Michael E. Kar Associate




Michael E. Kar, CIPP/US/E, focuses his practice on data privacy compliance and information security. Michael provides clients across various industries with comprehensive legal and business advice in connection with building and implementing data security policies and procedures, ongoing regulatory compliance, negotiation and due diligence of technology and commercial transactions, responding to regulatory inquiries and investigations, and immediate data breach incident response.

Michael is well versed in the compliance responsibilities imposed by HIPAA, the Federal Trade Commission Act, the Gramm-Leach-Bliley Act, the Payment Card Industry Data Security Standard, EU-GDPR, the California Consumer Privacy Act and state data breach notification laws, and related data privacy regulations and guidance. For clients who are involved in potential or actual data breaches, Michael serves as an immediate contact to tactfully advise and guide entities through the critical first steps of responding to breaches that may pose risks of operational disruption, sensitive data release, regulatory scrutiny or third-party claim exposure. When appropriate, he handles data breach notifications, law enforcement or media inquiries, responsive state or federal regulatory investigations and third-party claims.

Additionally, Michael has been an active pro bono mediator with the New York Peace Institute since 2016. In 2017, he was awarded a Certificate of Dispute Resolution from the Kukin Program for Conflict Resolution.

Areas of Focus

Data Privacy Compliance
Michael’s extensive experience in regulatory compliance and incident response enables him to counsel clients effectively on data privacy frameworks, including tailored privacy policies, information life cycle management, data minimization, cyber hygiene, technical and physical safeguards, third-party contracts and configurations, and proactive incident response planning. 

Michael continually expands his resources in the field of information privacy and cybersecurity, leveraging these connections to provide optimal counseling to his clients. He carefully monitors trends and changes to the data privacy regulatory framework across pertinent industries, as well as cyber “attack vectors,” which ensures that his clients’ policies, contracts and network security are up to date, practical and effective.

Incident Response
Michael has guided clients through hundreds of data security incidents, tailoring his advice and incident response strategy to each particular type of breach, threat actor and client industry. Michael represents clients through all applicable stages of breach identification, IT restoration and remediation, public relations, internal and external messaging, collaboration with law enforcement, forensic investigation, data mining, notification, initial and continuing regulatory compliance, and third-party claim response.