook
International Comparative Legal Guide - Telecoms, Media & Internet 2026
|
12.15.25
iclg
Three Steps Tech Companies Can Take Today To Prepare To Ride A Blue Wave In 2026
|
11.14.25
Washington Technology
New Calif. Chatbot Bill May Make AI Assistants Into Liabilities
|
10.02.25
Law360
Ready To Know Your Data? Justice Department Issues Implementation And Enforcement Guidance For Data Security Program Protecting Bulk Sensitive Data
|
08.01.25
Journal of Federal Agency Action
Texas Just Created A New Model For State AI Regulation
|
07.17.25
Tech Policy Press
A Changing Tech and Legal Landscape in Corporate
|
01.28.25
Asia-Pacific Strives to Keep Pace with Cyber Threats
|
01.28.25
View All Publications
Federal Agencies Warn of Iranian-Affiliated Cyber Actors Exploiting Internet-Facing Operational Technology Devices
|
04.10.26
U.S. State Privacy Enforcement: Key Priorities and Practical Guidance From State Regulators
|
04.09.26
Northern District of California Court Holds State Tort and Contract Claims Not Preempted by Federal Copyright Act, Remands Reddit v. Anthropic to State Court
|
04.08.26
Reducing Your Exposure: Liability Limitations for Cybersecurity-Compliant Organizations
|
04.02.26
Landmark Verdicts Against Meta and YouTube Signal New Era of Social Media Platform Liability
|
03.30.26
White House National AI Policy Framework Calls for Preempting State Laws, Protecting Children
|
03.25.26
UK Court Rules Duty to Safeguard Personal Data Extends to Hacked Pseudonymised Data in DSG Retail Ltd v The Information Commissioner
|
03.23.26
Senate Advances Bipartisan Health Care Cybersecurity Reform
|
03.11.26
White House’s New Cyber Strategy and Executive Order Seek to Deter Adversaries and Strengthen Resilience
|
03.11.26
Federal Court Rules Some AI Chats Are Not Protected by Legal Privilege: What It Means For You
|
02.18.26
View All Client Alerts
Matthew F. Ferraro Authors Dealing with Deepfakes Chapter in ABA Cybersecurity Handbook
|
03.16.26
Former Special Counsel to the FBI Director and Federal Prosecutor Rajeev Raghavan Joins Crowell & Moring’s Privacy & Cybersecurity Group
|
03.04.26
Chambers Ranks Crowell & Moring Practices and Lawyers in 2026 Global Guide
|
02.23.26
Crowell & Moring’s Warrington Parker and Jacob Canter to Serve on BASF’s Justice & Diversity Center Board of Directors
|
01.28.26
Crowell & Moring Partner Jennie Wang VonCannon Named to Daily Journal’s 2025 Top White Collar Lawyers List
|
12.10.25
Crowell & Moring’s Emma Wright Ranked Among Top 10 on Computer Weekly’s 2025 “50 Most Influential Women in UK Tech” List
|
11.11.25
Chambers Ranks Crowell & Moring Lawyers and Practice Groups in the 2026 UK Guide
|
10.16.25
Crowell Earns Top Rankings from Legal 500 United Kingdom 2026
|
10.14.25
Crowell Represents Parsons Corporation in Strategic $89M Acquisition
|
07.01.25
Crowell Earns Top Rankings from Legal 500 United States 2025
|
06.26.25
View All Firm News
Courts Deciding Limits of License Plate Reader Surveillance in California
|
04.08.26
Daily Journal
Ex-FBI Special Counsel Moves To Crowell & Moring's DC Team
|
03.04.26
Law360
Chatbot Developers Brace For Impending Wave Of State Regulation
|
02.05.26
Bloomberg Law
Chatbot Developers Brace for Impending Wave of State Regulation
|
02.05.26
Bloomberg Law
Staying Compliant After Trump AI Executive Order Introduces Regulatory Uncertainty
|
01.14.26
Cybersecurity Law Report
U.K. Regulators Move To Curb AI Nudification Tools As Scrutiny Of Grok Grows
|
01.14.26
Compliance Week
President Trump Signs Executive Order to Block State AI Laws
|
12.15.25
VKTR
Pentagon begins enforcing CMMC compliance, but readiness gaps remain
|
11.10.25
DefenseScoop
California’s Landmark AI Transparency Law: Compliance Considerations
|
10.29.25
Cybersecurity Law Report
California’s Landmark AI Transparency Law: Covered Entities, Reporting Requirements And Penalties
|
10.29.25
Cybersecurity Law Report
View All Press Coverage
