Mr. Kantrowitz advises clients on privacy and cybersecurity matters in a variety of industries, including healthcare, technology and the cloud, and financial services. He has advised on complex and high-profile data breaches across the country, and counsels clients on incident response strategy, crisis management, and legal and regulatory obligations. Mr. Kantrowitz has defended companies against regulatory investigations including from the U.S. Department of Health and Human Services Office of Civil Rights, Federal Trade Commission, Securities and Exchange Commission, and by tens of state attorneys general including New York, Connecticut, Indiana, among many others.
He also regularly advises both public and private companies on their privacy and data security policies and practices, and on the risks and benefits of business decisions, from both regulatory and risk management perspectives. Mr. Kantrowitz counsels on the full spectrum of privacy and data security laws including CCPA, GDPR, HIPAA, COPPA, CAN-SPAM, GLBA, SCA, VPPA, state biometric privacy laws, as well as dozens of state privacy and data breach notification statutes. He also frequently advises on privacy and cybersecurity issues in transactions and IPOs. Above all, Mr. Kantrowitz stands out for his practical, actionable advice that guides companies through some of their most pressing and difficult problems.
Mr. Kantrowitz’s recent representative matters include:
Incident Response
- Represented leading cryptocurrency brokerage in massive data breach that exposed personal information belonging to over one million users.
- Advised dozens of clients on dozens of Office 365 business email interruption matters, involving anywhere from between one to over 100 affected mailboxes.
- Counseled health care payment platform in connection with a highly-sophisticated attack on its system that resulted in the theft of over $10 million in customer funds.
- Advised leading cloud services and identity management company on a massive data breach in which an unauthorized user gained access to the company’s entire U.S. credential database.
- Guided a leading customer service software company through data security incident that compromised thousands of corporate accounts.
- Advised multinational education publishing company in connection with data breach involving large number of user records.
- Represented a global financial services provider on email intrusion that lead to the exposure of thousands of health insurance records, including information protected under HIPAA.
Regulatory Advice & Counseling
- Advised public financial software company with biometric privacy issues in connection with rollout of new products.
- Advised dozens of clients on implementation of CCPA, including drafting of privacy policies and contract addenda, and on scope of GLBA exemption.
- Advised numerous companies including in financial services and tech on COPPA applicability and implementation.
- Regularly advise and draft privacy policies, terms of use, consent forms and consent screens, and other disclosures.
- Counseled online video company on VPPA compliance matters.
- Drafted and negotiated dozens of contract provisions relating to privacy requirements, data security standards, and data breach notification requirements.
- Conducted due diligence and reverse due diligence for numerous clients on data privacy and cybersecurity issues.
Mr. Kantrowitz also maintains an active pro bono practice, including securing permanent residence status for a Guatemalan unaccompanied minor.