Insights and events
Paul Otto understands the regulatory environment surrounding cybersecurity risk management and incident response. Leveraging his technical background and capabilities in computer science and engineering, Paul brings insight to clients as a compliance counselor who understands hardware, software, and technological innovation.
Paul has coordinated and managed hundreds of cybersecurity assessments and data incident responses, as well as associated enhancement/remediation plans.
Paul works with legal counsel and security officers throughout the lifecycle of cybersecurity risk management and incident response. Because many organizations have limited in-house cybersecurity legal capacity, Paul embraces the role of outside counsel by working alongside executive and information security teams to manage risk, oversee corporate governance, and help identify and capitalize on risk-reducing opportunities for enhanced data protection.
Paul regularly advises clients on security-related risks in mergers and acquisitions and governance matters, as well as advising on appropriate contractual language for safeguarding sensitive data such as health and financial information. Paul also assists clients in evaluating the data security practices of vendors and other strategic partners.
Paul's cybersecurity legal representation includes organizations across a wide range of industries, including the technology, life sciences and health care, mobility and transportation, energy, education, and financial sectors. Whether it is cloud computing, mobile technology, critical infrastructure, the Internet of Things, or any number of technology-related areas, Paul regularly advises clients on compliance with various data security laws, regulations, and standards.
Paul has a master's degree in computer science and a bachelor's degree in electrical and computer engineering. He clerked for Chief Justice Christine M. Durham of the Utah Supreme Court.
Cybersecurity counsel in largest health-related cyberattacks in U.S. history, supporting incident response, forensic analysis, and risk management.
Assisted several Fortune 100 companies with strengthening their cybersecurity posture, including incident preparedness and compliance measures.
Cybersecurity counsel for one of the largest global technology companies involved in developing health-related mobile and wearable devices.
Advised clients on privacy- and cybersecurity-related FTC, HHS, state Attorney General, international data protection authority, NY DFS, and Insurance Commission investigations & enforcement actions.
Assisted several major U.S. universities in responding to cybersecurity incidents, including forensic review, notification analysis, and security enhancements.
Conducted privacy- and cybersecurity-related diligence for numerous mergers & acquisitions by some of the largest U.S. health care companies.
Led internal investigation of a sophisticated cyberattack for major insurance, health IT, professional services, and other organizations.
- J.D., Duke University School of Law, Order of the Coif, 2010
- M.S., North Carolina State University, 2007
- B.S., University of Virginia, with distinction, 2004
- District of Columbia
- American Bar Association
- Association for Computing Machinery
- Institute of Electrical and Electronics Engineers
- International Association of Privacy Professionals