Overview

Today’s businesses operate in an environment marked by evolving and complex data protection laws and relentless cyber attacks by both private and state-sponsored actors. Remaining competitive while ensuring regulatory compliance across multiple jurisdictions and implementing a strong cyber defense can be daunting. Crowell offers companies an integrated approach to managing privacy and cybersecurity risks combining legal, technical, and regulatory experience in a single seamless team across global markets.

Crowell’s Privacy and Cybersecurity Group includes lawyers with extensive government, in-house, consulting, and technical experience across multiple industries. Where necessary, we integrate Crowell’s intellectual property, corporate, insurance, white collar, trade secrets, health care, energy, transportation, and government contracts capabilities to address the privacy and cybersecurity risks faced by our clients. We also work closely with our affiliate, Crowell Global Advisors, which is deeply involved with the privacy laws of Pacific Rim nations. Our lawyers regularly work with forensic professionals and coordinate with law enforcement.

Our Services

Risk Assessment and Compliance

Our team facilitates enterprise-wide cybersecurity and privacy risk assessments to mitigate threats and enhance legal compliance, including:

Holistic compliance strategies and assessments focused on industry-specific best practices and applicable laws, such as GDPR, CPRA, COPPA, HIPAA, and GLBA, as well as other government standards, such as the DFARS and CMMC.
Custom-designed incident response plans and training—through tabletop exercises and other tools—to ensure organizations respond efficiently and effectively to an incident.

Crisis Management and Investigations

We represent a wide range of clients who have experienced cyber and data incidents. Our work includes:

Responding to and managing privacy and data security incidents.
Crisis management when a privacy or security vulnerability is made public.
Collaborating with technical consultants as appropriate to determine the cause of the incident or system compromise.
Implementing long-term remediation solutions.
Engaging with federal and state enforcement agencies, as well as private stakeholders.

Regulatory and Litigation Defense

Our lawyers defend clients against class actions, regulatory enforcement actions, and other high-profile privacy/cyber–related matters that pose an existential threat in the digital economy. The team is recognized for developing proactive cyber strategies to disrupt and dismantle criminal organizations engaged in cybercrimes.

Resources

CMMC Registered Provider Organization

Certified Information Privacy Professionals (CIPP)

Crowell’s Privacy and Cybersecurity Group includes lawyers with extensive government, in-house, consulting, and technical experience across multiple industries. Where necessary, we integrate Crowell’s intellectual property, corporate, insurance, white collar, trade secrets, health care, energy, transportation, and government contracts capabilities to address the privacy and cybersecurity risks faced by our clients. We also work closely with our affiliate, Crowell Global Advisors, which is deeply involved with the privacy laws of Pacific Rim nations. Our lawyers regularly work with forensic professionals and coordinate with law enforcement.

Our Services

Risk Assessment and Compliance

Our team facilitates enterprise-wide cybersecurity and privacy risk assessments to mitigate threats and enhance legal compliance, including:

Holistic compliance strategies and assessments focused on industry-specific best practices and applicable laws, such as GDPR, CPRA, COPPA, HIPAA, and GLBA, as well as other government standards, such as the DFARS and CMMC.
Custom-designed incident response plans and training—through tabletop exercises and other tools—to ensure organizations respond efficiently and effectively to an incident.

Crisis Management and Investigations

We represent a wide range of clients who have experienced cyber and data incidents. Our work includes:

Responding to and managing privacy and data security incidents.
Crisis management when a privacy or security vulnerability is made public.
Collaborating with technical consultants as appropriate to determine the cause of the incident or system compromise.
Implementing long-term remediation solutions.
Engaging with federal and state enforcement agencies, as well as private stakeholders.

Regulatory and Litigation Defense

Our lawyers defend clients against class actions, regulatory enforcement actions, and other high-profile privacy/cyber–related matters that pose an existential threat in the digital economy. The team is recognized for developing proactive cyber strategies to disrupt and dismantle criminal organizations engaged in cybercrimes.

