Privacy and Cybersecurity

Overview

Today’s businesses operate in an environment marked by evolving and complex data protection laws and relentless cyber attacks by both private and state-sponsored actors. Remaining competitive while ensuring regulatory compliance across multiple jurisdictions and implementing a strong cyber defense can be daunting. Crowell offers companies an integrated approach to managing privacy and cybersecurity risks combining legal, technical, and regulatory experience in a single seamless team across global markets.

Crowell’s Privacy and Cybersecurity Group includes lawyers with extensive government, in-house, consulting, and technical experience across multiple industries. Where necessary, we integrate Crowell’s intellectual property, corporate, insurance, white collar, trade secrets, health care, energy, transportation, and government contracts capabilities to address the privacy and cybersecurity risks faced by our clients. We also work closely with our affiliate, Crowell Global Advisors, which is deeply involved with the privacy laws of Pacific Rim nations. Our lawyers regularly work with forensic professionals and coordinate with law enforcement.

Our Services

Risk Assessment and Compliance

Our team facilitates enterprise-wide cybersecurity and privacy risk assessments to mitigate threats and enhance legal compliance, including:

Holistic compliance strategies and assessments focused on industry-specific best practices and applicable laws, such as GDPR, CPRA, COPPA, HIPAA, and GLBA, as well as other government standards, such as the DFARS and CMMC.
Custom-designed incident response plans and training—through tabletop exercises and other tools—to ensure organizations respond efficiently and effectively to an incident.

Crisis Management and Investigations

We represent a wide range of clients who have experienced cyber and data incidents. Our work includes:

Responding to and managing privacy and data security incidents.
Crisis management when a privacy or security vulnerability is made public.
Collaborating with technical consultants as appropriate to determine the cause of the incident or system compromise.
Implementing long-term remediation solutions.
Engaging with federal and state enforcement agencies, as well as private stakeholders.

Regulatory and Litigation Defense

Our lawyers defend clients against class actions, regulatory enforcement actions, and other high-profile privacy/cyber–related matters that pose an existential threat in the digital economy. The team is recognized for developing proactive cyber strategies to disrupt and dismantle criminal organizations engaged in cybercrimes.

Resources

CMMC Registered Provider Organization

Certified Information Privacy Professionals (CIPP)

Crowell’s Privacy and Cybersecurity Group includes lawyers with extensive government, in-house, consulting, and technical experience across multiple industries. Where necessary, we integrate Crowell’s intellectual property, corporate, insurance, white collar, trade secrets, health care, energy, transportation, and government contracts capabilities to address the privacy and cybersecurity risks faced by our clients. We also work closely with our affiliate, Crowell Global Advisors, which is deeply involved with the privacy laws of Pacific Rim nations. Our lawyers regularly work with forensic professionals and coordinate with law enforcement.

Our Services

Risk Assessment and Compliance

Our team facilitates enterprise-wide cybersecurity and privacy risk assessments to mitigate threats and enhance legal compliance, including:

Holistic compliance strategies and assessments focused on industry-specific best practices and applicable laws, such as GDPR, CPRA, COPPA, HIPAA, and GLBA, as well as other government standards, such as the DFARS and CMMC.
Custom-designed incident response plans and training—through tabletop exercises and other tools—to ensure organizations respond efficiently and effectively to an incident.

Crisis Management and Investigations

We represent a wide range of clients who have experienced cyber and data incidents. Our work includes:

Responding to and managing privacy and data security incidents.
Crisis management when a privacy or security vulnerability is made public.
Collaborating with technical consultants as appropriate to determine the cause of the incident or system compromise.
Implementing long-term remediation solutions.
Engaging with federal and state enforcement agencies, as well as private stakeholders.

Regulatory and Litigation Defense

Our lawyers defend clients against class actions, regulatory enforcement actions, and other high-profile privacy/cyber–related matters that pose an existential threat in the digital economy. The team is recognized for developing proactive cyber strategies to disrupt and dismantle criminal organizations engaged in cybercrimes.

Resources

CMMC Registered Provider Organization

Certified Information Privacy Professionals (CIPP)

Contacts

See All Professionals

Jeffrey L. Poston
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2775
anBvc3RvbkBjcm93ZWxsLmNvbQ==
Emma Wright
Partner
- London
  - D | +44.20.7413.1315
ZXdyaWdodEBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 4 min read | 11.18.25

DOJ Announces Major Enforcement Actions Targeting North Korean Remote IT Worker Schemes

On November 14, 2025, the U.S. Department of Justice (DOJ) announced a sweeping series of enforcement actions, including four guilty pleas and more than $15 million in civil forfeitures against the Democratic People’s Republic of Korea (DPRK or North Korea) for remote information technology (IT) worker schemes. These actions underscore the federal government’s escalating focus on the exposure of U.S. companies to North Korean IT worker infiltration, following a series of U.S. Government action against the DPRK....

