A Partner at Mullen Coughlin, Ed Finn assists organizations in various industry groups with ensuring compliance with a wide variety of state and federal data privacy and information security rules, statutes and regulations and various state consumer and data protection statutes. He has significant experience handling thousands of incidents, including those impacting organizations in the following industry sectors: healthcare and life sciences; manufacturing and distribution; financial services; professional services; government; retail/e-commerce; technology; and education.
After a data privacy and security incident occurs, Ed drives the incident response process by coordinating the forensic investigation into the incident to determine the nature and scope, as well as in navigating the myriad of regulations governing entities’ responses to these types of incidents. After a compromise or potential compromise of an organizations systems or data, Ed ensures the organization meets any legal or regulatory obligations, and if necessary, represents them against individuals, B2B and putative class action lawsuits stemming from a data privacy and security incident. Additionally, he helps guide organizations through formal regulatory investigations from the U.S. Department of Health and Human Services’ Office for Civil Rights (HHS-OCR), the Federal Trade Commission (FTC), European data protection authorities and various state Attorneys Generals.
Ed also assists organizations with the development and implementation of pre-incident Advisory Compliance solutions. He conducts tabletop exercises; counsels on proper risk assessment protocols; helps develop compliance policies, procedures and Incident Response Plans (IRPs); and advises on contract formation and business transactions to improve the organization’s position with regard to data that is shared with third parties. He also assists organizations with developing policies and conducting internal assessments related to the:
- Health Insurance Portability and Accountability Act (HIPAA);
- Health Information Technology for Economic and Clinical Health Act (HITECH);
- Cybersecurity Maturity Model Certification (CCMC);
- European Union’s General Data Protection Regulation (GDPR); and
- comprehensive state privacy laws, such as the California Consumer Privacy Act (CCPA), and its amendment the California Privacy Rights Act (CPRA), among others.
SPEAKING ENGAGEMENTS & PRESENTATIONS
- “America’s Cybersecurity and the War in Ukraine,” Tech360, Exton, PA, November 3, 2022
- “Cyber Attacks and Incident Response: Trends and Takeaways,” American Global, Virtual, May 11, 2022
- “Developments in Ransomware and Other Cybersecurity Threats and Issues,” 2021 RCM&D Consortium Services Program, Virtual, September 30, 2021
- “Interactive Business Interruption Scenario,” NetDiligence Cyber Risk Summit 2021, Philadelphia, PA, July 13, 2021
- “Data Privacy Administrative Law Refresher,” Wayne, PA, June 20, 2018
- “Responding to Cyber Attacks – Using Structured Data Sources in Data Breach Investigations,” ABA Criminal Justice Section, New York, NY, August 10, 2017
- “Cybercrime – What You Need To Know,” Cybersecurity Panel, Miami, FL, March 1, 2017
- “Engaging Both Old and New Methods to Resolve Cyber Breach Claims,” 2017 Annual CLM Conference, Dallas, TX, February 23, 2017
- “Bond School: Anatomy of a Cyber Claim,” Virtual, September 16, 2016
- “Professional Liability – Lawyers: Global Perspectives on Data Collection, Transfer, Use and Disclosure,” 2016 Annual CLM Conference, Boston, MA, July 14, 2016
- “Cyber Response Forum – We Have a Breach, Now What?,” Charlotte, NC, June 1, 2016
- “Cyber Response Forum – We Have a Breach, Now What?,” Blue Bell, PA, April 27, 2016