Michael E. Kar Associate




Michael E. Kar, CIPP/US, provides clients with comprehensive legal and business advice while assisting with proactive data security practices, ongoing regulatory compliance and immediate data breach incident response. Michael’s experience and resources enable him to efficiently evaluate potential data security vulnerabilities and compromises, assess risk, apply forensic or PR expertise as needed, and effectively protect each clients’ unique interests accordingly.

Michael is well versed in the compliance responsibilities imposed by HIPAA, the Federal Trade Commission Act, the Gramm–Leach–Bliley Act, the Payment Card Industry Data Security Standard, EU-GDPR, the California Consumer Privacy Act and state data breach notification laws, and related data privacy regulations and guidance. He reviews and opines on clients’ existing data security frameworks, third-party contracts and configurations, and privacy by design implementation.

Part of a team of trained attorneys who provide 24/7 breach response services for clients in need, Michael serves as an immediate contact to tactfully advise and guide entities through the critical first steps of responding to breaches that may pose risks of operational disruption, sensitive data release, regulatory scrutiny or third-party claim exposure. When appropriate, he handles data breach notifications, law enforcement or media inquiries, responsive state or federal regulatory investigations, and third-party claims.

Michael also has valuable experience representing international and domestic insurers in connection with professional and specialty lines of coverage. This includes analysis of privacy breaches under cyber and tech E&O policies, leading to collaboration with competing auditors and forensic investigators on evaluation of both operational and technical incident response expenses.

Additionally, Michael has been an active pro bono mediator with the New York Peace Institute since 2016. In 2017, he was awarded a Certificate of Dispute Resolution from the Kukin Program for Conflict Resolution.

Areas of Focus

Data Security
When engaged pre-breach, Michael’s experience in regulatory compliance and incident response enables him to counsel clients effectively on information life cycle management, data minimization, cyber hygiene, technical and physical safeguards, third-party contracts and configurations, and proactive incident response planning.

Michael continually expands his resources in the field of cybersecurity, leveraging these connections to provide optimal counseling to his clients. He carefully monitors trends and changes to the data privacy regulatory framework as well as cyber “attack vectors,” which ensures that his clients’ network security and risk management guidelines are up to date, practical and effective.

Incident Response
Michael has guided clients through hundreds of data security incidents, tailoring his advice and incident response strategy to each particular type of breach, threat actor and client industry. Michael represents clients through all applicable stages of breach identification, IT restoration and remediation, public relations, internal and external messaging, collaboration with law enforcement, forensic investigation, data mining, notification, initial and continuing regulatory compliance, and third-party claim response.

Insurance Coverage
Michael represents and counsels insurers with respect to coverage matters involving professional and specialty lines of liability, including cyber and tech E&O, D&O, EPL, LPL and miscellaneous professional liability lines. He has experience working with auditors and forensic investigators on privacy breach coverage issues, including business interruption, data loss, third-party claim exposure mitigation, and reasonable efforts to rebuild and remediate network infrastructure.