F. Paul Greene, CIPP/US, CIPP/E, CIPM, FIP

Paul brings years of experience to bear handling complex litigation matters in highly regulated industries. He provides clients with strategies to prevent, address, and resolve disputes in areas including privacy and data security, health care, and construction claims and design professional defense.

As chair of the firm’s Privacy and Data Security practice group, Paul counsels clients of all sizes in a wide range of industries concerning all aspects of pre-breach preparation and risk management, including security and vulnerability assessments, policy and procedure review, breach response planning and drills, as well as board and management education on cyber risk issues. After the breach, Paul, his team, and the team’s professional consultants provide a full array of breach coach and response services, including breach response and remediation, crisis management and communication, internal and governmental investigations, breach notification, and potential litigation or regulatory action.

Paul’s health care practice has placed him at the forefront of Medicaid reimbursement litigation against New York State in the long-term care space, litigating state-wide to champion the rights of long-term care providers.

Paul’s construction and design professional experience includes construction projects and improvements, both public and private, of all sizes. He has extensive experience with public authority improvements, including performance and payment bond claims. Specific industry experience includes water delivery and processing systems, landfills, and construction of medical facilities.

Paul’s clients have included long-term and health care providers, insurers, and groups; Fortune 100 companies; a major credit card and travel-related services company; an international shipping and logistics company; an international printing and packaging company; a health care trade association; an agricultural cooperative; a public water authority; design professionals and construction companies; automotive dealers of all sizes; as well as closely held businesses and individuals.

He has litigated in numerous venues, including the Supreme Court of the State of New York (both on the trial and appellate level, as well as before the New York State Court of Appeals), United States District Courts around the country, the American Arbitration Association and the International Centre for Dispute Resolution. He also devotes a significant portion of his time to pro-bono representation and support of cultural organizations.

Fluent in German, Paul has also represented a number of German-language clients in commercial disputes before American judicial and arbitral tribunals.

PROFESSIONAL & CIVIC AFFILIATIONS

• Certified Information Privacy Professional/US (CIPP/US), Certified Information Privacy Professional/Europe (CIPP/E), and Certified Information Privacy Manager (CIPM)
• Assistant Chancellor, Episcopal Diocese of Rochester
• Member, Constitution and Cannons Committee, Episcopal Diocese of Rochester
• Board of Directors, Episcopal Senior Life Communities
• Senior Warden, St. John’s Episcopal Church, Honeoye Falls, NY 2011-2012
• Former Board Member, Mercury Opera Rochester

HONORS & AWARDS

• Named a Distinguished Fellow by the Ponemon Institute
• Recognized as a Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals (IAPP)
• Recognized by Chambers USA from 2015-2023 in the field of Litigation: General Commercial (Upstate NY)
• Selected by peers for inclusion in The Best Lawyers in America^® for Health Care Law; Privacy and Data Security Law
• Recipient, Leaders in Law Award, The Daily Record and Rochester Business Journal’s Legal Excellence Program, 2021
• Recipient, “Up and Coming Attorneys” Award, The Daily Record, June 2015
• New York State Bar Association Empire State Counsel^® 2015 Pro Bono Honoree
• William McKnight Volunteer Service Award for distinguished pro bono service to the community, 2012
• Empire State Counsel Honoree, New York State Bar Association, 2010 and 2011
• Managing Editor, Fordham Law Review, Fordham University

