Privacy and Cybersecurity

Overview

Today’s businesses operate in an environment marked by evolving and complex data protection laws and relentless cyber attacks by both private and state-sponsored actors. Remaining competitive while ensuring regulatory compliance across multiple jurisdictions and implementing a strong cyber defense can be daunting. Crowell offers companies an integrated approach to managing privacy and cybersecurity risks combining legal, technical, and regulatory experience in a single seamless team across global markets.

Crowell’s Privacy and Cybersecurity Group includes lawyers with extensive government, in-house, consulting, and technical experience across multiple industries. Where necessary, we integrate Crowell’s intellectual property, corporate, insurance, white collar, trade secrets, health care, energy, transportation, and government contracts capabilities to address the privacy and cybersecurity risks faced by our clients. We also work closely with our affiliate, Crowell Global Advisors, which is deeply involved with the privacy laws of Pacific Rim nations. Our lawyers regularly work with forensic professionals and coordinate with law enforcement.

Our Services

Risk Assessment and Compliance

Our team facilitates enterprise-wide cybersecurity and privacy risk assessments to mitigate threats and enhance legal compliance, including:

Holistic compliance strategies and assessments focused on industry-specific best practices and applicable laws, such as GDPR, CPRA, COPPA, HIPAA, and GLBA, as well as other government standards, such as the DFARS and CMMC.
Custom-designed incident response plans and training—through tabletop exercises and other tools—to ensure organizations respond efficiently and effectively to an incident.

Crisis Management and Investigations

We represent a wide range of clients who have experienced cyber and data incidents. Our work includes:

Responding to and managing privacy and data security incidents.
Crisis management when a privacy or security vulnerability is made public.
Collaborating with technical consultants as appropriate to determine the cause of the incident or system compromise.
Implementing long-term remediation solutions.
Engaging with federal and state enforcement agencies, as well as private stakeholders.

Regulatory and Litigation Defense

Our lawyers defend clients against class actions, regulatory enforcement actions, and other high-profile privacy/cyber–related matters that pose an existential threat in the digital economy. The team is recognized for developing proactive cyber strategies to disrupt and dismantle criminal organizations engaged in cybercrimes.

Resources

CMMC Registered Provider Organization

Certified Information Privacy Professionals (CIPP)

Crowell’s Privacy and Cybersecurity Group includes lawyers with extensive government, in-house, consulting, and technical experience across multiple industries. Where necessary, we integrate Crowell’s intellectual property, corporate, insurance, white collar, trade secrets, health care, energy, transportation, and government contracts capabilities to address the privacy and cybersecurity risks faced by our clients. We also work closely with our affiliate, Crowell Global Advisors, which is deeply involved with the privacy laws of Pacific Rim nations. Our lawyers regularly work with forensic professionals and coordinate with law enforcement.

Our Services

Risk Assessment and Compliance

Our team facilitates enterprise-wide cybersecurity and privacy risk assessments to mitigate threats and enhance legal compliance, including:

Holistic compliance strategies and assessments focused on industry-specific best practices and applicable laws, such as GDPR, CPRA, COPPA, HIPAA, and GLBA, as well as other government standards, such as the DFARS and CMMC.
Custom-designed incident response plans and training—through tabletop exercises and other tools—to ensure organizations respond efficiently and effectively to an incident.

Crisis Management and Investigations

We represent a wide range of clients who have experienced cyber and data incidents. Our work includes:

Responding to and managing privacy and data security incidents.
Crisis management when a privacy or security vulnerability is made public.
Collaborating with technical consultants as appropriate to determine the cause of the incident or system compromise.
Implementing long-term remediation solutions.
Engaging with federal and state enforcement agencies, as well as private stakeholders.

Regulatory and Litigation Defense

Our lawyers defend clients against class actions, regulatory enforcement actions, and other high-profile privacy/cyber–related matters that pose an existential threat in the digital economy. The team is recognized for developing proactive cyber strategies to disrupt and dismantle criminal organizations engaged in cybercrimes.

Resources

CMMC Registered Provider Organization

Certified Information Privacy Professionals (CIPP)

Contacts

See All Professionals

Jeffrey L. Poston
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2775
anBvc3RvbkBjcm93ZWxsLmNvbQ==
Emma Wright
Partner
- London
  - D | +44.20.7413.1315
ZXdyaWdodEBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 4 min read | 01.13.26

NIST Releases Draft Framework for AI Cybersecurity, Solicits Public Comment: What Organizations Using or Deploying AI Should Know

The National Institute of Standards and Technology (“NIST”) recently released draft guidelines for applying NIST’s Cybersecurity Framework to organizations adopting artificial intelligence. NIST requests public comments on its “Initial Preliminary Draft” Cybersecurity Framework Profile for Artificial Intelligence (the “Cyber AI Profile”) by midnight on January 30, 2026. ...

