Guy Bowe is a Partner with Mullen Coughlin. He has advised hundreds of organizations in both the preparation for, and response to, data privacy and security incidents. Specifically, Guy has experience counseling organizations who experienced system/network intrusions; business email compromises (BEC); insider threats; malware infections; phishing attacks; ransomware attacks; tax fraud schemes; and fraudulent wire transfer attempts.
In his response to data privacy and security incidents, Guy directs the forensic investigation and incident response (IR) efforts to ensure that remediation and investigation efforts are handled efficiently to minimize disruptions to the victim organization’s daily operations and in compliance with legal, contractual and/or industry-specific notification and reporting deadlines. He leads the IR teams which include, among other stakeholders as identified, client leadership and IT resources; third-party digital forensic and incident response (DFIR) firms; crisis communications professionals; and law enforcement.
Guy also helps guide organizations through formal investigations by regulatory bodies including but not limited to:
- the U.S. Department of Health and Human Servicesโ Office for Civil Rights (HHS-OCR);
- the Federal Trade Commission (FTC); and
- various state Attorneys General and Departments of Insurance.
Guy honed his legal skills and his practical approach to providing legal services to clients as an associate with two Virginia-based law firms. He also has tax experience from his time at Deloitte and PricewaterhouseCoopers, where he advised multinational corporations on M&A structuring and tax planning in various international jurisdictions.
While a J.D. candidate at The Pennsylvania State University Dickinson School of Law, Guy clerked for the Honorable John E. Jones, III of the United States District Court for the Middle District of Pennsylvania.
REPRESENTATIVE MATTERS
- Counseled a business associate (BA) through a ransomware incident involving the compromise of patient data related to over 15 million individuals
- Satisfied notice and reporting obligations under applicable contracts with hundreds of covered entities (CE) which included assessments of state and federal law including the Health Insurance Portability and Accountability Act (HIPAA) and theย Health Information Technology for Economic and Clinical Health Act (HITECH Act)
- Represented client in four (4) subsequent regulatory inquires in the United States, none of which resulted in any penalties or further actions taken against the client
- Counseled insurance companies through data privacy and security incident investigations involving ransomware, unauthorized access to email accounts and third-party incidents which resulted in regulatory reporting to various state Departments of Insurance
- Coordinated legal assessments for notice in more than 30 countries stemming from a ransomware incident involving a company in the travel industry