Cybersecurity Law & Incident Response Planning
ZeroDay Law is a results-oriented privacy and cybersecurity law firm delivering legal expertise backed by global technical experience through proven methodologies to ensure resiliency and the implementation of incident response planning that spans your entire organization.
Founder Tara Swaminatha started her career as an information security technologist fixing computers and building secure networks, then went on to become a nationally recognized cybersecurity lawyer - attorney. She fought cyber and IP crimes as a federal prosecutor, working out of the Computer Crime and Intellectual Property Section (CCIPS) of the U.S. Department of Justice (DOJ). She has represented clients in virtually every industry in the Data Privacy & Cybersecurity practices at three AmLaw 100 firms, Cooley LLP and DLA Piper LLP, and as a partner at Squire Patton Boggs LLP.
With her technical background and legal proficiency, she founded ZeroDay Law to meet the growing demand for cyber legal expertise with technical knowledge, to focus on building lasting client relationships and to devote concerted efforts to her deep-seated passion in the legal profession: actual diversity and mentoring, especially women of color. ZeroDay Law is devoted to bringing diverse practitioners in a variety of disciplines into this exciting, fast-paced field.
Tara has counseled clients in healthcare, financial services, philanthropy, technology/software, energy, transportation & logistics, manufacturing, hospitality, retail, furniture, pharmacy, media, education, and political campaigns.
Why Choose ZeroDay Law Over a Traditional Law Firm?
ZeroDay Law is different from a full-service law firm. We focus exclusively on cybersecurity- and privacy-related matters with unique expertise in highly-effective incident response planning.
ZeroDay Law prioritizes high-quality work and becomes an extension of our clients’ teams. We are lean, we are agile, and we love strategic thinking on the intersection of information security and the law. We have extensive experience handling important cutting-edge cyber and privacy legal matters, significant data breaches, and devote significant efforts to clients’ incident response planning and preparation for the non-technical aspects of incident response.
Cybersecurity law experience
U.S. Health Insurance Organization
Served as cybersecurity legal SME to General Counsel during one of the largest data breaches in history involving data from 80 million individuals, including for class action defense and internal cybersecurity-related risk management.
$300B Association of 20 Financial Lending Institutions
Analyzed cybersecurity and privacy-related legal obligations and risks from specialized federal regulator; recommend achievable prioritized steps designed to reduce risk exposure, and presented to Board of Directors regarding cyberrisk oversight.
$100B Worldwide Medical Equipment Manufacturer
Assisted client with security incident following global integration. Counseled client through remediation planning. Assisted with going-forward incident response planning and selecting forensic investigators.
$40B U.S. Financial Institution
Advised General Counsel regarding complicated overlapping investigations run by pre-existing IT services provider, forensic investigators, and in-house IT department. Engaged forensic team to replace initial investigators; reviewed forensic indicators with technical experts to analyze whether reporting obligations existed related to potential database exposure. Analyzed reporting obligations under NYDFS 500.
Global Sports Equipment Manufacturer
Reviewed existing incident response (IR) plans, organizational charts, and related policies. Integrated IR procedures across operations in multiple countries and regions. Ran Cyber_SHIFT® (on-site tabletop) exercise for executive team involved in Incident Response.
Pharmacy Benefits Company
Represented client in connection with security researcher/white hat hacker who reported database exposure impacting >50M records in potential HIPAA breach.
National Restaurant Franchise
Represented through cyberattack response implicating all U.S. states; analyzed forensic information to determine extent of exposure of sensitive information. Designed investigation for complicated disconnected networks for franchisees and multiple different payment processing hardware, legacy applications and versions. Analyzed legal notification obligations and drafted notifications for customers, state authorities and statewide media.
Transportation & Logistics Companies
Interviewed IT, legal and other personnel, established pool of potential roles for global IR team, identified potentially-impacted categories of data & systems, privilege and escalation procedures. Developed flow charts for executive briefings and IR team in multiple countries. Established checklists for each role for use during live incidents.
$1.5B Accounting Services Firm
Conducted full legal & technical risk assessment for Deputy General Counsel on cybersecurity-related legal risk; worked closely with IT and IS departments over several months, briefed board committee and full board; developed cybersecurity governance structure, including charter, duties, resources, budget and 12-month plan aligned with IT refresh cycle; developed internal compliance policies.
Top 5 U.S. Insurance Company
Performed overall cyber and privacy risk assessment and examined liability exposure under state insurance cybersecurity regulations; accounted for risks associated with widespread independent agents on company network.
Worldwide Energy Company
Represented through massive ransomware attack resulting in total shutdown of all operational and production IT. Advised client about pay / no-pay decision on ransomware decrypt key from attackers. Engaged assistance from multiple technical entities to perform ransomware transactions, coordinate with law enforcement, test supposed decryption key, analyze / deconstruct malware. Prepared need-to-know updates to internal audit and insurance carrier, and external auditors for 8-K.
National Government in East Asia
Drafted national strategies and legislation for cybercrime, cybersecurity & privacy for developing country with nascent legal regime.
Online Dating Service Company
Ran incident response, crisis management and defended during one of the largest data breaches worldwide for a dating site that garnered significant media attention. Defended in U.S. and international privacy and consumer protection enforcement actions and against multistate AG enforcement action brought by approximately 15 states; served as SME in class action.
U.S. Credit Union
Examined cybersecurity requirements and liability exposure under industry-specific federal regulations (NCUA) in anticipation of regulator exam.
Major Civil Rights Organization
Advise on legal landscape of harmful speech online & on social media, and its implications for marginalized communities.