Resources

CMMC Registered Provider Organization

Certified Information Privacy Professionals (CIPP)

Contacts

See All Professionals

Jeffrey L. Poston
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2775
anBvc3RvbkBjcm93ZWxsLmNvbQ==
Emma Wright
Partner
- London
  - D | +44.20.7413.1315
ZXdyaWdodEBjcm93ZWxsLmNvbQ==

Insights

Event | 06.08.26

SCCE Higher Education Compliance Conference & HCCA Research Compliance

Crowell & Moring Senior Counsel Blaze Waleski, a member of the firm's Privacy & Cybersecurity Group, will be speaking at the SCCE Higher Education Compliance & HCCA Research Compliance Conference, taking place on Monday, June 8, 2026, at San Antonio, Texas. His presentation, "The Complex Legal Landscape for Privacy and AI," will take place at 2:15–3:15 PM CDT.

Blog Post | 05.07.26
Government Contractors, Take Note: Illinois Court Curtails Broad BIPA Exemption
Client Alert | 7 min read | 05.06.26
Artificial Intelligence and Human Resources in the EU - Part 2: AI Literacy - Employer AI Literacy Obligations under the EU AI Act
Client Alert | 4 min read | 05.06.26
Genetic Data and Artificial Intelligence Training Following Acquisitions: Emerging Litigation Risk and a Rapidly Expanding State Regulatory Landscape

View All Insights

Insights

Event | 06.08.26

SCCE Higher Education Compliance Conference & HCCA Research Compliance

Blog Post | 05.07.26

Government Contractors, Take Note: Illinois Court Curtails Broad BIPA Exemption

Client Alert | 7 min read | 05.06.26

Artificial Intelligence and Human Resources in the EU - Part 2: AI Literacy - Employer AI Literacy Obligations under the EU AI Act

Client Alert | 4 min read | 05.06.26

Genetic Data and Artificial Intelligence Training Following Acquisitions: Emerging Litigation Risk and a Rapidly Expanding State Regulatory Landscape