REPRESENTATIVE EXPERIENCE

• Counseling numerous financial institutions concerning privacy and data security compliance, including the New York State Department of Financial Services Cybersecurity Regulations, 23 N.Y.C.R.R. Part 500.
• Representing a major credit card and travel-related services company concerning cyber security and breach-related litigation and indemnification issues.
• Representing an automotive dealership group concerning potential breach of its customer database.
• Representing a regional long-term care group concerning a breach of employee information.
• Counseling a higher education institution concerning improper distribution of student data.
• Providing pre-breach consulting services for publically traded companies and a utility.
• Representing a New York based marketing and media company in a dispute with an international pizza chain. The parties were engaged in a contract dispute concerning a nationwide marketing campaign, and Paul helped obtain dismissal of a pre-emptive suit by the pizza chain in the United States District Court for the Western District of Kentucky.
• Representing a California-based health care risk retention group and enforced an arbitration clause specifying venue in California, in a personal injury action commenced in Queens, New York.
• Representing a public water authority in a suit by a contractor alleging $9 million in damages for improper contract termination. Obtained a summary judgement granting the authority liquidated damages for the contractor’s project delay.
• Representing a state-wide group of long-term care providers against the State of New York claiming improper withholding of tens of millions in Medicaid reimbursement funds. Obtained an order compelling the State to cease its withholding of the funds.
• Representing an automotive dealer in relation to a commercial fraud claim, obtaining summary judgment in the dealer’s favor with a money judgment in excess of $500,000.

