Professionals >

Crowell & Moring’s Privacy & Cybersecurity Group guides colleges, universities, academic medical centers, research institutes and those who service them through the myriad federal and other laws governing the collection, use, and protection of data. Our goal is to help our higher education clients further their unique role in facilitating the flow and use of information, while ensuring its utmost security.

Our approach is holistic and draws from experience across the firm. We integrate our understanding of intellectual property, trade secrets, health care, government contracts, corporate, and white collar law to address the most pressing privacy and cybersecurity issues facing educational institutions. Our cross-disciplinary team is devoted to innovative, cost-effective, and sustainable solutions, in partnership with each institution, tailored to its needs.  

On the front end, we counsel and train institutions on how to strengthen their security, develop and implement privacy and data protection programs, and comply with applicable laws. On the back end, we have extensive experience managing the crises that can arise in the event of a breach, including those involving personal information, trade secrets, and other proprietary information at the heart of university research. We are on the ground from initial internal investigations to notifications, and we routinely interface with federal and state enforcement agencies and defend against class actions. Data infiltration need not spell catastrophe.  Rather, proper crisis management, including timely remedial action and accurate assessments of harm, can mitigate and even salvage a breach crisis. We counsel our clients through every step, all while appreciating the exceptional issues raised by the multitude of academic stakeholders.

In addition to our extensive experience with U.S. federal and state privacy laws, we have a wealth of experience regarding global privacy issues that aids our educational clients who are looking to capitalize their assets by venturing into the global market. Our European practice is focused on current and proposed EU privacy laws, and is experienced in conducting data protection audits and dealing with government authorities to implement and maintain annual registrations of data practices. We also work closely with our affiliate, C&M International, which is deeply involved with the privacy laws of Pacific Rim nations, including South Korea and China. 


We have counseled and defended clients regarding issues in the following areas:

  • Family Educational Rights and Privacy Act (FERPA)
  • Fair Credit Reporting Act
  • Computer Fraud and Abuse Act
  • CAN-SPAM Act
  • Telephone Consumer Protection Act (TCPA)
  • Fair and Accurate Credit Transactions Act (including Red Flags Rule)
  • Federal Trade Commission Act
  • State notification and encryption laws
  • Global privacy policies and procedures
  • EU Data Protection Directive
  • EU E-Commerce Directive
  • Internet privacy statements
  • Data management
  • Compliance audits
  • Contracts for cross-border transfers of data
  • Safe Harbor Program certifications
  • FISMA and NIST standards
  • SAFETY Act
  • Cloud computing
  • Trade secrets protection and litigation
  • Intellectual property (IP) security
  • Federal and state law coordination

Click here to view representative engagements.

View More

"Anatomy of a Data Breach: What You Say (or Don’t Say) Can Hurt You," RSA Charge Conference, Orlando, FL (September 19, 2019). Speaker: Evan D. Wolff.
"Anatomy of a Data Breach: What You Say (or Don’t Say) Can Hurt You," RSA Charge 2019 Conference, Orlando, FL (September 18, 2019). Presenter: Evan D. Wolff.
"NERC Issues “Lesson Learned” From a Cyberattack on an Electricity Control Center," Energy Law Alert (September 13, 2019). Contacts: Deborah A. Carpentier, Richard Lehfeldt, Evan D. Wolff, Maida Oringher Lerner, Matthew B. Welling
Client Alert/Newsletter
OCR Announces First Enforcement Action Under Its Right to Access Initiative (September 11, 2019). Authors: Jodi G. Daniel and Brandon C. Ge.
Is the GDPR Creating a Cat-and-Mouse Game Between Advertisers and Regulators? ALM LegalTech News (September 11, 2019)
In the News
Is The GDPR Creating A Cat-And-Mouse Game Between Advertisers And Regulators? ALM LegalTech News (September 11, 2019)
In the News
"Cybersecurity Maturity Model Matures: DoD Adds New Requirements to Draft Cybersecurity Certification," Government Contracts Bullet Points (September 10, 2019). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Maida Oringher Lerner, Michael G. Gruden, CIPP/G
Client Alert/Newsletter
"The Anatomy of a Data Breach," Cyber Day on the Hill, The U.S. Capitol, Washington, D.C. (September 5, 2019). Presenter: Evan D. Wolff.
What we can learn about joint controllership from the CJEU Fashion ID ruling (August 21, 2019). Authors: Maarten Stassen and Heidi Waem.
Will Social Media Platforms Get A Friend Request From The FCC? ALM LegalTech News (August 21, 2019)
In the News

To view more News & Events for this area, please go to our desktop site.

Crowell & Moring LLP is an international law firm with more than 500 lawyers representing clients in litigation and arbitration, regulatory, and transactional matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation, as well as its ongoing commitment to pro bono service and diversity. The firm has offices in Washington, DC, New York, Los Angeles, San Francisco, Orange County, London, and Brussels.

View Desktop Site | Mobile Sitemap

Contact | Subscribe | Terms of Use/Privacy Policy | Alumni

© Crowell & Moring LLP 2019
Attorney advertising - prior results do not guarantee a similar outcome.