- Advising a large Fortune 10 health care organization through ransomware attacks, helping to lead complex forensic investigations, restoration processes, and regulatory investigations.
- Represented multiple clients, including a large telecommunications provider and multinational bank, in cyberattacks by multiple state-sponsored actors targeting the infrastructure for both espionage and financial crime-based purposes.
- Advised multiple Fortune 500 companies experiencing cybersecurity incidents, including ransomware attacks, social engineering, business email compromise, and denial-of-service attacks, requiring sophisticated forensic investigation, and extensive data review and restoration processes, as well as in follow-on regulatory inquiries.
- Representing multiple financial services organizations in regulatory investigations and examinations related to the company’s cybersecurity program, including the state attorneys general and state Departments of Insurance and Financial Services.
- Advised multiple companies—including one of the world’s largest insurance companies and leading health care organizations—on board-level cybersecurity and artificial intelligence oversight.
- Developed tailored training materials for various boards of directors of public companies and assisted in navigating SEC cybersecurity disclosure rules.
- Advised numerous companies, including a prominent telecommunications provider, in developing a comprehensive cyber crisis response plan to address the evolving cyber threat landscape.
- Developed and facilitated incident response tabletop exercises for companies in the financial services, retail, telecom, and manufacturing sectors, including tabletop exercises geared towards the technical incident response team, cross-functional executives, and boards of directors.
- Advised a large, franchised restaurant group in developing a comprehensive written information security program.
- Conducted privacy- and cybersecurity-related diligence for numerous mergers & acquisitions by multiple premier private equity companies.
- Advised various companies, including companies in the fintech, social media, and retail spaces on compliance with comprehensive state privacy laws.
- Advised an identity access provider on the implementation of biometric identification for authentication and use of data for machine learning.
- Advised multiple SEC-registered investment advisers, broker-dealers, and public companies on their cybersecurity policies and procedures, including their cyber disclosures.
Partner,
- Phone: +1 212 905 9301
- Email: lance.taubin@alston.com
Lance draws from his in-house cybersecurity and privacy experience to provide clients with unique solutions to managing cybersecurity risk, responding to cyber crises, data security, and privacy compliance issues.
Lance Taubin advises clients on cybersecurity and data privacy issues, including cybersecurity breach preparedness and response, cybersecurity and privacy compliance and enforcement, managing cyber risk, technology transactions, and M&A diligence. Lance’s work includes working with companies to proactively plan for a crisis and develop strategies to improve cyber resiliency, responding to cybersecurity incidents effectively, providing privacy, cybersecurity and artificial intelligence product counseling, assisting organizations in building and operationalizing privacy and cybersecurity programs, and various privacy, cyber, and IT issues in technology transactions and M&A. Lance provides counsel to a variety of companies, from startups to large multinational public companies, in various industries, including financial services, health care, manufacturing, telecommunications, retail, and technology.
Before joining private practice, Lance served as the Senior Vice President – Assistant General Counsel & Data Security Officer at a global business travel group where he was responsible for advising the company on the ever-changing data privacy and cybersecurity legal and regulatory landscape, including the GDPR and the CCPA. Additionally, Lance managed various matters relating to M&A diligence and technology transactions. Lance also fielded and managed a wide range of legal issues and projects, working closely with IT, information security, product/engineering team, and other key internal departments.
Lance is a Certified Information Privacy Professional, United States (CIPP/US and CIPM). He is recognized by Best Lawyers: Ones to Watch® for Privacy and Data Security Law.
Bar Admissions
- New York
- District of Columbia
Education
- Yeshiva University (J.D., 2013)
- University of Rochester (B.A., 2010)
Memberships
- International Association of Privacy Professionals
- Certified Information Privacy Professional (CIPP/US)
- Certified Information Privacy Manager (CIPM)
- Ethical Culture Fieldston School, board of trustees (2023–2025)
- Read Ahead Junior Board (2022–2023)
Healthy Byte | OCR Seeks Comment on Recognized Security Practices, Penalties, and HIPAA Settlement Sharing
Alysa Austin and Lance Taubin discuss OCR expectations for implementing recognized security practices, the steps covered entities should be taking now, what should constitute a compensable “harm,” and payment methodologies to determine settlement sharing.- Privacy, Cyber & Data Strategy
- Technology
- Board Governance & Cyber Risk Management
- Crisis & Data Breach Response
- Privacy & Cybersecurity Litigation
- California Privacy & the CCPA
- AI Cybersecurity & Privacy
- HIPAA/Health Information Privacy, Security & Breach Response
- National Security & Digital Crimes
- Privacy & Cyber Regulatory Enforcement
- Ransomware Fusion Center
- Artificial Intelligence (AI)