Client Alert | 6 min read | 11.18.25
The UK’s Cyber Security & Resilience Bill at a glance
Speaking Engagement | 11.14.25
"Building Trusted Environments: Architecture, Privacy, and Design," Privacy + Security Forum
Publication | 11.14.25
Three Steps Tech Companies Can Take Today To Prepare To Ride A Blue Wave In 2026

View All Insights

Insights

Client Alert | 4 min read | 11.18.25

DOJ Announces Major Enforcement Actions Targeting North Korean Remote IT Worker Schemes

Client Alert | 6 min read | 11.18.25

The UK’s Cyber Security & Resilience Bill at a glance

Speaking Engagement | 11.14.25

"Building Trusted Environments: Architecture, Privacy, and Design," Privacy + Security Forum

Publication | 11.14.25

Three Steps Tech Companies Can Take Today To Prepare To Ride A Blue Wave In 2026

Three Steps Tech Companies Can Take Today To Prepare To Ride A Blue Wave In 2026
|
11.14.25
Washington Technology
New Calif. Chatbot Bill May Make AI Assistants Into Liabilities
|
10.02.25
Law360
Ready To Know Your Data? Justice Department Issues Implementation And Enforcement Guidance For Data Security Program Protecting Bulk Sensitive Data
|
08.01.25
Journal of Federal Agency Action
Texas Just Created A New Model For State AI Regulation
|
07.17.25
Tech Policy Press
A Changing Tech and Legal Landscape in Corporate
|
01.28.25
Asia-Pacific Strives to Keep Pace with Cyber Threats
|
01.28.25
Changes to Critical Infrastructure Requirements
|
01.28.25
EU Artificial Intelligence Act
|
01.28.25
EU Cyber Resilience Act
|
01.28.25
European Union Health Data Space
|
01.28.25
View All Publications
DOJ Announces Major Enforcement Actions Targeting North Korean Remote IT Worker Schemes
|
11.18.25
The UK’s Cyber Security & Resilience Bill at a glance
|
11.18.25
The Password is “Louvre” – Lessons for Everyone from the Louvre’s Jewel Heist
|
11.13.25
Federal and State Regulators Target AI Chatbots and Intimate Imagery
|
10.30.25
Enhancing UK cyber security resilience and leadership engagement
|
10.29.25
Report as Spam? A New Wave of California Anti-Spam Class Actions Raises Significant Risks for Email Marketers
|
10.27.25
North Korean Threat Actors Target European Drone Makers
|
10.24.25
Ransomware on the Rise: The Expanding Role of Legal Counsel in Incident Response
|
10.23.25
California’s AI Transparency Act (CAITA) May be Amended to Regulate Social Media Platforms
|
10.08.25
Hacker No Fly Zone: FAA and TSA Propose Cybersecurity Rules for Drone Ecosystem
|
10.08.25
View All Client Alerts
Crowell & Moring’s Emma Wright Ranked Among Top 10 on Computer Weekly’s 2025 “50 Most Influential Women in UK Tech” List
|
11.11.25
Chambers Ranks Crowell & Moring Lawyers and Practice Groups in the 2026 UK Guide
|
10.16.25
Crowell Earns Top Rankings from Legal 500 United Kingdom 2026
|
10.14.25
Crowell Represents Parsons Corporation in Strategic $89M Acquisition
|
07.01.25
Crowell Earns Top Rankings from Legal 500 United States 2025
|
06.26.25
Senior DHS Cyber and Emerging Technology Official Matthew F. Ferraro Joins Crowell & Moring
|
06.24.25
Sharmistha Das, Former Homeland Security, White House, and Senate Official, Returns to Crowell & Moring
|
06.17.25
Crowell Attains Leading Rankings in Chambers USA 2025
|
06.05.25
Kristin Madigan Named 2025 Top Woman Lawyer by the Daily Journal
|
05.30.25
Agustin Orozco and Jennie Wang VonCannon Named to LA Times Studios 2025 Legal Visionaries List
|
05.05.25
View All Firm News
Pentagon begins enforcing CMMC compliance, but readiness gaps remain
|
11.10.25
DefenseScoop
California’s Landmark AI Transparency Law: Compliance Considerations
|
10.29.25
Cybersecurity Law Report
California’s Landmark AI Transparency Law: Covered Entities, Reporting Requirements And Penalties
|
10.29.25
Cybersecurity Law Report
AI Forces eCommerce Merchants to Confront New Challenges
|
10.06.25
PYMNTS
Why The Public And Private Sectors Must Collaborate To Develop Adaptive Cybersecurity Standards
|
10.01.25
Nasdaq