Blog Post | 01.08.26
CMMC for AI? Defense Policy Law Imposes AI Security Framework and Requirements on Contractors
Client Alert | 6 min read | 01.06.26
California Privacy Agency Launches Data Broker Strike Force Amid Delete Act Crackdown
Client Alert | 6 min read | 12.30.25
Investor Advisory Committee Recommends SEC Disclosure Guidelines for Artificial Intelligence

View All Insights

Insights

Client Alert | 4 min read | 01.13.26

NIST Releases Draft Framework for AI Cybersecurity, Solicits Public Comment: What Organizations Using or Deploying AI Should Know

Blog Post | 01.08.26

CMMC for AI? Defense Policy Law Imposes AI Security Framework and Requirements on Contractors

Client Alert | 6 min read | 01.06.26

California Privacy Agency Launches Data Broker Strike Force Amid Delete Act Crackdown

Client Alert | 6 min read | 12.30.25

Investor Advisory Committee Recommends SEC Disclosure Guidelines for Artificial Intelligence

International Comparative Legal Guide - Telecoms, Media & Internet 2026
|
12.15.25
iclg
Three Steps Tech Companies Can Take Today To Prepare To Ride A Blue Wave In 2026
|
11.14.25
Washington Technology
New Calif. Chatbot Bill May Make AI Assistants Into Liabilities
|
10.02.25
Law360
Ready To Know Your Data? Justice Department Issues Implementation And Enforcement Guidance For Data Security Program Protecting Bulk Sensitive Data
|
08.01.25
Journal of Federal Agency Action
Texas Just Created A New Model For State AI Regulation
|
07.17.25
Tech Policy Press
A Changing Tech and Legal Landscape in Corporate
|
01.28.25
Asia-Pacific Strives to Keep Pace with Cyber Threats
|
01.28.25
Changes to Critical Infrastructure Requirements
|
01.28.25
EU Artificial Intelligence Act
|
01.28.25
EU Cyber Resilience Act
|
01.28.25
View All Publications
NIST Releases Draft Framework for AI Cybersecurity, Solicits Public Comment: What Organizations Using or Deploying AI Should Know
|
01.13.26
California Privacy Agency Launches Data Broker Strike Force Amid Delete Act Crackdown
|
01.06.26
Investor Advisory Committee Recommends SEC Disclosure Guidelines for Artificial Intelligence
|
12.30.25
In Bid to Ban “Woke AI,” White House Imposes Transparency Requirements on Contractors
|
12.19.25
Executive Order Tries to Thwart “Onerous” AI State Regulation, Calls for National Framework
|
12.17.25
EU AI Act, GDPR, and Digital Laws Changes Proposed
|
12.01.25
Draft Executive Order Seeks to Short-Circuit AI State Regulation
|
11.24.25
DOJ Announces Major Enforcement Actions Targeting North Korean Remote IT Worker Schemes
|
11.18.25
The UK’s Cyber Security & Resilience Bill at a glance
|
11.18.25
The Password is “Louvre” – Lessons for Everyone from the Louvre’s Jewel Heist
|
11.13.25
View All Client Alerts
Crowell & Moring Partner Jennie Wang VonCannon Named to Daily Journal’s 2025 Top White Collar Lawyers List
|
12.10.25
Crowell & Moring’s Emma Wright Ranked Among Top 10 on Computer Weekly’s 2025 “50 Most Influential Women in UK Tech” List
|
11.11.25
Chambers Ranks Crowell & Moring Lawyers and Practice Groups in the 2026 UK Guide
|
10.16.25
Crowell Earns Top Rankings from Legal 500 United Kingdom 2026
|
10.14.25
Crowell Represents Parsons Corporation in Strategic $89M Acquisition
|
07.01.25
Crowell Earns Top Rankings from Legal 500 United States 2025
|
06.26.25
Senior DHS Cyber and Emerging Technology Official Matthew F. Ferraro Joins Crowell & Moring
|
06.24.25
Sharmistha Das, Former Homeland Security, White House, and Senate Official, Returns to Crowell & Moring
|
06.17.25
Crowell Attains Leading Rankings in Chambers USA 2025
|
06.05.25
Kristin Madigan Named 2025 Top Woman Lawyer by the Daily Journal
|
05.30.25
View All Firm News
President Trump Signs Executive Order to Block State AI Laws
|
12.15.25
VKTR
Pentagon begins enforcing CMMC compliance, but readiness gaps remain
|
11.10.25
DefenseScoop
California’s Landmark AI Transparency Law: Compliance Considerations
|
10.29.25
Cybersecurity Law Report
California’s Landmark AI Transparency Law: Covered Entities, Reporting Requirements And Penalties
|
10.29.25
Cybersecurity Law Report
AI Forces eCommerce Merchants to Confront New Challenges
|
10.06.25
PYMNTS
