ABOUT
Data has been called the new oil or new gold, and the lifeblood of many organizations. Romaine helps organizations protect their data, continuity and reputations, from cybersecurity and data privacy incidents.
Romaine Marshall has represented organizations in litigation and investigations relating to data breaches, malware attacks, cryptocurrency and wire fraud, security misconfigurations, social engineering and other exploits. As organizations undertake technological shifts, Romaine helps them reduce potential legal exposure by advising on industry-specific policies and procedures, directing risk assessments and developing written information security programs.
As examples, since 2020 Romaine has represented clients in response to:
- Ransomware attacks involving the Ryuk, CryLock, Conti, MAZE, THT v2, RagnarLocker and CLOP variants, and led teams that analyzed and fulfilled notification obligations to customers, employees, business partners, media and regulators.
- Supply chain attacks involving SaaS providers and technical consultants in the healthcare, technology, financial services, nonprofit and agribusiness industries, and logistics, freight and document management services organizations.
- Regulatory investigations by the Federal Trade Commission, Securities and Exchange Commission, and Department of Health and Human Services into cybersecurity and data privacy practices, and blockchain, crypto, and digital asset technologies.
- Cybersecurity litigation involving botnets and man-in-the-middle attacks against end users and business executives versus telecommunications companies, a cryptocurrency exchange, nonfungible token (NFT) platforms and digital art creators.
- Critical infrastructure and regulatory changes to cybersecurity alignment, readiness, and maturity requirements for the energy, financial, food and agriculture, and information technology industries, including the Cyber Incident Reporting Critical Infrastructure Act.
Romaine is also a frequent author and presenter on digital transformation and legal obligations for Web3 technologies such as crypto, blockchain and digital assets, and artificial intelligence and the Internet of Things.
He is a member of the Utah Bar’s Innovation in Law Practice Committee, the National Asian Pacific American Bar Association’s Data Security and Privacy Committee and hosts the Utah Chapter of the CISO Executive Network.