U.K. To Introduce Mandatory Ransomware Reporting, Raising Risk of ‘Box-Ticking’ Compliance
|
09.22.25
Compliance Week
Trump And Starmer’s £31bn Tech Deal Could Be A Game-Changer – But Lawyers Fear The Fine Print
|
09.19.25
The Lawyer
DOD's Cybersecurity Rule May Help Fend Off FCA Claims
|
09.09.25
Law360
Actor Will Smith’s New Videos Raise Fresh Concerns About The Use Of AI
|
08.30.25
Forbes
Law Firms Face Hurdles Advising In-House Depts. On AI Risks
|
08.14.25
Law360
View All Press Coverage
Emerging Compliance and Enforcement Priorities in State Data Privacy and Cybersecurity: A Fireside Chat with Special Guest Connecticut Attorney General William Tong
|
07.29.25
Law-Tech Connect and XPONENTIAL 2025
|
05.19.25 - 05.22.25
Crowell's CMMC Day
|
04.10.25
CMMC Finalized: How to Prepare & Achieve Certification
|
11.19.24
Cyber Perspectives: Views from Attackers, Defenders, and Regulators
|
10.30.24
Cybersecurity Symposium: The Cyberside Chat
|
09.12.24
Data Privacy Fundamentals in the Age of AI
|
08.06.24
NCMA World Congress 2024
|
07.23.24
Higher Education & Healthcare Research Compliance Conference
|
06.12.24
ACC Foundation 2024 Cybersecurity Summit
|
03.26.24
View All Events
The Artificial Intelligence Agenda from Capitol Hill to State Capitals: Where We Are and Where We Are (Probably) Going
|
10.16.25
Key Takeaways from DOJ’s Civil Cyber-Fraud Initiative
|
10.08.25
Scattered Spider Cybersecurity Attacks
|
06.05.25
SPX Technologies: AI in Legal and Cybersecurity for DoD Contractors
|
05.20.25
The Evolving AI Legal and Policy Landscape: Mid-2025 Update
|
04.22.25
Navigating the Complexities of Employment Law Impacting Geographically-Dispersed Workforces
|
March 26, 2025
Privacy and Cybersecurity Outlook: The 2025 Landscape
|
02.20.25
Civil Cyber-Fraud Enforcement: The Latest Developments and Risk-Mitigation Strategies
|
02.19.25
Cyber For All: A FAR CUI Proposed Rule Webinar
|
01.27.25
Coast To Coast Compliance: The Impact Of 2024 Employment Law Developments On Geographically-Dispersed Workforces
|
10.01.24
View All Webinars
"Building Trusted Environments: Architecture, Privacy, and Design," Privacy + Security Forum
|
11.14.25
"An Interdisciplinary Approach to AI Development and Regulation," IAPP Privacy. Security. Risk. 2025
|
10.30.25
"CMMC Level 2: How to Start Preparing," 2025 PreVeil Virtual CMMC Summit
|
10.29.25
"CMMC Is Here – The Final DFARS Rule Takes Effect Soon, ABA Section of Public Contract Law," American Bar Association
|
10.28.25
"Legal Risks and False Claims Act Exposure from CMMC Self-Attestations and C3PAO Certifications," CS5 East 2025
|
10.17.25
"The Artificial Intelligence Agenda from Capitol Hill to State Capitals: Where We Are and Where We Are (Probably) Going," Crowell & Moring Webinar.
|
10.16.25
“Info Sec: safeguarding bank operations in the digital age,” Risk Live North America
|
10.08.25
"Key Takeaways from DOJ’s Civil-Cyber Fraud Initiative," Crowell & Moring Webinar
|
10.08.25
"Cyber, Digital, AI, Insider Comprehensive Risk Management," C-Sweet Los Angeles Chapter Networking Event
|
10.07.25
“Cybersecurity in the Age of AI,” IAPP AI Governance Global North America 2025
|
09.17.25
View All Speaking Engagements
Fastest 5 Minutes: CMMC
|
09.11.25
Fastest 5 Minutes: DOJ Guidance re DEI, White House AI Action Plan
|
08.04.25
Lightning Round: AI Usage by Employees—Safeguards for the Workplace
|
06.26.25
Fastest 5 Minutes: Supplier Performance Risk System, Procurement Integrity Act
|
03.30.23
Fastest 5 Minutes: National Cyber Security Strategy, CHIPS, Conflicts of Interest
|
03.21.23
Fastest 5 Minutes: SBIR and Contractor Minimum Wage
|
01.20.23
Byte-Sized Q&A: What is Controlled Unclassified Information?
|
03.08.21
Byte-Sized Q&A: What is an APT?
|
02.08.21
Byte-Sized Q&A: The CIA Triad
|
01.25.21
Byte-Sized Q&A: Why is I-O-T so H-O-T?
|
01.11.21
View All Podcast Episodes
Fastest 5 Minutes: CMMC
|
09.19.25
Crowell & Moring’s Government Contracts Legal Forum

Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity
|
09.02.25
Crowell & Moring’s Government Contracts Legal Forum
Fastest 5 Minutes: DOJ Guidance re DEI, White House AI Action Plan
|
08.04.25
Crowell & Moring’s Government Contracts Legal Forum
Mini-Series on CIPA – Part 4: How Big is the Risk?
|
02.13.25
Crowell & Moring’s Data Law Insights
The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?
|
08.26.24
Crowell & Moring’s Data Law Insights
SEC “Encourages” Public Companies to Disclose “Immaterial” Cybersecurity Incidents Under Item 8.01 of Form 8-K
|
05.23.24
Crowell & Moring’s Data Law Insights
“Browsing and Location Data Are Sensitive . . .. Full Stop”
|
03.12.24
Crowell & Moring’s Data Law Insights
FTC Updates (August 7-25, 2023)
|
10.05.23
Crowell & Moring’s Retail & Consumer Products Law Observer
FTC Policy Statement on Biometric Information and Section 5 of the FTC Act Frames Agency’s Approach to Deception and Unfairness, Signaling Enforcement Priorities
|
06.20.23
Crowell & Moring’s Data Law Insights
Impacts of the National Cybersecurity Strategy on Government and Private Sector Collaboration
|
06.15.23
Crowell & Moring’s Data Law Insights
View All Blog Posts

View All Insights

Professionals

Justin B. Weiss
Crowell Global Advisors Senior Director, Senior Counsel
Washington, D.C. (CGA)
D | +1.202.654.6729
IGpid2Vpc3NAY3Jvd2VsbGdsb2JhbGFkdmlzb3JzLmNvbQ==
Crowell Global Advisors
Artificial Intelligence
Privacy and Cybersecurity
IGpid2Vpc3NAY3Jvd2VsbGdsb2JhbGFkdmlzb3JzLmNvbQ==

View All Professionals

Insights

Client Alert | 4 min read | 11.18.25

DOJ Announces Major Enforcement Actions Targeting North Korean Remote IT Worker Schemes

On November 14, 2025, the U.S. Department of Justice (DOJ) announced a sweeping series of enforcement actions, including four guilty pleas and more than $15 million in civil forfeitures against the Democratic People’s Republic of Korea (DPRK or North Korea) for remote information technology (IT) worker schemes. These actions underscore the federal government’s escalating focus on the exposure of U.S. companies to North Korean IT worker infiltration, following a series of U.S. Government action against the DPRK....

Client Alert | 6 min read | 11.18.25
The UK’s Cyber Security & Resilience Bill at a glance
Speaking Engagement | 11.14.25
"Building Trusted Environments: Architecture, Privacy, and Design," Privacy + Security Forum
Publication | 11.14.25
Three Steps Tech Companies Can Take Today To Prepare To Ride A Blue Wave In 2026

View All Insights

Practices

Industries

Contacts

See All Professionals

Jeffrey L. Poston
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2775
anBvc3RvbkBjcm93ZWxsLmNvbQ==
Emma Wright
Partner
- London
  - D | +44.20.7413.1315
ZXdyaWdodEBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 4 min read | 11.18.25

DOJ Announces Major Enforcement Actions Targeting North Korean Remote IT Worker Schemes

On November 14, 2025, the U.S. Department of Justice (DOJ) announced a sweeping series of enforcement actions, including four guilty pleas and more than $15 million in civil forfeitures against the Democratic People’s Republic of Korea (DPRK or North Korea) for remote information technology (IT) worker schemes. These actions underscore the federal government’s escalating focus on the exposure of U.S. companies to North Korean IT worker infiltration, following a series of U.S. Government action against the DPRK....

Client Alert | 6 min read | 11.18.25
The UK’s Cyber Security & Resilience Bill at a glance
Speaking Engagement | 11.14.25
"Building Trusted Environments: Architecture, Privacy, and Design," Privacy + Security Forum
Publication | 11.14.25
Three Steps Tech Companies Can Take Today To Prepare To Ride A Blue Wave In 2026

View All Insights

Privacy and Cybersecurity

Overview

Overview

Our Services

Risk Assessment and Compliance

Crisis Management and Investigations

Regulatory and Litigation Defense

Resources

Contacts

Insights

Insights

Publications

Client Alerts

Firm News

Press Coverage

Events

Webinars

Speaking Engagements

Podcasts

Blog Posts

Professionals

Insights

Practices

Industries

Contacts

Insights