Cyber Law and IR Planning Expertise

ZeroDay Law offers battle-tested experience to meet the growing demand for cyber legal expertise with technical knowledge.

Cybersecurity Law & Incident Response Planning

ZeroDay Law is a results-oriented privacy and cybersecurity law firm delivering legal expertise backed by global technical experience through proven methodologies to ensure resiliency and the implementation of incident response planning that spans your entire organization.

Founder Tara Swaminatha started her career as an information security technologist fixing computers and building secure networks, then went on to become a nationally recognized cybersecurity lawyer - attorney. She fought cyber and IP crimes as a federal prosecutor, working out of the Computer Crime and Intellectual Property Section (CCIPS) of the U.S. Department of Justice (DOJ). She has represented clients in virtually every industry in the Data Privacy & Cybersecurity practices at three AmLaw 100 firms, Cooley LLP and DLA Piper LLP, and as a partner at Squire Patton Boggs LLP.

With her technical background and legal proficiency, she founded ZeroDay Law to meet the growing demand for cyber legal expertise with technical knowledge, to focus on building lasting client relationships and to devote concerted efforts to her deep-seated passion in the legal profession: actual diversity and mentoring, especially women of color. ZeroDay Law is devoted to bringing diverse practitioners in a variety of disciplines into this exciting, fast-paced field.

Tara has counseled clients in healthcare, financial services, philanthropy, technology/software, energy, transportation & logistics, manufacturing, hospitality, retail, furniture, pharmacy, media, education, and political campaigns.

Why Choose ZeroDay Law Over a Traditional Law Firm?

ZeroDay Law is different from a full-service law firm. We focus exclusively on cybersecurity- and privacy-related matters with unique expertise in highly-effective incident response planning.

ZeroDay Law prioritizes high-quality work and becomes an extension of our clients’ teams. We are lean, we are agile, and we love strategic thinking on the intersection of information security and the law. We have extensive experience handling important cutting-edge cyber and privacy legal matters, significant data breaches, and devote significant efforts to clients’ incident response planning and preparation for the non-technical aspects of incident response.

Cybersecurity law experience 

Insurance

U.S. Health Insurance Organization

Served as cybersecurity legal SME to General Counsel during one of the largest data breaches in history involving data from 80 million individuals, including for class action defense and internal cybersecurity-related risk management.

Privacy

$300B Association of 20 Financial Lending Institutions

Analyzed cybersecurity and privacy-related legal obligations and risks from specialized federal regulator; recommend achievable prioritized steps designed to reduce risk exposure, and presented to Board of Directors regarding cyberrisk oversight.

Health

$100B Worldwide Medical Equipment Manufacturer

Assisted client with security incident following global integration. Counseled client through remediation planning. Assisted with going-forward incident response planning and selecting forensic investigators.

Credit+Card

$40B U.S. Financial Institution

Advised General Counsel regarding complicated overlapping investigations run by pre-existing IT services provider, forensic investigators, and in-house IT department. Engaged forensic team to replace initial investigators; reviewed forensic indicators with technical experts to analyze whether reporting obligations existed related to potential database exposure. Analyzed reporting obligations under NYDFS 500.

Manufacturing

Global Sports Equipment Manufacturer

Reviewed existing incident response (IR) plans, organizational charts, and related policies. Integrated IR procedures across operations in multiple countries and regions. Ran Cyber_SHIFT® (on-site tabletop) exercise for executive team involved in Incident Response.

Pharmacy

Pharmacy Benefits Company

Represented client in connection with security researcher/white hat hacker who reported database exposure impacting >50M records in potential HIPAA breach.

Restaurant

National Restaurant Franchise

Represented through cyberattack response implicating all U.S. states; analyzed forensic information to determine extent of exposure of sensitive information. Designed investigation for complicated disconnected networks for franchisees and multiple different payment processing hardware, legacy applications and versions. Analyzed legal notification obligations and drafted notifications for customers, state authorities and statewide media.

Truck

Transportation & Logistics Companies

Interviewed IT, legal and other personnel, established pool of potential roles for global IR team, identified potentially-impacted categories of data & systems, privilege and escalation procedures. Developed flow charts for executive briefings and IR team in multiple countries. Established checklists for each role for use during live incidents.

Accounting

$1.5B Accounting Services Firm

Conducted full legal & technical risk assessment for Deputy General Counsel on cybersecurity-related legal risk; worked closely with IT and IS departments over several months, briefed board committee and full board; developed cybersecurity governance structure, including charter, duties, resources, budget and 12-month plan aligned with IT refresh cycle; developed internal compliance policies.

Insurance_1

Top 5 U.S. Insurance Company

Performed overall cyber and privacy risk assessment and examined liability exposure under state insurance cybersecurity regulations; accounted for risks associated with widespread independent agents on company network.

Energy

Worldwide Energy Company

Represented through massive ransomware attack resulting in total shutdown of all operational and production IT. Advised client about pay / no-pay decision on ransomware decrypt key from attackers. Engaged assistance from multiple technical entities to perform ransomware transactions, coordinate with law enforcement, test supposed decryption key, analyze / deconstruct malware. Prepared need-to-know updates to internal audit and insurance carrier, and external auditors for 8-K.

Government

National Government in East Asia

Drafted national strategies and legislation for cybercrime, cybersecurity & privacy for developing country with nascent legal regime.

Dating

Online Dating Service Company

Ran incident response, crisis management and defended during one of the largest data breaches worldwide for a dating site that garnered significant media attention. Defended in U.S. and international privacy and consumer protection enforcement actions and against multistate AG enforcement action brought by approximately 15 states; served as SME in class action.

CreditUnion

U.S. Credit Union

Examined cybersecurity requirements and liability exposure under industry-specific federal regulations (NCUA) in anticipation of regulator exam.

Civil+Rights

Major Civil Rights Organization

Advise on legal landscape of harmful speech online & on social media, and its implications for marginalized communities.