Home

Rozen, Marci

ZwillGen | Senior Legal Director

In This Section

Marci Rozen counsels companies on a wide variety of issues involving cybersecurity and privacy. She has extensive experience in cybersecurity preparedness counseling, including policy development, risk assessment, and compliance with laws, regulations, and standards. She also advises on security issues in vulnerability disclosure programs, contracting, vendor management, due diligence, and mergers and acquisitions.


Marci guides clients through all stages of incident response, including intrusion containment and investigation, analysis of obligations under state, federal, and international breach notification laws, drafting consumer and regulator breach notices, remediation, public relations strategy, and responding to regulator inquiries. In this capacity, she has worked with a diverse range of clients in managing and recovering from many different types of incidents, such as malware intrusions, state sponsored hacking, extortion, and inadvertent information disclosures. She also helps companies ensure that they are prepared for data security incidents by drafting incident response plans and developing tabletop exercises to test response capabilities.

In addition to her security counseling and incident response work, Marci advises clients on how to strategically respond to emerging privacy and security legislation. Most recently, she has worked with clients to analyze the implications of the California Consumer Privacy Act (“CCPA”) on their businesses, and has prepared comments for the California Attorney General and legislators on clients’ behalf. Marci also counsels on compliance with existing and emerging privacy and data protection laws, including the CCPA and the European Union General Data Protection Regulation (“GDPR”).

 

Prior to joining ZwillGen, Marci was an associate in the Privacy, Data Security, and Information Law Group at Sidley Austin LLP, where she counseled technology, telecommunications, retail, and industrial companies on a range of issues involving data security and privacy.