Michael E. Kar Associate




Michael E. Kar, CIPP/US, handles cybersecurity, data privacy and breach response, pre- and post-incident. Michael’s experience and resources enable him to efficiently identify potential data security incidents, assess risk, apply forensic expertise as needed, and effectively protect the client’s business and legal interests accordingly.

Part of a team of trained attorneys who provide 24/7 breach response services for companies in the United States and Canada, Michael serves as an immediate contact to tactfully advise and guide clients through the critical first steps of responding to breaches that may pose risks of operational disruption and/or sensitive data release.

Michael is well versed in the compliance responsibilities imposed by GDPR, HIPAA, GLBA, state data breach notification laws, and related data privacy regulations and guidance. When appropriate, he handles notification of individuals and regulators, assists with responsive regulatory investigations as well as law enforcement or media inquiries, and responds to third-party claims.

Michael also represents international and domestic insurers in connection with professional and specialty lines of coverage, including D&O, EPL, E&O, LPL and miscellaneous professional liability lines. Michael's retention as coverage counsel extends to first- and third-party claims arising under cyber and tech E&O policies.

Additionally, Michael has been an active pro bono mediator with the New York Peace Institute since 2016. In 2017, he was awarded a Certificate of Dispute Resolution from the Kukin Program for Conflict Resolution.

Areas of Focus

Cybersecurity & Data Privacy
Michael is consulted and retained as immediate data breach counsel for clients who experience cybersecurity incidents, taking into account all manner of threat actors and responding accordingly. His experience in cybersecurity and data privacy enables him to counsel clients effectively on their information life cycle management. In the event of a potential or actual breach, Michael represents clients through all applicable stages of breach identification, public relations, collaboration with law enforcement, forensic analysis, data mining, notification, initial and continuing regulatory compliance, and potential third-party claims.

Michael continually expands his resources in the field of cybersecurity, leveraging these connections to provide optimal and tailored incident response counseling to his clients. He carefully monitors trends and changes to data privacy regulation and cyber “attack vectors,” helping to ensure that his clients’ risk management guidelines are up to date, practical and effective.

Insurance Coverage
Michael represents and counsels insurers with respect to coverage matters involving professional lines of liability, tech E&O and media, and privacy breaches, including business interruption and data loss. Michael is practiced at evaluating difficult landscapes between carriers and their insureds that present competing considerations and complexities, and then surgically implementing coverage, monitoring or resolution strategies that work to resolve open issues and guide the engagement toward a favorable resolution. 

Directors & Officers
As a focus of his insurance coverage practice, Michael regularly represents D&O insurers as coverage and monitoring counsel in all types of matters, from high-profile regulatory investigations to complex commercial litigation. He is knowledgeable in the myriad disciplines and variables that impact the exposure and resolution of claims involving D&O liability insurance, including shareholder derivative actions; class action securities litigation; D&O policy coverage and application in abnormal circumstances, such as fraud and insolvency; data breach and other cyber liability claims; and negotiation and mediation processes.