Data Security and Privacy Law


Representative Matters

With a practice team that includes a partner who is certified as CIPP/US (a Certified Information Privacy Professional designation for the U.S. private-sector from the International Association of Privacy Professionals), and its extensive experience in counseling clients on insurance issues, Butler Rubin’s Data Security and Privacy Law Practice counsels clients through all stages of data security and privacy, from proactive assessments and implementation of policies and procedures through all states of litigation.

Firm offerings include:

Assessment/Policy Drafting/Best Practices

This offering consists of a number of steps to address your organization’s cyber needs.

Steps include:

  • Draft Coverage Clash/Policy Wording for Insurers
  • Inventory/Assessment
  • IT Phishing and Penetration Testing- Partnering with vendors, these tests would indicate your organization’s vulnerabilities
  • Prepare Incident Response Plans
  • Privacy Policies and Procedures
  • Training and Policies Rollout


Butler Rubin has long been a leader in ADR and counsels a major dispute resolution association on cyber issues. We have developed extensive experience in privacy and data security and the combination of these two areas benefits our clients who are seeking resolution of disputes in arbitration.

Data Breach Coverage Litigation

Butler Rubin has a long history of litigating disputes for our insurance and reinsurance clients on complex coverage and insurance issues. Given that experience as well as our regulatory practice, we are equipped to represent you should a cyber dispute arise.

The following describes some of the firm’s representative experience involving cyber and privacy:

  • Advise organizations on privacy processes and procedures and recommend adoption of best practices to enhance its privacy.
  • Advise clients on vendor contract revisions and best practices to address data and privacy concerns.
  • Advise financial services clients on the New York Department of Financial Services cybersecurity regulations and the recently approved NAIC Model Cybersecurity Law.
  • Train a law department of a large multinational insurance organization on the Rules of Professional Conduct and technology and privacy laws.
  • Train general counsel organization on the Rules of Professional Conduct and technology and privacy laws.
  • Research and analyze privacy and email rules and data retention laws and requirements on a worldwide basis for clients.