This course, provided by Privacy & Data Security attorney James Mariani, provides an overview of data breach from a general, risk-based, and legal compliance perspective through the lens of both preparing for and responding to any data incident. The program will begin by discussing the consequences and costs of a data breach after one occurs (including after the California Consumer Privacy Act’s private right of action goes into effect) as well as common sources of vulnerability including through email inbox phishing, Internet of Things (IoT) devices, and zero day vulnerabilities. This will involve a systematic discussion of what to do when any data incident occurs as well as the old and new regulatory mechanisms aimed at both prevention and response to a data breach. Finally, the course will discuss the concept of the information security program as both a means of compliance with regulatory mechanisms (and to ease regulatory ire in the event of an incident) and as a necessary measure towards the effort of preventing data incidents (to the extent possible).
Topics to be covered include data breach notification statutes, the California Consumer Privacy Act, the General Data Protection Regulation, regulatory enforcement, data security vulnerabilities, and the Information security program, including data governance as a whole, regulatory impact and risks, and tackling an information security policy’s implementation and integration.
James Mariani is an associate in the Privacy & Data Security Group.
Mr. Mariani handles regulatory, operational, and transactional matters related to data privacy, security, and incident response. He advises on a wide variety of technology-based and digital media issues at the crossroads of business, law, and technology. For instance, Mr. Mariani is currently counseling clients regarding compliance with the General Data Protection Regulation (GDPR) and the forthcoming California Consumer Privacy Act (CCPA), coordinating correspondence among client business, design, IT, management, and legal teams. This work can range from managing the practical effect of gaining user consents on UI/UX to assessing risk in strategy when creating processes for handling data subject access requests (DSARs).
In his data security incident response practice, Mr. Mariani draws on his investigative background as a former cybercrimes prosecutor to help clients navigate forensic investigation and regulatory requirements including notification requirements. Mr. Mariani also assists clients on the preventative side of data breach by drafting information security policies and incident response plans.
Mr. Mariani earned a Master of Laws at Cornell Tech focused on the intersection of product development and law in technology transactions such as IP licensing and data ownership, high growth corporate transactions related to VC funding, and product development including privacy by design, security by design, product management, and UI/UX design. He deploys this expertise in advising on data transfer, data and IP licensing, consent flows, consumer interaction and protection, regulatory enforcement, and pre-litigation investigation and dispute strategy.
Prior to joining Frankfurt Kurnit, Mr. Mariani worked as an Assistant District Attorney at the Kings County District Attorney’s Office, where he prosecuted cybercrime and complex fraud — leading multiple long-term investigations to indictment and arrest. His practice included investigation and litigation focused on computer intrusion, identity theft, finance, healthcare, labor, and real estate. He has tried bench and jury trials in criminal, supreme, and federal court.
Mr. Mariani is certified as an Information Privacy Professional in U.S. specific laws (CIPP/US) as well as that of the European Union (CIPP/E), and is admitted to practice in New York.