Privacy and Cybersecurity

Overview

Today’s businesses operate in an environment marked by evolving and complex data protection laws and relentless cyber attacks by both private and state-sponsored actors. Remaining competitive while ensuring regulatory compliance across multiple jurisdictions and implementing a strong cyber defense can be daunting. Crowell offers companies an integrated approach to managing privacy and cybersecurity risks combining legal, technical, and regulatory experience in a single seamless team across global markets.

Crowell’s Privacy and Cybersecurity Group includes lawyers with extensive government, in-house, consulting, and technical experience across multiple industries. Where necessary, we integrate Crowell’s intellectual property, corporate, insurance, white collar, trade secrets, health care, energy, transportation, and government contracts capabilities to address the privacy and cybersecurity risks faced by our clients. We also work closely with our affiliate, Crowell Global Advisors, which is deeply involved with the privacy laws of Pacific Rim nations. Our lawyers regularly work with forensic professionals and coordinate with law enforcement.

Our Services

Risk Assessment and Compliance

Our team facilitates enterprise-wide cybersecurity and privacy risk assessments to mitigate threats and enhance legal compliance, including:

Holistic compliance strategies and assessments focused on industry-specific best practices and applicable laws, such as GDPR, CPRA, COPPA, HIPAA, and GLBA, as well as other government standards, such as the DFARS and CMMC.
Custom-designed incident response plans and training—through tabletop exercises and other tools—to ensure organizations respond efficiently and effectively to an incident.

Crisis Management and Investigations

We represent a wide range of clients who have experienced cyber and data incidents. Our work includes:

Responding to and managing privacy and data security incidents.
Crisis management when a privacy or security vulnerability is made public.
Collaborating with technical consultants as appropriate to determine the cause of the incident or system compromise.
Implementing long-term remediation solutions.
Engaging with federal and state enforcement agencies, as well as private stakeholders.

Regulatory and Litigation Defense

Our lawyers defend clients against class actions, regulatory enforcement actions, and other high-profile privacy/cyber–related matters that pose an existential threat in the digital economy. The team is recognized for developing proactive cyber strategies to disrupt and dismantle criminal organizations engaged in cybercrimes.

Resources

CMMC Registered Provider Organization

Certified Information Privacy Professionals (CIPP)

Crowell’s Privacy and Cybersecurity Group includes lawyers with extensive government, in-house, consulting, and technical experience across multiple industries. Where necessary, we integrate Crowell’s intellectual property, corporate, insurance, white collar, trade secrets, health care, energy, transportation, and government contracts capabilities to address the privacy and cybersecurity risks faced by our clients. We also work closely with our affiliate, Crowell Global Advisors, which is deeply involved with the privacy laws of Pacific Rim nations. Our lawyers regularly work with forensic professionals and coordinate with law enforcement.

Our Services

Risk Assessment and Compliance

Our team facilitates enterprise-wide cybersecurity and privacy risk assessments to mitigate threats and enhance legal compliance, including:

Holistic compliance strategies and assessments focused on industry-specific best practices and applicable laws, such as GDPR, CPRA, COPPA, HIPAA, and GLBA, as well as other government standards, such as the DFARS and CMMC.
Custom-designed incident response plans and training—through tabletop exercises and other tools—to ensure organizations respond efficiently and effectively to an incident.

Crisis Management and Investigations

We represent a wide range of clients who have experienced cyber and data incidents. Our work includes:

Responding to and managing privacy and data security incidents.
Crisis management when a privacy or security vulnerability is made public.
Collaborating with technical consultants as appropriate to determine the cause of the incident or system compromise.
Implementing long-term remediation solutions.
Engaging with federal and state enforcement agencies, as well as private stakeholders.

Regulatory and Litigation Defense

Our lawyers defend clients against class actions, regulatory enforcement actions, and other high-profile privacy/cyber–related matters that pose an existential threat in the digital economy. The team is recognized for developing proactive cyber strategies to disrupt and dismantle criminal organizations engaged in cybercrimes.

Resources

CMMC Registered Provider Organization

Certified Information Privacy Professionals (CIPP)

Contact

See All Professionals

Jeffrey L. Poston
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2775
anBvc3RvbkBjcm93ZWxsLmNvbQ==

Insights

Publication | 05.14.24

Privacy and Cybersecurity Outlook: The 2024 Landscape

Crowell & Moring’s Privacy and Cybersecurity Outlook: The 2024 Landscape offers clients forward-looking analysis on the biggest trends impacting their work across the world. This first edition marks a milestone for our premier Privacy and Cybersecurity group, which was recognized in 2023 as one of the leading U.S. practices for organizations and individuals facing cybersecurity incidents, data breaches, compliance concerns, and other privacy risks....

