Search Our Website:
Sue C. Friedberg
BIPC Logo

Sue C. Friedberg

Of Counsel

Cybersecurity and Data Privacy Practice Group Co-Leader

Pittsburgh, PA
 
 
 

Co-leader of Buchanan’s Cybersecurity and Data Privacy Group, Sue advises clients about the rapidly evolving standards of care for safeguarding confidential information and responding effectively to security incidents that threaten to compromise their valuable or legally protected information. When a client faces a possible breach, she works collaboratively with the management team, IT staff, forensic experts, and cyber insurer to mobilize quickly and mount an efficient response. And, as companies plan for expanding legal requirements and consumer expectations for protecting sensitive personal information, Sue assists clients in understanding these responsibilities and the importance of incorporating privacy considerations into operations through policies, training, and business agreements that are practical and achievable.

Sue was the co-author of Cyber Lawyering: Information Management and Security, a Law Firm Management Guide published in 2020 by Attorney’s Liability Assurance Society. Sue’s cybersecurity practice evolved from her work for many years as Buchanan’s Associate General Counsel and as counsel to lawyers, legal departments, and law firms about professional practice in the digital age.

Most recently, Sue was recognized in The Best Lawyers in America© 2023 Edition in the Privacy and Data Security Law category.

Cybersecurity & Data Privacy: Incident Response

When a client faces a possible breach, Sue works collaboratively with the management team, IT staff, forensic experts, and cyber insurer to mobilize quickly and mount an efficient response.

Recent projects include:

  • Sue and the Buchanan incident response team work with clients in multiple privacy and public sectors to coordinate the response to hacking, business email compromises, ransomware attacks, data extortion demands, insider incidents, other online and offline attacks on personal information—by analyzing the scope of the incident, assisting with internal and external communications, complying with breach notification laws and coordinating with local and federal law enforcement and investigators.
  • Representing a state agency that was the victim of unauthorized access to a state-wide database containing personal information.
  • Representing a state agency that was a victim of the Accellion file transfer service breach and personal information compromise.
  • Representing a national engineering firm in resolving a business e-mail compromise that led to a wire fraud and system-wide impacts.
  • Representing state university foundations and charitable institutions potentially affected by the 2020 Blackbaud ransomware attack.
  • Representing a major residential mortgage lender in a suspected data breach requiring extensive forensic investigation, notification in over 40 states and to 20 states’ Attorneys General and complicated by extensive interconnections to multiple sources of personal information and online consumer access.

Cybersecurity & Data Privacy: Proactive Measures & Compliance

On the proactive side, she helps clients assess their data security and privacy risks and capabilities by:

  • Counseling clients about meeting their current and soon-to-be-enforced obligations under cybersecurity and privacy laws and regulations, including the California Consumer Privacy Act/California Privacy Rights Act and the General Data Protection Regulation (GDPR).
  • Developing information security programs and incident response plans.
  • Analyzing the data protection considerations for mergers, acquisitions, and commercial transactions and preparing the documents to address those.
  • Designing and presenting customized training programs and tabletop simulation response exercises.

Recent projects include working with:

  • B2B, B2C, and companies with hybrid B2C and B2B operations to understand and address their obligations (including data mapping, process evaluation and implementation, privacy policy preparation, website compliance, and staff training) under:
    • Federal and state data protection and breach notification laws
    • California Consumer Privacy Act and planning for new privacy laws in CA, CO, Utah, and Virginia
    • General Data Protection Regulation as it impacts U.S.-based private and public sector organizations
  • Insurance, manufacturing, and security alarm companies to design and present cybersecurity tabletop exercises.
  • Housing, pharmaceutical and manufacturing organizations to present cybersecurity and privacy compliance and best practices training to Boards of Directors and staff.
  • Technology and other supply chain vendors to prepare, review, and negotiate commercial contracts with major international customers that require extensive data security provisions.
  • Businesses evaluating the data security and privacy risks of potential acquisition targets.
  • Financial institutions in loan transactions with borrowers that manage commercially valuable information, assets or databases of legally protected and/or highly sensitive information, and assist with information security due diligence.