5 Steps to Stay Ahead of AI Cyber Risk
|
04.30.26
Board Agenda
Navigating Deepfakes in Litigation, Arbitration, and Mediation
|
04.09.26
American Bar Association, GPSolo March/April 2026
California Court Of Appeal Expands ALPR Privacy Liability: What Businesses Need To Know
|
03.16.26
Daily Journal
Dealing with Deepfakes: The Role for Lawyers and Law Firms
|
02.26.26
The ABA Cybersecurity Handbook
International Comparative Legal Guide - Telecoms, Media & Internet 2026
|
12.15.25
iclg
Three Steps Tech Companies Can Take Today To Prepare To Ride A Blue Wave In 2026
|
11.14.25
Washington Technology
New Calif. Chatbot Bill May Make AI Assistants Into Liabilities
|
10.02.25
Law360
Ready To Know Your Data? Justice Department Issues Implementation And Enforcement Guidance For Data Security Program Protecting Bulk Sensitive Data
|
08.01.25
Journal of Federal Agency Action
Texas Just Created A New Model For State AI Regulation
|
07.17.25
Tech Policy Press
A Changing Tech and Legal Landscape in Corporate
|
01.28.25
View All Publications
Artificial Intelligence and Human Resources in the EU - Part 2: AI Literacy - Employer AI Literacy Obligations under the EU AI Act
|
05.06.26
Genetic Data and Artificial Intelligence Training Following Acquisitions: Emerging Litigation Risk and a Rapidly Expanding State Regulatory Landscape
|
05.06.26
Japan’s Sovereign Cloud Commitment at the U.S.-Japan Summit: Defense Interoperability, Not Just Digital Policy
|
05.04.26
Pre-Approved: ICO Publishes Guidance on "Recognised Legitimate Interests”
|
05.01.26
Drift Protocol Exploit: Why “Social Trust” Is the Newest Cybersecurity Gap
|
04.27.26
Crowell Tracker of Court Rulings on Legal Privilege and Artificial Intelligence Tools
|
04.23.26
Two Lawsuits in One: The Growing Risk of Pairing Biometric Tech With Wage-and-Hour Violations
|
04.23.26
In Massachusetts, Section 230 Does Not Immunize Meta From Claims That Instagram’s Design Features Injure Children
|
04.15.26
Federal Agencies Warn of Iranian-Affiliated Cyber Actors Exploiting Internet-Facing Operational Technology Devices
|
04.10.26
U.S. State Privacy Enforcement: Key Priorities and Practical Guidance From State Regulators
|
04.09.26
View All Client Alerts
Crowell & Moring Continues Growth in Brussels with Addition of Privacy and Cybersecurity Partner Lauren Cuyvers
|
04.21.26
Matthew F. Ferraro Authors Dealing with Deepfakes Chapter in ABA Cybersecurity Handbook
|
03.16.26
Former Special Counsel to the FBI Director and Federal Prosecutor Rajeev Raghavan Joins Crowell & Moring’s Privacy & Cybersecurity Group
|
03.04.26
Chambers Ranks Crowell & Moring Practices and Lawyers in 2026 Global Guide
|
02.23.26
Crowell & Moring’s Warrington Parker and Jacob Canter to Serve on BASF’s Justice & Diversity Center Board of Directors
|
01.28.26
Crowell & Moring Partner Jennie Wang VonCannon Named to Daily Journal’s 2025 Top White Collar Lawyers List
|
12.10.25
Crowell & Moring’s Emma Wright Ranked Among Top 10 on Computer Weekly’s 2025 “50 Most Influential Women in UK Tech” List
|
11.11.25
Chambers Ranks Crowell & Moring Lawyers and Practice Groups in the 2026 UK Guide
|
10.16.25
Crowell Earns Top Rankings from Legal 500 United Kingdom 2026
|
10.14.25
Crowell Represents Parsons Corporation in Strategic $89M Acquisition
|
07.01.25
View All Firm News
Trump's Missed AI Deadlines
|
04.24.26
Axios
Courts Deciding Limits of License Plate Reader Surveillance in California
|
04.08.26
Daily Journal
Ex-FBI Special Counsel Moves To Crowell & Moring's DC Team
|
03.04.26
Law360
Chatbot Developers Brace For Impending Wave Of State Regulation
|
02.05.26
Bloomberg Law
Chatbot Developers Brace for Impending Wave of State Regulation
|
02.05.26
Bloomberg Law
Staying Compliant After Trump AI Executive Order Introduces Regulatory Uncertainty
|
01.14.26
Cybersecurity Law Report
U.K. Regulators Move To Curb AI Nudification Tools As Scrutiny Of Grok Grows
|
01.14.26
Compliance Week
President Trump Signs Executive Order to Block State AI Laws
|
12.15.25
VKTR
Pentagon begins enforcing CMMC compliance, but readiness gaps remain
|
11.10.25
DefenseScoop
California’s Landmark AI Transparency Law: Compliance Considerations
|
10.29.25
Cybersecurity Law Report
View All Press Coverage
