Jeff Boogay is a Partner at Mullen Coughlin. He assists organizations in both the preparation for, and response to, data privacy and security incidents, as well as regulatory inquiries. He has counseled thousands of organizations across all industries through data privacy and security investigations, data breach notification and ensuing regulatory investigations.
After a data privacy and security incident has occurred, Jeff assists the victim organization in addressing crucial points of fact and law, including determining the nature and scope of the intrusion; identifying the affected individuals and types of information involved; determining what state, federal and international laws govern the organization’s notice of the incident; and preparing legally compliant notices to affected individuals and appropriate regulators, where required.
Prior to joining Mullen Coughlin, Jeff worked for a large international law firm where he litigated complex civil cases that included allegations of violations of state unfair trade practice statutes.
He is also a former Assistant District Attorney who worked closely with law enforcement and crime victims to investigate, prepare and litigate criminal cases. He draws on this experience to assist his clients.
REPRESENTATIVE MATTERS
- Counseled numerous insurance and insurance brokerage firms through data privacy and security incident investigations involving ransomware and/or unauthorized access to email accounts which resulted in notice obligations to hundreds of clients and thousands of individuals
- Successfully represented insurance and insurance brokerage firms through investigations by state Attorneys Generals and departments of insurance
- Counseled retail/e-commerce merchants and integrated resellers experiencing compromises involving point of sale terminals and e-commerce websites and involving investigations conducted by PCI Forensic Investigators
- Represented organizations through investigations and assessments issued by payment card brands
- Counseled multiple large healthcare providers through widespread ransomware incidents causing service outages and involving the compromise of patient data, satisfying notice and reporting obligations under applicable contracts, state law and federal laws including the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH Act)
SPEAKING ENGAGEMENTS & PRESENTATIONS
- “Cyber Security Tabletop,” International Insurer, Fairfield, CT, November 7, 2019
- Oppenheimer CyberSecurity Summit, New York, NY, September 19, 2019
- “We’re Under Cyber Attack…Now What?!?,” American Council of Engineering Companies Annual Convention, Washington, DC, May 7, 2019
- “Update on How to Handle a W-2 Event,” Continuing Legal Education, Wayne, PA, February 27, 2019
- “Cyber First Coverage,” International Insurer, Monterey, CA, May 17, 2018
- “Canada’s Digital Privacy Act,” Continuing Legal Education, Wayne, PA, December 13, 2017
- “Legal Update – New State Laws, Canada’s PIPEDA and Digital Privacy Act and EU’s GDPR,” International Insurer, Jersey City, NJ, September 28, 2017
- “New State Laws for 2017,” Continuing Legal Education, Wayne, PA, September 13, 2017
PUBLICATIONS
- “Cyber Incident Reporting for Critical Infrastructure Act” Signed Into Law as Part of Consolidated Appropriations Act, 2022,” April 13, 2022
- “Privacy and Cybersecurity 2020 Year-in-Review and 2021 Outlook: Case Law,” June 25, 2021
- “Privacy and Cybersecurity 2020 Year-in-Review and 2021 Outlook: State Level,” April 19, 2021
- “Privacy and Cybersecurity 2020 Year-in-Review and 2021 Outlook: Federal Level,” March 2, 2021