Webinar | 10.16.25
The Artificial Intelligence Agenda from Capitol Hill to State Capitals: Where We Are and Where We Are (Probably) Going
Client Alert | 4 min read | 09.23.25
A Special Relationship Reboot? The US-UK Tech Prosperity Deal
Client Alert | 9 min read | 09.22.25
From Deepfakes to Sanctions Violations: The Rise of North Korean Remote IT Worker Schemes

View All Insights

Insights

Publication | 05.14.24

Privacy and Cybersecurity Outlook: The 2024 Landscape

Webinar | 10.16.25

The Artificial Intelligence Agenda from Capitol Hill to State Capitals: Where We Are and Where We Are (Probably) Going

Client Alert | 4 min read | 09.23.25

A Special Relationship Reboot? The US-UK Tech Prosperity Deal

Client Alert | 9 min read | 09.22.25

From Deepfakes to Sanctions Violations: The Rise of North Korean Remote IT Worker Schemes

Client Alert | 5 min read | 09.22.25

Off the (Supply) Chain: Director of National Intelligence Issues First Exclusion and Removal Order Under the Federal Acquisition Supply Chain Security Act

Ready To Know Your Data? Justice Department Issues Implementation And Enforcement Guidance For Data Security Program Protecting Bulk Sensitive Data
|
08.01.25
Journal of Federal Agency Action
Texas Just Created A New Model For State AI Regulation
|
07.17.25
Tech Policy Press
A Changing Tech and Legal Landscape in Corporate
|
01.28.25
Asia-Pacific Strives to Keep Pace with Cyber Threats
|
01.28.25
Changes to Critical Infrastructure Requirements
|
01.28.25
EU Artificial Intelligence Act
|
01.28.25
EU Cyber Resilience Act
|
01.28.25
European Union Health Data Space
|
01.28.25
Guidance on Managing the Risks of AI Discrimination
|
01.28.25
How Businesses Can Navigate China’s Data Regulations in 2025
|
01.28.25
View All Publications
A Special Relationship Reboot? The US-UK Tech Prosperity Deal
|
09.23.25
From Deepfakes to Sanctions Violations: The Rise of North Korean Remote IT Worker Schemes
|
09.22.25
Off the (Supply) Chain: Director of National Intelligence Issues First Exclusion and Removal Order Under the Federal Acquisition Supply Chain Security Act
|
09.22.25
California’s Chatbot Bill May Impose Substantial Compliance Burdens on Many Companies Deploying AI Assistants
|
09.17.25
Finally, the CMMC Final Rule: DoD Completes CMMC Rulemaking, Ushering in New Era in DoD Cybersecurity
|
09.10.25
No Opt-Out for State Data Privacy Compliance: California, Colorado and Connecticut Keep Data Privacy Enforcement Pressure on with Joint Enforcement Sweep
|
09.10.25
DSIT's latest findings on AI, other emerging technologies and cyber security
|
08.14.25
Cloud GDPR risks highlighted by European Commission ruling over Microsoft 365 use
|
08.12.25
Series of Major Data Breaches Targeting the Insurance Industry
|
08.06.25
Children first: How Ofcom’s Children’s code and age checks change the digital game
|
07.29.25
View All Client Alerts
Crowell Represents Parsons Corporation in Strategic $89M Acquisition
|
07.01.25
Crowell Earns Top Rankings from Legal 500 United States 2025
|
06.26.25
Senior DHS Cyber and Emerging Technology Official Matthew F. Ferraro Joins Crowell & Moring
|
06.24.25
Sharmistha Das, Former Homeland Security, White House, and Senate Official, Returns to Crowell & Moring
|
06.17.25
Crowell Attains Leading Rankings in Chambers USA 2025
|
06.05.25
Kristin Madigan Named 2025 Top Woman Lawyer by the Daily Journal
|
05.30.25
Agustin Orozco and Jennie Wang VonCannon Named to LA Times Studios 2025 Legal Visionaries List
|
05.05.25
Crowell & Moring’s London Office Adds Leading AI and Emerging Tech Partner Emma Wright
|
04.15.25
Crowell & Moring Attorneys Honored With 2025 Burton Award for Distinguished Legal Writing
|
03.07.25
Chambers Ranks Crowell & Moring Practices and Lawyers in 2025 Global Guide
|
02.18.25
View All Firm News
Trump And Starmer’s £31bn Tech Deal Could Be A Game-Changer – But Lawyers Fear The Fine Print
|
09.19.25
The Lawyer
DOD's Cybersecurity Rule May Help Fend Off FCA Claims
|
09.09.25
Law360
Actor Will Smith’s New Videos Raise Fresh Concerns About The Use Of AI