Why The Public And Private Sectors Must Collaborate To Develop Adaptive Cybersecurity Standards
|
10.01.25
Nasdaq
U.K. To Introduce Mandatory Ransomware Reporting, Raising Risk of ‘Box-Ticking’ Compliance
|
09.22.25
Compliance Week
Trump And Starmer’s £31bn Tech Deal Could Be A Game-Changer – But Lawyers Fear The Fine Print
|
09.19.25
The Lawyer
DOD's Cybersecurity Rule May Help Fend Off FCA Claims
|
09.09.25
Law360
Actor Will Smith’s New Videos Raise Fresh Concerns About The Use Of AI
|
08.30.25
Forbes
View All Press Coverage
Emerging Compliance and Enforcement Priorities in State Data Privacy and Cybersecurity: A Fireside Chat with Special Guest Connecticut Attorney General William Tong
|
07.29.25
Law-Tech Connect and XPONENTIAL 2025
|
05.19.25 - 05.22.25
Crowell's CMMC Day
|
04.10.25
CMMC Finalized: How to Prepare & Achieve Certification
|
11.19.24
Cyber Perspectives: Views from Attackers, Defenders, and Regulators
|
10.30.24
Cybersecurity Symposium: The Cyberside Chat
|
09.12.24
NCMA World Congress 2024
|
07.23.24
Higher Education & Healthcare Research Compliance Conference
|
06.12.24
ACC Foundation 2024 Cybersecurity Summit
|
03.26.24
Clinical Trials Masterclass
|
03.13.24 - 03.14.24
View All Events
The Artificial Intelligence Agenda from Capitol Hill to State Capitals: Where We Are and Where We Are (Probably) Going
|
10.16.25
Key Takeaways from DOJ’s Civil Cyber-Fraud Initiative
|
10.08.25
Scattered Spider Cybersecurity Attacks
|
06.05.25
SPX Technologies: AI in Legal and Cybersecurity for DoD Contractors
|
05.20.25
The Evolving AI Legal and Policy Landscape: Mid-2025 Update
|
04.22.25
Navigating the Complexities of Employment Law Impacting Geographically-Dispersed Workforces
|
March 26, 2025
Privacy and Cybersecurity Outlook: The 2025 Landscape
|
02.20.25
Civil Cyber-Fraud Enforcement: The Latest Developments and Risk-Mitigation Strategies
|
02.19.25
Cyber For All: A FAR CUI Proposed Rule Webinar
|
01.27.25
Coast To Coast Compliance: The Impact Of 2024 Employment Law Developments On Geographically-Dispersed Workforces
|
10.01.24
View All Webinars
"The State of AI Regulation", New York Technology Innovation 2025
|
12.11.25
"Key Takeaways From DOJ's Civil Cyber-Fraud Initiative," ABA Cyber Meeting
|
12.05.25
"Cyber Year in Review," The Coalition for Government Procurement
|
12.03.25
"Building Trusted Environments: Architecture, Privacy, and Design," Privacy + Security Forum
|
11.14.25
"An Interdisciplinary Approach to AI Development and Regulation," IAPP Privacy. Security. Risk. 2025
|
10.30.25
"CMMC Level 2: How to Start Preparing," 2025 PreVeil Virtual CMMC Summit
|
10.29.25
"CMMC Is Here – The Final DFARS Rule Takes Effect Soon, ABA Section of Public Contract Law," American Bar Association
|
10.28.25
"Legal Risks and False Claims Act Exposure from CMMC Self-Attestations and C3PAO Certifications," CS5 East 2025
|
10.17.25
"The Artificial Intelligence Agenda from Capitol Hill to State Capitals: Where We Are and Where We Are (Probably) Going," Crowell & Moring Webinar.
|
10.16.25
“Info Sec: safeguarding bank operations in the digital age,” Risk Live North America
|
10.08.25
View All Speaking Engagements
Fastest 5 Minutes: CMMC
|
09.11.25
Fastest 5 Minutes: DOJ Guidance re DEI, White House AI Action Plan
|
08.04.25
Lightning Round: AI Usage by Employees—Safeguards for the Workplace
|
06.26.25
Fastest 5 Minutes: Supplier Performance Risk System, Procurement Integrity Act
|
03.30.23
Fastest 5 Minutes: National Cyber Security Strategy, CHIPS, Conflicts of Interest
|
03.21.23
Fastest 5 Minutes: SBIR and Contractor Minimum Wage
|
01.20.23
Byte-Sized Q&A: What is Controlled Unclassified Information?
|
03.08.21
Byte-Sized Q&A: What is an APT?
|
02.08.21
Byte-Sized Q&A: The CIA Triad
|
01.25.21
Byte-Sized Q&A: Why is I-O-T so H-O-T?
|
01.11.21
View All Podcast Episodes
CMMC for AI? Defense Policy Law Imposes AI Security Framework and Requirements on Contractors
|
01.08.26
Crowell & Moring’s Government Contracts Legal Forum
The FY 2026 National Defense Authorization Act
|
12.29.25
Crowell & Moring’s Government Contracts Legal Forum
Fastest 5 Minutes: CMMC
|
09.19.25
Crowell & Moring’s Government Contracts Legal Forum

Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity
|
09.02.25
Crowell & Moring’s Government Contracts Legal Forum
Fastest 5 Minutes: DOJ Guidance re DEI, White House AI Action Plan
|
08.04.25
Crowell & Moring’s Government Contracts Legal Forum
Mini-Series on CIPA – Part 4: How Big is the Risk?
|
02.13.25
Crowell & Moring’s Data Law Insights
The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?
|
08.26.24
Crowell & Moring’s Data Law Insights
SEC “Encourages” Public Companies to Disclose “Immaterial” Cybersecurity Incidents Under Item 8.01 of Form 8-K
|
05.23.24
Crowell & Moring’s Data Law Insights
“Browsing and Location Data Are Sensitive . . .. Full Stop”
|
03.12.24
Crowell & Moring’s Data Law Insights
FTC Updates (August 7-25, 2023)
|
10.05.23
Crowell & Moring’s Retail & Consumer Products Law Observer
View All Blog Posts

View All Insights

Professionals

Justin B. Weiss
Crowell Global Advisors Senior Director, Senior Counsel
Washington, D.C. (CGA)
D | +1.202.654.6729
IGpid2Vpc3NAY3Jvd2VsbGdsb2JhbGFkdmlzb3JzLmNvbQ==
Crowell Global Advisors
Artificial Intelligence
Privacy and Cybersecurity
IGpid2Vpc3NAY3Jvd2VsbGdsb2JhbGFkdmlzb3JzLmNvbQ==

View All Professionals

Insights

Client Alert | 4 min read | 01.13.26

NIST Releases Draft Framework for AI Cybersecurity, Solicits Public Comment: What Organizations Using or Deploying AI Should Know

The National Institute of Standards and Technology (“NIST”) recently released draft guidelines for applying NIST’s Cybersecurity Framework to organizations adopting artificial intelligence. NIST requests public comments on its “Initial Preliminary Draft” Cybersecurity Framework Profile for Artificial Intelligence (the “Cyber AI Profile”) by midnight on January 30, 2026. ...

Blog Post | 01.08.26
CMMC for AI? Defense Policy Law Imposes AI Security Framework and Requirements on Contractors
Client Alert | 6 min read | 01.06.26
California Privacy Agency Launches Data Broker Strike Force Amid Delete Act Crackdown
Client Alert | 6 min read | 12.30.25
Investor Advisory Committee Recommends SEC Disclosure Guidelines for Artificial Intelligence

View All Insights

Practices

Industries

Contacts

See All Professionals

Jeffrey L. Poston
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2775
anBvc3RvbkBjcm93ZWxsLmNvbQ==
Emma Wright
Partner
- London
  - D | +44.20.7413.1315
ZXdyaWdodEBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 4 min read | 01.13.26

NIST Releases Draft Framework for AI Cybersecurity, Solicits Public Comment: What Organizations Using or Deploying AI Should Know

The National Institute of Standards and Technology (“NIST”) recently released draft guidelines for applying NIST’s Cybersecurity Framework to organizations adopting artificial intelligence. NIST requests public comments on its “Initial Preliminary Draft” Cybersecurity Framework Profile for Artificial Intelligence (the “Cyber AI Profile”) by midnight on January 30, 2026. ...

Blog Post | 01.08.26
CMMC for AI? Defense Policy Law Imposes AI Security Framework and Requirements on Contractors
Client Alert | 6 min read | 01.06.26
California Privacy Agency Launches Data Broker Strike Force Amid Delete Act Crackdown
Client Alert | 6 min read | 12.30.25
Investor Advisory Committee Recommends SEC Disclosure Guidelines for Artificial Intelligence

View All Insights

Privacy and Cybersecurity

Overview

Overview

Our Services

Risk Assessment and Compliance

Crisis Management and Investigations

Regulatory and Litigation Defense

Resources

Contacts

Insights

Insights

Publications

Client Alerts

Firm News

Press Coverage

Events

Webinars

Speaking Engagements

Podcasts

Blog Posts

Professionals

Insights

Practices

Industries

Contacts

Insights