IAPP’s Global Privacy Summit Reception
|
03.30.26
Emerging Compliance and Enforcement Priorities in State Data Privacy and Cybersecurity: A Fireside Chat with Special Guest Connecticut Attorney General William Tong
|
07.29.25
Law-Tech Connect and XPONENTIAL 2025
|
05.19.25 - 05.22.25
Crowell's CMMC Day
|
04.10.25
CMMC Finalized: How to Prepare & Achieve Certification
|
11.19.24
Cyber Perspectives: Views from Attackers, Defenders, and Regulators
|
10.30.24
Cybersecurity Symposium: The Cyberside Chat
|
09.12.24
NCMA World Congress 2024
|
07.23.24
Higher Education & Healthcare Research Compliance Conference
|
06.12.24
ACC Foundation 2024 Cybersecurity Summit
|
03.26.24
View All Events
From Covert to Kinetic: Escalating Cyber Threats in a Time of Conflict
|
04.21.26
Innovation Insights: Navigating the Complexities of Employment Law Impacting Geographically-Dispersed Workforces April 2026
|
04.16.26
The Artificial Intelligence Agenda from Capitol Hill to State Capitals: Where We Are and Where We Are (Probably) Going
|
10.16.25
Key Takeaways from DOJ’s Civil Cyber-Fraud Initiative
|
10.08.25
Scattered Spider Cybersecurity Attacks
|
06.05.25
SPX Technologies: AI in Legal and Cybersecurity for DoD Contractors
|
05.20.25
The Evolving AI Legal and Policy Landscape: Mid-2025 Update
|
04.22.25
Navigating the Complexities of Employment Law Impacting Geographically-Dispersed Workforces
|
March 26, 2025
Privacy and Cybersecurity Outlook: The 2025 Landscape
|
02.20.25
Civil Cyber-Fraud Enforcement: The Latest Developments and Risk-Mitigation Strategies
|
02.19.25
View All Webinars
"The AI Agent Advantage: Defense, Privacy, and the Future of Cybersecurity," IAPP Global Summit 2026
|
03.31.26
"Deepfakes: Risks and Responses," Meridian International Center
|
03.13.26
"The State of AI Regulation," New York Technology Innovation 2025
|
12.11.25
"Key Takeaways From DOJ's Civil Cyber-Fraud Initiative," ABA Cyber Meeting
|
12.05.25
"Cyber Year in Review," The Coalition for Government Procurement
|
12.03.25
"Integrating AI into a Near-future Society: AI Privilge, AI Wearables and Agents," Moderator, IAPP Europe Data Protection Congress 2025
|
11.20.25
"Building Trusted Environments: Architecture, Privacy, and Design," Privacy + Security Forum
|
11.14.25
"An Interdisciplinary Approach to AI Development and Regulation," IAPP Privacy. Security. Risk. 2025
|
10.30.25
"CMMC Level 2: How to Start Preparing," 2025 PreVeil Virtual CMMC Summit
|
10.29.25
"CMMC Is Here – The Final DFARS Rule Takes Effect Soon, ABA Section of Public Contract Law," American Bar Association
|
10.28.25
View All Speaking Engagements
Fastest 5 Minutes: CMMC
|
09.11.25
Fastest 5 Minutes: DOJ Guidance re DEI, White House AI Action Plan
|
08.04.25
Lightning Round: AI Usage by Employees—Safeguards for the Workplace
|
06.26.25
Fastest 5 Minutes: Supplier Performance Risk System, Procurement Integrity Act
|
03.30.23
Fastest 5 Minutes: National Cyber Security Strategy, CHIPS, Conflicts of Interest
|
03.21.23
Fastest 5 Minutes: SBIR and Contractor Minimum Wage
|
01.20.23
Byte-Sized Q&A: What is Controlled Unclassified Information?
|
03.08.21
Byte-Sized Q&A: What is an APT?
|
02.08.21
Byte-Sized Q&A: The CIA Triad
|
01.25.21
Byte-Sized Q&A: Why is I-O-T so H-O-T?
|
01.11.21
View All Podcast Episodes
AI for Government: 7 Days for Contractor Comments on GSA Proposed Contract Clause for AI Systems
|
03.16.26
Crowell & Moring’s Government Contracts Legal Forum
DHS Announces Virtual Town Halls on CIRCIA Final Rule
|
02.20.26
Crowell & Moring’s Government Contracts Legal Forum
CMMC for AI? Defense Policy Law Imposes AI Security Framework and Requirements on Contractors
|
01.08.26
Crowell & Moring’s Government Contracts Legal Forum
The FY 2026 National Defense Authorization Act
|
12.29.25
Crowell & Moring’s Government Contracts Legal Forum
Fastest 5 Minutes: CMMC
|
09.19.25
Crowell & Moring’s Government Contracts Legal Forum

Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity
|
09.02.25
Crowell & Moring’s Government Contracts Legal Forum
Fastest 5 Minutes: DOJ Guidance re DEI, White House AI Action Plan
|
08.04.25
Crowell & Moring’s Government Contracts Legal Forum
Mini-Series on CIPA – Part 4: How Big is the Risk?
|
02.13.25
Crowell & Moring’s Data Law Insights
The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?
|
08.26.24
Crowell & Moring’s Data Law Insights
SEC “Encourages” Public Companies to Disclose “Immaterial” Cybersecurity Incidents Under Item 8.01 of Form 8-K
|
05.23.24
Crowell & Moring’s Data Law Insights
View All Blog Posts

View All Insights

Professionals

Justin B. Weiss
Crowell Global Advisors Senior Director, Senior Counsel
Washington, D.C. (CGA)
D | +1.202.654.6729
IGpid2Vpc3NAY3Jvd2VsbGdsb2JhbGFkdmlzb3JzLmNvbQ==
Crowell Global Advisors
Artificial Intelligence
Privacy and Cybersecurity
IGpid2Vpc3NAY3Jvd2VsbGdsb2JhbGFkdmlzb3JzLmNvbQ==

View All Professionals

Insights

Webinar | 04.21.26

From Covert to Kinetic: Escalating Cyber Threats in a Time of Conflict

As geopolitical tensions escalate around the world—from the ongoing conflict in Ukraine to rising hostilities involving Iran—the line between cyber warfare and kinetic military action has never been more blurred. Nation-state actors are no longer limiting their aggression to the battlefield. Join us for an urgent and timely discussion on what these escalating threats mean for your organization—and what you can do about them today.

Webinar | 04.16.26
Innovation Insights: Navigating the Complexities of Employment Law Impacting Geographically-Dispersed Workforces April 2026
Client Alert | 2 min read | 04.10.26
Federal Agencies Warn of Iranian-Affiliated Cyber Actors Exploiting Internet-Facing Operational Technology Devices
Publication | 04.09.26
Navigating Deepfakes in Litigation, Arbitration, and Mediation

View All Insights

Practices

Industries

Contacts

See All Professionals

Jeffrey L. Poston
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2775
anBvc3RvbkBjcm93ZWxsLmNvbQ==
Emma Wright
Partner
- London
  - D | +44.20.7413.1315
ZXdyaWdodEBjcm93ZWxsLmNvbQ==

Insights

Webinar | 04.21.26

From Covert to Kinetic: Escalating Cyber Threats in a Time of Conflict

As geopolitical tensions escalate around the world—from the ongoing conflict in Ukraine to rising hostilities involving Iran—the line between cyber warfare and kinetic military action has never been more blurred. Nation-state actors are no longer limiting their aggression to the battlefield. Join us for an urgent and timely discussion on what these escalating threats mean for your organization—and what you can do about them today.

Webinar | 04.16.26
Innovation Insights: Navigating the Complexities of Employment Law Impacting Geographically-Dispersed Workforces April 2026
Client Alert | 2 min read | 04.10.26
Federal Agencies Warn of Iranian-Affiliated Cyber Actors Exploiting Internet-Facing Operational Technology Devices
Publication | 04.09.26
Navigating Deepfakes in Litigation, Arbitration, and Mediation

View All Insights

Privacy and Cybersecurity

Overview

Overview

Our Services

Risk Assessment and Compliance

Crisis Management and Investigations

Regulatory and Litigation Defense

Resources

Contacts

Insights

Insights

Publications

Client Alerts

Firm News

Press Coverage

Events

Webinars

Speaking Engagements

Podcasts

Blog Posts

Professionals

Insights

Practices

Industries

Contacts

Insights