Brandon Weinreb is a core member of the firm's Data, Privacy and Cybersecurity practice, where he routinely advises clients across a wide range of industries on complex data privacy, cybersecurity, and incident response matters. Brandon's practice encompasses both proactive counseling and reactive crisis management, enabling clients to build resilient data protection programs while also standing ready to guide them through the most challenging cybersecurity events.
Brandon has experience supporting organizations through high-stakes cybersecurity incidents, including ransomware attacks, business email compromises, and other sophisticated threat actor campaigns. His work consists of supporting all facets of incident response efforts, from initial detection through remediation. In this capacity, he assists with coordinating forensic investigations, engaging and liaising with external vendors, providing guidance on containment and recovery strategies, advising on threat actor negotiations and payment considerations, and overseeing legal and regulatory breach notification obligations domestically and across international jurisdictions. Brandon also supports organizations with crisis communications throughout the incident response lifecycle, ensuring that internal and external messaging aligns with organizations' legal and operational priorities.
In addition, Brandon helps clients strengthen their cybersecurity posture by facilitating cybersecurity tabletop exercises and advising on the development and implementation of written information security programs and incident response plans. He also helps clients proactively manage and mitigate data protection risks through vendor security due diligence, as well as negotiating cybersecurity-related provisions in commercial agreements.
As a Certified Information Privacy Professional (CIPP/US, CIPP/E), Brandon advises clients on existing, proposed, and emerging state, federal, and international data protection laws and regulations, including the California Consumer Privacy Act (CCPA) and other comprehensive consumer privacy statutes. His compliance work consists of drafting and reviewing privacy policies and data processing addendums, developing and advising on the implementation of consumer rights request processes, and providing strategic counsel on the privacy implications of emerging technologies.