NEWS

• July 24, 2023 | LEGALcurrents®
  Employers Take Notice: Privacy Requirements Could Catch Unprepared Organizations Off-Guard
• June 28, 2023 | In The News
  Developing a Responsible Approach to Artificial Intelligence in Light of Developing Technologies and Regulations, F. Paul Greene
• May 30, 2023 | Publications
  Author, "The Risk in Adopting Template Data Protection Policies", New York Law Journal
• March 29, 2023 | Publications
  Author, "NY DFS Issues Sweeping FAQs Affecting Scope of Regulations", New York Law Journal
• March 1, 2023 | In The News
  This is Not a Drill: Table-Top Exercises Aren’t Just a Good Idea, They’re Mandatory for Many Organizations
• August 18, 2022 | Press Releases
  Harter Secrest & Emery Attorneys Recognized in the 2023 Editions of The Best Lawyers in America and Best Lawyers: Ones to Watch in America, Harter Secrest & Emery LLP
• June 24, 2022 | Publications
  Author, "The Balkanization of U.S. Privacy Law Continues With Connecticut’s SB6", New York Law Journal
• March 11, 2022 | Publications
  Author, "The New York Privacy Act Returns and Is in Good Company Nationwide", New York Law Journal
• February 14, 2022 | Publications
  Author, "California Here We Come: The New York Privacy Act", Rochester Business Journal
• November 9, 2021 | Press Releases
  Harter Secrest & Emery Stands Out in the 2021 Legal Excellence Awards Program, Harter Secrest & Emery LLP
• October 13, 2021 | LEGALcurrents®
  #PhightThePhish – Know the Pond You Are Swimming In!, Harter Secrest & Emery LLP
• October 8, 2021 | LEGALcurrents®
  Be Cyber Smart: Don’t Go It Alone, Harter Secrest & Emery LLP
• October 5, 2021 | LEGALcurrents®
  Be Cyber Smart: Plan for New Privacy Requirements in 2022, Harter Secrest & Emery LLP
• August 19, 2021 | Press Releases
  Harter Secrest & Emery Attorneys Recognized in 2022 Best Lawyers in America© and Best Lawyers: Ones to Watch, Harter Secrest & Emery LLP
• June 28, 2021 | Publications
  Author, "New York Privacy Act Makes Progress, but Hurdles Remain", New York Law Journal
• April 16, 2021 | Publications
  Author, "The Dangers of Dirty Data", Buffalo Business First
• April 16, 2021 | In The News
  "Featured in, “Panel of Experts: How to Use Big Data Analytics", Buffalo Business First
• March 25, 2021 | In The News
  The Dangers of Dirty Data, F. Paul Greene, CIPP/US, CIPP/E
• January 14, 2021 | In The News
  "Featured in, “New Data Privacy Laws for Doing Business in Canada Could Soon Be in Play", Buffalo Business First
• January 8, 2021 | In The News
  "Featured in, “N.Y. Privacy Bill Carries Litigation, Enforcement Hike Potential", Bloomberg Law
• December 24, 2020 | In The News
  "Featured in, “Facial Tech Moratorium Spotlights Children’s Privacy Importance", Bloomberg Law
• November 10, 2020 | Publications
  Co-Author, "Refine Your Legal Toolkit Before Ransomware Strikes", New York Law Journal
• April 3, 2020 | Publications
  Author, "Businesses need to know these key aspects of SHIELD Act compliance", Buffalo Business First
• April 3, 2020 | In The News
  "Featured in, “Forum: Big Data analytics", Buffalo Business First
• March 31, 2020 | Publications
  Author, "CCPA and Beyond: Mandating Data Protection by Regulation Creates Confusion", New York Law Journal
• December 5, 2019 | In The News
  "Featured in, "California Data Security Law to Have Widespread Impact", Rochester Business Journal
• November 26, 2019 | Publications
  Author, "Experimentation in Privacy Law Leads to Increased Complexity", New York Law Journal
• July 29, 2019 | Publications
  Author, "NY SHIELD Act Promises More Data Breach Enforcement, and International Reach", New York Law Journal
• May 11, 2019 | Publications
  Author, "Managing the Hypercomplexity of Cyber Security Regulation: In Search of a Regulatory Rosetta Stone", Cyber Security: A Peer-Reviewed Journal
• August 6, 2018 | Publications
  Co-Author, "11th Circuit Decision in LabMD Case Could Have Repercussion Beyond the FTC", New York Law Journal
• August 1, 2018 | Publications
  Author, "Laboratories of Invention: NYDFS Reaches Out to Regulate Consumer Credit Reporting Agencies", Cyber Security Practitioner
• December 14, 2017 | Publications
  Author, "In Wake of Equifax Breach: Standards Advance, Uncertainty Follows", New York Law Journal
• September 13, 2017 | Publications
  Author, "The Equifax Breach: Why This One is Different", New York Law Journal
• August 28, 2017 | Publications
  Author, "Grace Period Expires for Cybersecurity Regulations in NY: What Comes Next?", New York Law Journal
• August 25, 2017 | In The News
  "Featured in, "NY’s New Cybersecurity Regs for Banks, Insurers Take Effect", New York Law Journal
• May 1, 2017 | In The News
  "Featured in, “Cyber Criminals Increase Damaging Attacks Against Healthcare Organizations", Same-Day Surgery
• March 2, 2017 | In The News
  "Featured in, “New York State Tweaks Final Cybersecurity Regulations", New York Law Journal
• March 1, 2017 | Publications
  Author, "Final DFS Cybersecurity Regulations: Questions of Scope and Effect Linger", New York Law Journal
• March 1, 2017 | Publications
  Author, "Expansive Cyber Security Regulations Enter Into Effect in New York State", Cyber Security Practitioner
• February 10, 2017 | In The News
  "Featured in, “IRS, Experts Warn Firms of All Sizes About Scams", Rochester Business Journal
• November 11, 2016 | In The News
  "Featured in, “New Cybersecurity Regulations Need Clarification", Rochester Business Journal
• October 24, 2016 | Publications
  Author, "New Regulations Add to Complexity of Cybersecurity Compliance", New York Law Journal
• August 26, 2016 | Publications
  Author, "The Big Data Breach - For the Rest of Us", Buffalo Business First
• June 29, 2016 | Publications
  Co-Author, "Pace of Complexity Quickens in Cyber Security Landscape", Buffalo Law Journal
• June 1, 2016 | Publications
  Author, "Cyber Security in Medicine: It’s Not Just HIPAA, Anymore", Monroe County Medical Society's The Bulletin
• May 5, 2014 | Publications
  Author, "FTC Can Regulate Data Security, But It's Not a Blank Check", New York Law Journal
• January 1, 1970 | Publications
  ""

