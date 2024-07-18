Adam H. Solomon
Overview
Adam regularly counsels clients from various sectors on a wide range of legal issues associated with cybersecurity risk management and data protection. He also assists clients with managing their compliance with global privacy laws and negotiating complex commercial contracts related to privacy, data monetization and information security issues.
Adam advises clients on managing cybersecurity and data protection risks and compliance issues across various industries, including in the energy, manufacturing, utilities, technology, financial, healthcare and retail sectors. Adam has extensive experience helping clients with responding to high-profile global cybersecurity incidents, including serving as a lead attorney on cyber attacks against US critical infrastructure, large-scale data breaches, ransomware and cyber extortion events, supply chain attacks, and many others. His cybersecurity practice includes both counseling clients in responding to security incidents and helping them with enhancing their cybersecurity risk management and governance controls.
Adam also helps clients with building global privacy programs and regularly counsels on compliance with various privacy, electronic surveillance and computer trespass laws. In addition, he routinely negotiates a wide range of technology and data licensing agreements, and assists clients in conducting diligence and negotiating privacy and data security aspects of corporate transactions.
Clients value the technical perspective Adam brings to matters. Adam has designed and published mobile applications for the iOS platform, and has technical experience working with database and information security applications. He also has a master’s degree in computer science. During law school, Adam served as a research assistant for the Hon. Richard A. Posner and the economist William Landes.
Experience
- Advises clients on cybersecurity and data breach incident response, including directing complex forensic investigations, preparing legal notifications and public communications, and advising clients on regulatory investigations and business disputes.
- Assisted clients with responding to all types of cybersecurity and data protection incidents, including numerous network intrusions, ransomware and cyber extortion events, supply chain attacks, business email compromises, source code compromises, denial‐of‐service attacks, advanced persistent threats, and many others.
- Advises multiple major financial, insurance and healthcare companies on compliance with various sector-specific cybersecurity rules, including GLBA, NYDFS regulations, other state financial data security laws, NAIC-modeled state insurance security laws, HIPAA Security Rule, Regulation ATS, and other federal and state laws.
- Advises several major energy companies, manufacturers, transportation companies and other utilities on compliance with cybersecurity requirements for critical infrastructure and operational technology, including counseling electric companies on NERC CIP standards and DOE reporting requirements, and pipeline and rail operators on TSA security directives.
- Counsels clients from various sectors on compliance with key cybersecurity industry standards and frameworks, such as PCI DSS, NIST Cybersecurity Framework, NIST SP 800 standards and ISO 2700-family standards.
- Regularly assist clients in developing and enhancing comprehensive cybersecurity programs, including preparing information security policies and standards, acceptable use policies, training materials, governance committee charters, vendor onboarding playbooks and diligence questionnaires, template agreements, risk assessment frameworks and questionnaires, and other tools that help clients evaluate and operationalize relevant cybersecurity requirements and standards.
- Advises numerous companies on proactive cybersecurity readiness, including developing incident response plans and protocols, and conducting full-scale tabletop exercises and cybersecurity presentations for C-suite executives and boards of directors.
- Assists clients with conducting many forms of cybersecurity assessments and testing, including advising on penetration tests, red team exercises, vulnerability assessments, maturity assessments, PCI DSS validation assessments, SOC 2 audits and post-mortem incident reviews.
- Regularly advises clients from various industries on US and international data protection requirements, including the CCPA, other state privacy laws, and EU/UK GDPR.
- Assisted major social media platforms, sports leagues, retailers, financial institutions and nonprofits with building global privacy programs, including developing program frameworks, privacy notices and policies, consent mechanisms, rights request forms and playbooks, template agreements, privacy impact assessment questionnaires, and other tools to help implement and operationalize their privacy programs.
- Assists clients with complex information privacy, confidentiality, data monetization and security contracting matters, including in the preparation and negotiation of data licensing, technology and outsourcing transactions involving payment processing and e-commerce services, online banking, data analytics and monetization services, online behavioral advertising, cloud-based services, ERP implementations, software development, cybersecurity tools, and business consulting services.
- Counsels clients on various electronic surveillance and computer trespass laws, including the Electronic Communications Privacy Act, Computer Fraud and Abuse Act, Cybersecurity Information Sharing Act, Foreign Intelligence Surveillance Act, state anti-wiretapping and eavesdropping laws, state computer trespass laws, state employee monitoring laws, state anti-spyware laws, state geolocation tracking laws, and common law privacy and trespass torts.
- Assists clients in evaluating cybersecurity and privacy risks and negotiating purchase or credit agreements in connection with potential acquisitions and lending transactions, including target companies in the payment processing, healthcare, cloud computing and various other industries.
Accolades
Honors & Recognitions
- Recommended for Cyber Law (including Data Privacy and Data Protection), Legal 500 United States, 2023-2024
Insights
Legal Updates
- 13 Minute ReadJuly 18, 2024Legal Update
- 22 Minute ReadAugust 3, 2023Legal Update
- 5 Minute ReadJuly 18, 2023Legal Update
- 3 Minute ReadJune 15, 2023Legal Update
Events & Speaking Engagements
- November 19, 2024EventSpeakerAddressing the Challenges of Increased Cyber Threats and Ransomware Attacks, New York Privacy Officers’ Forum
- December 12, 2023Event
- June 8, 2023EventSpeakerCybersecurity Challenges for Critical Infrastructure, Virginia State Bar’s Administrative Law Section Spring CLE
- May 23, 2022Event
- January 28, 2021EventSpeakerExperiences with Data Transfers after ‘Schrems II’: EDPB Recommendations, New SCCs and U.S. Government Surveillance Laws, Joint Brussels Munich IAPP KnowledgeNet Meeting
- November 6, 2019EventSpeakerCCPA Amendments and Regulations – Managing the Changes, New York Privacy Officers’ Forum Leadership Series
- October 2, 2019Event
- March 20, 2019Event
- March 19, 2019Event
- October 3, 2017EventSpeakerOvercoming Legal Barriers to Information Sharing, R-CISC: Retail Cyber Intelligence Summit
- September 20, 2016EventSpeakerCybersecurity: U.S. and Global Legal Landscape, PLI’s Cybersecurity 2016: Managing Cybersecurity Incidents
Publications
- November 9, 2023Publication
- September 19, 2022Publication
- July 26, 2022Publication
- July 1, 2019Publication
- October 2015Publication
News
- 2 Minute ReadFebruary 13, 2025News
- 2 Minute ReadOctober 25, 2024News
- 2 Minute ReadNews
- 7 Minute ReadJune 12, 2024News
- 1 Minute ReadDecember 11, 2023News
- 7 Minute ReadJune 8, 2023News
- 5 Minute ReadApril 3, 2023News
- 7 Minute ReadOctober 1, 2020News
Education
JD, University of Chicago Law School, 2013
MS, Computer Science, University of Chicago, 2013
BA, New York University, magna cum laude, 2008
Admissions
New York
Areas of Focus
Additional Service Areas
Privacy and information security, once overlooked in many corporate transactions, are now taking center stage.