Cyber Security and Data Privacy Practice Group

Dorf & Nelson's Cyber Security and Data Privacy practice represents small and large businesses on all Cyber and Privacy-related legal matters, including legal opinion for obtaining cyber insurance, mergers and acquisitions, corporate security audits, regulatory compliance, risk analysis, drafting & reviewing of contracts from a Cyber Security and Privacy perspective, as well as, drafting & reviewing of Cyber Security policies, standards, and procedures.


  • Jake Firestein
  • Bernadette M. Silverstein

Drafting and reviewing of Policies, Standards, and Procedures

The foundation of any cyber security program lies within the documents that support the program. Therefore, it is extremely important to draft policies, standards, and procedures aligned to meet company goals, minimize risks, and meet compliance and regulatory requirements. Our attorneys are well-versed in drafting policies to align with Industry Standard Frameworks such as CMMC, NIST 800-171, NIST 800-53, ISO 27001, CIS Critical Security Controls, and many others.

Legal Opinion – Cyber Insurance Application

A Cyber Incident claim depends on the truth in your Cyber Insurance Application. At Dorf & Nelson, our team of legal and cyber security experts review your application, perform an assessment against the questionnaire in the cyber insurance application, and provide you with a legal opinion on your application. If you are a CEO, CFO, COO, or CISO signing off on the application without a review, you may be jeopardizing your cyber insurance policy.

Regulatory and Compliance Guidance

There is an increased number of compliance and regulatory requirements. Our attorneys are well-versed with state, national and international regulations, and compliance requirements such as PCI-DSS, HIPAA, NY Shield Act, HI-Trust, CCMC, EU-GDPR, CCPA, and many others. Our attorneys provide you with your environment-specific guidance to meet compliance and regulatory challenges.

Click here for latest on Privacy Laws.

Cyber Security Assessment – Focusing on Frameworks such as NIST, ISO, and CIS Critical Security Controls

An audit tends to make people anxious and often, people don’t share evidence that meets a checkmark for compliance. Such audits do not make an environment stronger from a security perspective. At Dorf and Nelson, we engage with our clients to perform an assessment that is not an audit but an assessment that results in a strategic roadmap. Our assessment results are protected under attorney-client privilege.

Drafting and Review of Contracts – Covering cyber and privacy-related requirements

At Dorf & Nelson, we provide the best-in-class representation to our clients. When it comes to contract negotiation, our legal team uses a framework that ensures the most favorable contract terms for our client. Our practice includes the most comprehensive list of contract categories that ensures minimal risk from a direct or indirect cyber liability or privacy risk.

Cyber Security Due Diligence – Mergers and Acquisitions

One of the most important aspects of the due diligence process during mergers and acquisitions is the risk introduced to the acquirer through a potential acquisition. Our team of legal experts and security advisors leverages a proprietary assessment methodology to identify any risks that a potential acquirer may introduce to the acquirer. Knowing the gaps in advance helps the organization not only in the negotiations but avoid any risks that may result in a potential data breach in the future.

Incident Response

An organization’s cyber security is only as strong as its incident response plan. A well-drafted incident response plan can help an organization prepare for an incident, and control & contain the situation. Our Legal team drafts the incident response plan aligned with the Cyber Insurance Provider to ensure the company receives the right help and avoids any unforeseen circumstances such as reputation damage, denial of insurance claims, etc. Dorf and Nelson’s Incident Response team not only helps an organization during the most difficult time of breach but also conducts best-in-class executive tabletops based on the industry’s best practices.