Search Our Website:
Sue C. Friedberg

Sue C. Friedberg


Pittsburgh, PA

Co-chair of Buchanan’s Cybersecurity and Data Privacy Group, Sue advises clients about the rapidly evolving standards of care for safeguarding confidential information and responding effectively to security incidents that threaten to compromise their valuable or legally protected information. When a client faces a possible breach, she works collaboratively the management team, IT staff, forensic experts, and cyber insurer to mobilize quickly and mount an efficient response. And, as companies plan for expanding legal requirements and consumer expectations for protecting sensitive personal information, Sue assists clients in understanding these responsibilities and the importance of incorporating privacy considerations into operations through policies, training, and business agreements that are practical and achievable.

Cybersecurity & Data Privacy: Incident Response

When a client faces a possible breach, Sue works collaboratively with the management team, IT staff, forensic experts, and cyber insurer to mobilize quickly and mount an efficient response.

Recent projects include:

  • As approved panel counsel for a major cybersecurity insurer, Sue and the incident response team worked with the client to coordinate the response to hacking, business email compromise, ransomware attacks, insider incidents, other online and offline attacks on personal information—analyzing the scope of the incident assisting with communications, complying with breach notification laws and coordinating with local and federal law enforcement.

  • Represented a national engineering firm in resolving a business e-mail compromise that led to a wire fraud and system-wide impacts.

  • Represented state university foundations and charitable institutions potentially affected by the 2020 Blackbaud ransomware attack.

  • Represented a national firm that stopped a ransomware attack but later received an extortion demand for exfiltrated data.

  • Represented a major residential mortgage lender in a suspected data breach requiring extensive forensic investigation, notification in over 40 states and to 20 states’ Attorneys General and complicated by extensive interconnections to multiple sources of personal information and online consumer access.

Cybersecurity & Data Privacy: Proactive Measures & Compliance

On the proactive side, she helps clients assess their data security and privacy risks and capabilities by:

  • Counseling clients about meeting their obligations under Federal compliance with legislated privacy acts including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).
  • Developing information security programs
  • Designing incident response plans
  • Creating agreements to protect information in important business transactions
  • Preparing and updating contracts, policies and procedures
  • Presenting customized training programs and tabletop simulation response exercises

Recent projects include:

  • B2B, B2C, and companies with both B2C and B2B operations to understand and address their obligations (including data mapping, process evaluation and implementation, privacy policy preparation, website compliance, and staff training) under:
    • Federal and state data protection and breach notification laws

    • California Consumer Privacy Act (and starting to plan for the California Privacy Rights Act)

    • General Data Protection Regulation as it impacts U.S. companies.

  • Insurance, manufacturing, and security alarm companies to design and present cybersecurity tabletop exercises.
  • Housing, pharmaceutical and manufacturing organizations to present cybersecurity and privacy compliance and best practices training to Boards of Directors and staff.
  • Technology and other supply chain vendors to prepare, review, and negotiate commercial contracts with major international customers that require extensive data security provisions.
  • Businesses evaluating the data security and privacy risks of potential acquisition targets.
  • Financial institutions in loan transactions with borrowers that manage commercially valuable information, assets or databases of legally protected and/or highly sensitive information, and assist with information security due diligence.

Sue’s cybersecurity and privacy practice evolved from her work for many years as Buchanan’s Associate General Counsel and as counsel to lawyers, legal departments, law firms and other professionals about conflicts of interest, complex client engagements, and meeting the standards for professional practice in the digital age.

Sue was recognized by Best Lawyers in America© in 2022 in the area of Privacy and Data Security Law.

Sue regularly participates in continuing legal education and other programs presented by the ABA, Practicing Law Institute, Professional Education Network, Pennsylvania Bar Institute, the Aon Large Law Firm Symposium and other legal education events.