|
08.30.25
Forbes
Federal Courts Said to Suffer Hack Similar to Earlier Breach
|
08.07.25
Bloomberg Law
Trump’s ‘truth seeking’ AI Executive Order Is A Complex, Expensive Policy, Experts Say
|
08.01.25
News from the States
CMMC accreditation body touts voluntary participation in assessments as final rulemaking gets closer to fruition
|
07.31.25
Trump Revealed New AI Action Plan— Here’s Where It Puts The US In Today’s Space Race: Expert
|
07.24.25
Forbes
Cyber War Stories, Supply Chain Blind Spots & Why AI Is the New Risk Frontier
|
07.23.25
Tech Talks
White House Poised To Unveil Plan Easing AI Regulation
|
07.22.25
CFO Dive
China’s cyber sector amplifies Beijing’s hacking of U.S. targets
|
07.16.25
The Washington Post
View All Press Coverage
Emerging Compliance and Enforcement Priorities in State Data Privacy and Cybersecurity: A Fireside Chat with Special Guest Connecticut Attorney General William Tong
|
07.29.25
Law-Tech Connect and XPONENTIAL 2025
|
05.19.25 - 05.22.25
Crowell's CMMC Day
|
04.10.25
CMMC Finalized: How to Prepare & Achieve Certification
|
11.19.24
Cyber Perspectives: Views from Attackers, Defenders, and Regulators
|
10.30.24
Cybersecurity Symposium: The Cyberside Chat
|
09.12.24
Data Privacy Fundamentals in the Age of AI
|
08.06.24
NCMA World Congress 2024
|
07.23.24
Higher Education & Healthcare Research Compliance Conference
|
06.12.24
LS-ISAO New York Workshop
|
04.04.24
View All Events
The Artificial Intelligence Agenda from Capitol Hill to State Capitals: Where We Are and Where We Are (Probably) Going
|
10.16.25
Scattered Spider Cybersecurity Attacks
|
06.05.25
SPX Technologies: AI in Legal and Cybersecurity for DoD Contractors
|
05.20.25
The Evolving AI Legal and Policy Landscape: Mid-2025 Update
|
04.22.25
Navigating the Complexities of Employment Law Impacting Geographically-Dispersed Workforces
|
March 26, 2025
Privacy and Cybersecurity Outlook: The 2025 Landscape
|
02.20.25
Civil Cyber-Fraud Enforcement: The Latest Developments and Risk-Mitigation Strategies
|
02.19.25
Cyber For All: A FAR CUI Proposed Rule Webinar
|
01.27.25
Coast To Coast Compliance: The Impact Of 2024 Employment Law Developments On Geographically-Dispersed Workforces
|
10.01.24
The Evolving AI Legal and Policy Landscape: Mid-2024 Update
|
07.25.24
View All Webinars
"Information Risk Management and Security," 3rd Annual Midwest Government Contracts Seminar, Chicago, IL.
|
09.17.25
"CMMC Final Rule: What to Know," Crowell & Moring Webinar.
|
09.15.25
"From Theory to Practice in the Age of Emerging Technology," Georgetown Law
|
09.11.25
"Crowell Atelier: Networking Breakfast for Luxury Clients," Crowell & Moring Seminar, New York, NY.
|
09.09.25
Cybersecurity and AI Governance: C-Suite and Board Strategy,” Loyola Law School Guest Lecture
|
08.29.25
"Cyber Update," The Coalition for Government Procurement
|
08.28.25
"A Fireside Chat with Special Guests from the Connecticut and New York Offices of the Attorney General Featuring Connecticut AG William Tong," Crowell & Moring Seminar, New York, NY.
|
07.29.25
"CMMC July 2025 Town Hall," The Cyber AB
|
07.29.25
"Private Equity & CMMC," Preveil
|
06.18.25
"Reducing Organizational Risk: Leveraging FedRAMP as a Roadmap for Security Resilience," RAMPCon
|
06.10.25
View All Speaking Engagements
Fastest 5 Minutes: CMMC
|
09.11.25
Fastest 5 Minutes: DOJ Guidance re DEI, White House AI Action Plan
|
08.04.25
Lightning Round: AI Usage by Employees—Safeguards for the Workplace
|
06.26.25
Fastest 5 Minutes: Supplier Performance Risk System, Procurement Integrity Act
|
03.30.23
Fastest 5 Minutes: National Cyber Security Strategy, CHIPS, Conflicts of Interest
|
03.21.23
Fastest 5 Minutes: SBIR and Contractor Minimum Wage
|
01.20.23
Byte-Sized Q&A: What is Controlled Unclassified Information?
|
03.08.21
Byte-Sized Q&A: What is an APT?
|
02.08.21
Byte-Sized Q&A: The CIA Triad
|
01.25.21
Byte-Sized Q&A: Why is I-O-T so H-O-T?
|
01.11.21
View All Podcast Episodes
Fastest 5 Minutes: CMMC
|
09.19.25
Crowell & Moring’s Government Contracts Legal Forum

Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity
|
09.02.25
Crowell & Moring’s Government Contracts Legal Forum
Fastest 5 Minutes: DOJ Guidance re DEI, White House AI Action Plan
|
08.04.25
Crowell & Moring’s Government Contracts Legal Forum
Mini-Series on CIPA – Part 4: How Big is the Risk?
|
02.13.25
Crowell & Moring’s Data Law Insights
The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?
|
08.26.24
Crowell & Moring’s Data Law Insights
SEC “Encourages” Public Companies to Disclose “Immaterial” Cybersecurity Incidents Under Item 8.01 of Form 8-K
|
05.23.24
Crowell & Moring’s Data Law Insights
“Browsing and Location Data Are Sensitive . . .. Full Stop”
|
03.12.24
Crowell & Moring’s Data Law Insights
FTC Updates (August 7-25, 2023)
|
10.05.23
Crowell & Moring’s Retail & Consumer Products Law Observer
FTC Policy Statement on Biometric Information and Section 5 of the FTC Act Frames Agency’s Approach to Deception and Unfairness, Signaling Enforcement Priorities
|
06.20.23
Crowell & Moring’s Data Law Insights
Impacts of the National Cybersecurity Strategy on Government and Private Sector Collaboration
|
06.15.23
Crowell & Moring’s Data Law Insights
View All Blog Posts

View All Insights

Professionals

View All Professionals

Insights

Publication | 05.14.24

Privacy and Cybersecurity Outlook: The 2024 Landscape

Crowell & Moring’s Privacy and Cybersecurity Outlook: The 2024 Landscape offers clients forward-looking analysis on the biggest trends impacting their work across the world. This first edition marks a milestone for our premier Privacy and Cybersecurity group, which was recognized in 2023 as one of the leading U.S. practices for organizations and individuals facing cybersecurity incidents, data breaches, compliance concerns, and other privacy risks....

Webinar | 10.16.25
The Artificial Intelligence Agenda from Capitol Hill to State Capitals: Where We Are and Where We Are (Probably) Going
Client Alert | 4 min read | 09.23.25
A Special Relationship Reboot? The US-UK Tech Prosperity Deal
Client Alert | 9 min read | 09.22.25
From Deepfakes to Sanctions Violations: The Rise of North Korean Remote IT Worker Schemes

View All Insights

Practices

Industries

Contact

See All Professionals

Jeffrey L. Poston
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2775
anBvc3RvbkBjcm93ZWxsLmNvbQ==

Insights

Publication | 05.14.24

Privacy and Cybersecurity Outlook: The 2024 Landscape

Crowell & Moring’s Privacy and Cybersecurity Outlook: The 2024 Landscape offers clients forward-looking analysis on the biggest trends impacting their work across the world. This first edition marks a milestone for our premier Privacy and Cybersecurity group, which was recognized in 2023 as one of the leading U.S. practices for organizations and individuals facing cybersecurity incidents, data breaches, compliance concerns, and other privacy risks....

Webinar | 10.16.25
The Artificial Intelligence Agenda from Capitol Hill to State Capitals: Where We Are and Where We Are (Probably) Going
Client Alert | 4 min read | 09.23.25
A Special Relationship Reboot? The US-UK Tech Prosperity Deal
Client Alert | 9 min read | 09.22.25
From Deepfakes to Sanctions Violations: The Rise of North Korean Remote IT Worker Schemes

View All Insights

Privacy and Cybersecurity

Overview

Overview

Our Services

Risk Assessment and Compliance

Crisis Management and Investigations

Regulatory and Litigation Defense

Resources

Contact

Insights

Insights

Publications

Client Alerts

Firm News

Press Coverage

Events

Webinars

Speaking Engagements

Podcasts

Blog Posts

Professionals

Insights

Practices

Industries

Contact

Insights