Romaine Marshall helps clients protect their data, businesses and reputations from cybersecurity incidents and data privacy violations.

As an experienced cybersecurity lawyer, Romaine has represented clients in response to hundreds of cybersecurity incidents involving data breaches, malware attacks, cryptocurrency, misconfigurations, wire fraud, social engineering and other exploits.

Before, during and after incidents, Romaine works with clients to reduce potential legal exposure by developing industry-specific policies and procedures, directing risk assessments and developing written information security programs based on evolving laws, regulations and industry standards. 

Since 2020 he has represented clients in response to:

• Ransomware attacks involving the Ryuk, CryLock, Conti, MAZE, THT v2, RagnarLocker and CLOP variants, and led teams that analyzed and fulfilled notification obligations to customers, employees, business partners, media and regulators.
• Supply chain attacks involving SaaS providers and technical consultants in the healthcare, technology, financial services, nonprofit and agribusiness industries, and logistics, freight and document management services organizations.
• Regulatory investigations by the Federal Trade Commission, Securities and Exchange Commission, and Department of Health and Human Services into cybersecurity and data privacy practices, and blockchain, crypto, and digital asset technologies.
• Cybersecurity litigation involving botnets and man-in-the-middle attacks against end users and business executives versus telecommunications companies, a cryptocurrency exchange, nonfungible token (NFT) platforms and digital art creators.   
• Critical infrastructure and regulatory changes to cybersecurity alignment, readiness, and maturity requirements for the energy, financial, food and agriculture, and information technology industries, including the Cyber Incident Reporting Critical Infrastructure Act. 

Romaine also helps clients keep pace with new laws, regulations and industry standards relating to emerging technologies. In addition, he is an experienced litigation and trial lawyer and has been lead counsel in multiple jury and bench trials in breach of contract, securities violations, trade secret misappropriation, negligence and fraud cases.

Romaine is a frequent author and presenter on digital transformation and legal obligations for Web3 technologies such as crypto, blockchain and digital assets, and artificial intelligence and the Internet of Things. Upcoming presentations include:

• Data Protection – Governance, Security, and Privacy Controls (CISO Executive Network, April 28, 2022)
• Ransomware Facts, Threats, and Countermeasures (DHS Corporate Security Engagement Series, May 3, 2022)
• Web3’s Wild West and New Laws, Regulations, and Industry Standards (Tech Network, May 25, 2022)
• Cybersecurity in Times of Digital Transformation, the Pandemic, and the Russian Invasion of Ukraine (The Refractories Institute, June 1, 2022)

He is a member of the Utah Bar’s Innovation in Law Practice Committee, the National Asian Pacific American Bar Association’s Data Security and Privacy Committee, and hosts the Utah Chapter of the CISO Executive Network.