PRESENTATIONS

• Presenter, “Trick or Treat: Making the Most Out of Your Cyber Insurance and Incident Response Preparation,” FEI Rochester Chapter, October 31, 2023
• Presenter, “Artificial Intelligence: Managing Risk, Regulation, and Reward” Rochester Security Summit, October 25, 2023
• Presenter, “Thinking Like a Regulator – Making the Most of Your Data Protection Compliance” Rochester Security Summit, October 25, 2023
• Co-Presenter, “Anatomy of a Data Breach | Real Disaster Scenarios and Tips to Ensure It Won’t Happen to You,” Harter Secrest & Emery and DOX Electronics, July 19, 2023
• Co-Panelist, “Virtual Panel Discussion: Cybersecurity,” Rochester Business Journal, June 29, 2023
• Presenter, “How I Learned to Stop Worrying and Love My AI Overlords: Ethics and AI in Data Protection,” New York State Cybersecurity Conference, June 6, 2023
• Panelist, “AI in the Built World: Who Should Be the Adults in The Room?” Cherre Data Summit, May 17, 2023
• Co-Panelist, “Living Through Ransomware: Real Life Insights,” HFMA Washington-Alaska Chapter Spring Conference, March 16, 2023
• Co-Presenter, “Data Protection and Management in Higher Education-Beyond FERPA,” 44^th Annual National Conference on Higher Education Law & Policy, March 4, 2023
• Co-Presenter, “Cyber Incident Response Workshop”, 44^th Annual National Conference on Higher Education Law & Policy, March 3, 2023
• Presenter, IAPP Data Protection Intensive: Deutschland 2022, October 11-12, 2022
• Presenter, “This is Not a Drill: Security Incident Tabletop Strategy,” Global Security Exchange (GSX), September 14, 2022
• Panelist, “War and Cyberwar Expert Panel,” with Dox Electronics and Arctic Wolf, April 8, 2022
• Panelist, “Buffalo Business First’s Panel of Experts: Big Data Analytics 2022,” March 17, 2022
• Co-Presenter, “Cyber Incident Response Workshop: Table Top Simulation,” 43rd Annual National Conference on Law and Higher Education, Stetson University, March 5, 2022
• Panelist, Martin Friedman CPA webinar, January 11, 2022
• Panelist, “Put Your Incident Response Planning into Action,” Harter Secrest & Emery Cybersecurity Awareness Month webinar, October 28, 2021
• Panelist, “Dealing with the Mayhem of a Cybersecurity Incident,” Michigan Credit Union League & Affiliates Annual Convention & Exposition, August 24, 2021
• “Ransomware: How to Plan for and Manage the Risk to Your Institution,” Stetson Law Center for Excellence in Higher Education Law and Policy, July 22, 2021
• Panelist, “2021 Buffalo Business First Panel of Experts: Big Data,” March 25, 2021
• Panelist, “College & University Breakfast Series,” The Bonadio Group, in collaboration with UNYCC webinar, December 7, 2020
• Co-Presenter, “Ransomware: What every CFO needs to know in relation to your company’s worst nightmare,” FEI Rochester Chapter, November 17, 2020
• “Two (and a Half) Weeks In: Ongoing Data Protection Concerns in Light of the COVID-19 Pandemic,” Harter Secrest & Emery LLP Webinar, April 1, 2020
• “Managing Privacy & Data Security Risk During the COVID-19 Pandemic,” Harter Secrest & Emery LLP Webinar, March 20, 2020
• Panelist, 2020 Buffalo Business First Executive Forum: Data Analytics, March 3, 2020
• Panelist, PrivSec New York: NYDFS and Cybersecurity Regulation, November 6, 2019
• “A Calm Approach to Regulatory Confusion,” 2019 New York State Cyber Security Conference, June 4, 2019