SCCE Higher Education Compliance Conference & HCCA Research Compliance
|
06.08.26
IAPP’s Global Privacy Summit Reception
|
03.30.26
Emerging Compliance and Enforcement Priorities in State Data Privacy and Cybersecurity: A Fireside Chat with Special Guest Connecticut Attorney General William Tong
|
07.29.25
Law-Tech Connect and XPONENTIAL 2025
|
05.19.25 - 05.22.25
Crowell's CMMC Day
|
04.10.25
CMMC Finalized: How to Prepare & Achieve Certification
|
11.19.24
Cyber Perspectives: Views from Attackers, Defenders, and Regulators
|
10.30.24
Cybersecurity Symposium: The Cyberside Chat
|
09.12.24
NCMA World Congress 2024
|
07.23.24
Higher Education & Healthcare Research Compliance Conference
|
06.12.24
View All Events
From Covert to Kinetic: Escalating Cyber Threats in a Time of Conflict
|
04.21.26
Innovation Insights: Navigating the Complexities of Employment Law Impacting Geographically-Dispersed Workforces April 2026
|
04.16.26
The Artificial Intelligence Agenda from Capitol Hill to State Capitals: Where We Are and Where We Are (Probably) Going
|
10.16.25
Key Takeaways from DOJ’s Civil Cyber-Fraud Initiative
|
10.08.25
Scattered Spider Cybersecurity Attacks
|
06.05.25
SPX Technologies: AI in Legal and Cybersecurity for DoD Contractors
|
05.20.25
The Evolving AI Legal and Policy Landscape: Mid-2025 Update
|
04.22.25
Navigating the Complexities of Employment Law Impacting Geographically-Dispersed Workforces
|
March 26, 2025
Privacy and Cybersecurity Outlook: The 2025 Landscape
|
02.20.25
Civil Cyber-Fraud Enforcement: The Latest Developments and Risk-Mitigation Strategies
|
02.19.25
View All Webinars
"Innovation Insights: Navigating the Complexities of Employment Law Impacting Geographically-Dispersed Workforces April 2026," Crowell & Moring Webinar.
|
04.16.26
"The AI Agent Advantage: Defense, Privacy, and the Future of Cybersecurity," IAPP Global Summit 2026
|
03.31.26
"Deepfakes: Risks and Responses," Meridian International Center
|
03.13.26
"The State of AI Regulation," New York Technology Innovation 2025
|
12.11.25
"Key Takeaways From DOJ's Civil Cyber-Fraud Initiative," ABA Cyber Meeting
|
12.05.25
"Cyber Year in Review," The Coalition for Government Procurement
|
12.03.25
"Integrating AI into a Near-future Society: AI Privilge, AI Wearables and Agents," Moderator, IAPP Europe Data Protection Congress 2025
|
11.20.25
"Building Trusted Environments: Architecture, Privacy, and Design," Privacy + Security Forum
|
11.14.25
"An Interdisciplinary Approach to AI Development and Regulation," IAPP Privacy. Security. Risk. 2025
|
10.30.25
"CMMC Level 2: How to Start Preparing," 2025 PreVeil Virtual CMMC Summit
|
10.29.25
View All Speaking Engagements
Fastest 5 Minutes: CMMC
|
09.11.25
Fastest 5 Minutes: DOJ Guidance re DEI, White House AI Action Plan
|
08.04.25
Lightning Round: AI Usage by Employees—Safeguards for the Workplace
|
06.26.25
Fastest 5 Minutes: Supplier Performance Risk System, Procurement Integrity Act
|
03.30.23
Fastest 5 Minutes: National Cyber Security Strategy, CHIPS, Conflicts of Interest
|
03.21.23
Fastest 5 Minutes: SBIR and Contractor Minimum Wage
|
01.20.23
Byte-Sized Q&A: What is Controlled Unclassified Information?
|
03.08.21
Byte-Sized Q&A: What is an APT?
|
02.08.21
Byte-Sized Q&A: The CIA Triad
|
01.25.21
Byte-Sized Q&A: Why is I-O-T so H-O-T?
|
01.11.21
View All Podcast Episodes
Government Contractors, Take Note: Illinois Court Curtails Broad BIPA Exemption
|
05.07.26
Crowell & Moring’s Government Contracts Legal Forum
Drift Protocol Exploit: Why “Social Trust” Is the Newest Cybersecurity Gap
|
04.28.26
AI for Government: 7 Days for Contractor Comments on GSA Proposed Contract Clause for AI Systems
|
03.16.26
Crowell & Moring’s Government Contracts Legal Forum
DHS Announces Virtual Town Halls on CIRCIA Final Rule
|
02.20.26
Crowell & Moring’s Government Contracts Legal Forum
CMMC for AI? Defense Policy Law Imposes AI Security Framework and Requirements on Contractors
|
01.08.26
Crowell & Moring’s Government Contracts Legal Forum
The FY 2026 National Defense Authorization Act
|
12.29.25
Crowell & Moring’s Government Contracts Legal Forum
Fastest 5 Minutes: CMMC
|
09.19.25
Crowell & Moring’s Government Contracts Legal Forum

Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity
|
09.02.25
Crowell & Moring’s Government Contracts Legal Forum
Fastest 5 Minutes: DOJ Guidance re DEI, White House AI Action Plan
|
08.04.25
Crowell & Moring’s Government Contracts Legal Forum
Mini-Series on CIPA – Part 4: How Big is the Risk?
|
02.13.25
Crowell & Moring’s Data Law Insights
View All Blog Posts

View All Insights

Professionals

Justin B. Weiss
Senior Counsel, Crowell Global Advisors Senior Director
Washington, D.C.
D | +1.202.654.6729
IGpid2Vpc3NAY3Jvd2VsbC5jb20=
Privacy and Cybersecurity
Artificial Intelligence
Crowell Global Advisors
IGpid2Vpc3NAY3Jvd2VsbC5jb20=

View All Professionals

Insights

Event | 06.08.26

SCCE Higher Education Compliance Conference & HCCA Research Compliance

Crowell & Moring Senior Counsel Blaze Waleski, a member of the firm's Privacy & Cybersecurity Group, will be speaking at the SCCE Higher Education Compliance & HCCA Research Compliance Conference, taking place on Monday, June 8, 2026, at San Antonio, Texas. His presentation, "The Complex Legal Landscape for Privacy and AI," will take place at 2:15–3:15 PM CDT.

Blog Post | 05.07.26
Government Contractors, Take Note: Illinois Court Curtails Broad BIPA Exemption
Client Alert | 7 min read | 05.06.26
Artificial Intelligence and Human Resources in the EU - Part 2: AI Literacy - Employer AI Literacy Obligations under the EU AI Act
Client Alert | 4 min read | 05.06.26
Genetic Data and Artificial Intelligence Training Following Acquisitions: Emerging Litigation Risk and a Rapidly Expanding State Regulatory Landscape

View All Insights

Practices

Industries

Contacts

See All Professionals

Jeffrey L. Poston
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2775
anBvc3RvbkBjcm93ZWxsLmNvbQ==
Emma Wright
Partner
- London
  - D | +44.20.7413.1315
ZXdyaWdodEBjcm93ZWxsLmNvbQ==

Insights

Event | 06.08.26

SCCE Higher Education Compliance Conference & HCCA Research Compliance

Crowell & Moring Senior Counsel Blaze Waleski, a member of the firm's Privacy & Cybersecurity Group, will be speaking at the SCCE Higher Education Compliance & HCCA Research Compliance Conference, taking place on Monday, June 8, 2026, at San Antonio, Texas. His presentation, "The Complex Legal Landscape for Privacy and AI," will take place at 2:15–3:15 PM CDT.

Blog Post | 05.07.26
Government Contractors, Take Note: Illinois Court Curtails Broad BIPA Exemption
Client Alert | 7 min read | 05.06.26
Artificial Intelligence and Human Resources in the EU - Part 2: AI Literacy - Employer AI Literacy Obligations under the EU AI Act
Client Alert | 4 min read | 05.06.26
Genetic Data and Artificial Intelligence Training Following Acquisitions: Emerging Litigation Risk and a Rapidly Expanding State Regulatory Landscape

View All Insights

Privacy and Cybersecurity

Overview

Overview

Our Services

Risk Assessment and Compliance

Crisis Management and Investigations

Regulatory and Litigation Defense

Resources

Contacts

Insights

Insights

Publications

Client Alerts

Firm News

Press Coverage

Events

Webinars

Speaking Engagements

Podcasts

Blog Posts

Professionals

Insights

Practices

Industries

Contacts

Insights