Stephen Reynolds (CIPP/US, CISSP) advises some of the largest companies in the world on complex data security and privacy matters.
A former computer programmer and IT analyst, Stephen is uniquely able to use his computer background to the advantage of his clients in matters involving data security, privacy, artificial intelligence and computer forensic investigations. He assists with responding to cybersecurity incidents, such as ransomware attacks, fund transfer fraud, data breaches and business email compromise matters. This work includes helping companies comply with regulatory obligations in the event of these incidents—including Securities and Exchange Commission (SEC) filings for publicly traded companies. Having litigated data security and privacy cases from the trial court level and through the highest levels of appeals, Stephen also represents clients in litigation and regulatory investigations regarding data security, privacy and technology matters.
Stephen has advised multiple publicly traded companies, including technology companies, professional services firms and consumer facing organizations, on compliance with the SEC’s recently adopted requirements for disclosing cybersecurity incidents, risk management and governance within 10-K annual reports. This guidance has included helping clients draft language for SEC reporting obligations and craft internal policies related to SEC disclosure obligations. Additionally, Stephen has helped clients with evaluating the potential need for and in making disclosures of material cybersecurity incidents on Form 8-Ks.
Stephen frequently educates others on data security and privacy at industry conferences and other forums. He is on the board of the International Association of Privacy Professionals (IAPP) and an instructor of the IAPP’s CIPP/US certification. In addition, Stephen is an instructor for the CISSP certification through the ISC(2). He also lectures on Data Security and Privacy Law at Indiana University Robert H. McKinney School of Law.