• “So You Clicked On That Malicious Link: What Now? The Role of HR in a Cybersecurity Incident,” Harter Secrest & Emery’s Labor and Employment Law Conference, April 30, 2019
• Panelist, 2019 Buffalo Business First Executive Forum: Making Sense of Your Company’s Data, Cyber Security, March 3, 2019
• “GDPR Considerations in Higher Education,” Upstate New York College Collaboration Security Summit 2018, December 14, 2018
• “Time Is Not on Your Side-The Legal Risk of Ransomware,” Rochester Security Summit, October 9, 2018
• Panelist, 2018 Buffalo Business First Executive Forum: Cyber Security, October 4, 2018
• “The Increasing Risks to Cybersecurity from Regulation and Enforcement,” Global Security Exchange, September 24, 2018
• “Regulatory Update: NY Financial Regulations,” NetDiligence CyberRisk Summit, June 13, 2018
• “How to Overcome the Complexities of Cybersecurity Compliance,” 21st Annual NYS Cyber Security Conference, June 6, 2018
• “23 NYCRR 500: What lies ahead for 2018?” webinar with Synoptek, April 5, 2018
• “Managing Cyber Risk in Higher Education – Views from the Legal and Financial Perspectives,” EACUBO 2018 Workshop, Arlington VA, March 29, 2018
• “Big Data Analytics: What is Your Business Intelligence Strategy?” Buffalo Business First Executive Forum, March 20, 2018
• “Regulation Update,” 2018 Advisen Cyber Risks Insights Conference, February 13, 2018
• “NYS DFS Part 500 – The Deadline is Looming, Can You Certify Compliance?” Webinar with GreyCastle Security, February 6, 2018
• “Preparing for a Cyber Breach,” Bonadio’s 10th Annual Compliance Seminar Series: Navigating the Complexities of Compliance, Rochester, NY, November 30, 2017, Albany, NY, December 7, 2017, New York, NY, December 13, 2017
• “Too Many Cops on the Cyber Beat: the Hyper‐complexity of Cybersecurity Regulation,” Rochester Security Summit, Rochester, NY, October 19, 2017
• “Top 10 Legal Pitfalls to Avoid in Relation to a Data Breach,ʺ GreyCastle Security 5th Annual Cybersecurity Symposium, Albany, NY, October 11, 2017
• “Cybersecurity & Your Company: What You Need to Know Now,” with The Bonadio Group, Lawley, and Fasoo, Harter Secrest & Emery, September 13, 2017
• “Cybersecurity and Your Business,” Eyes on the Future, Greater Rochester Enterprise, August 2017
• “The Cross-Border Conundrum: Balancing Canadian and U.S. Privacy Concerns,” International Association of Privacy Professionals (IAPP) Canada Privacy Symposium 2017, Toronto, CA, May 15-18, 2017
• “Cyber Threats in Health Care: HIPAA and Beyond,” Ambulatory Surgery Center Association (ASCA) 2017, Washington, D.C., May 3-6, 2017
• “Human Resources and Cyber Risk: The New Frontier of Cyber Security Regulation,” Harter Secrest & Emery’s Labor and Employment Law Conference, April 5, 2017
• “NYS DFS Cybersecurity Final Rule Webinar,” with GreyCastle Security, March 22, 2017
• “New Year, New Threat Landscape: Managing Cyber Risk in 2017,” with IV4, Syracuse, NY, January 17, 2017 and Rochester, NY, January 19, 2017
• “NYS DFS Cybersecurity Webinar,” with GreyCastle Security, December 13, 2016
• “Information and Cyber Security Responsibilities for Senior Management,” EFPR Group LLP seminar, Rochester, NY, December 8, 2016
• “Cyber Security Regulations: The Regulatory Arms Race,” Institute of Internal Auditors, Rochester, NY, December 7, 2016
• Harter Secrest & Emery LLP and TAG Solutions Regional Cyber Security Luncheons, Albany, NY, November 2, 2016, Buffalo, NY, November 22, 2016, Rochester, NY, November 29, 2016
• “Managing the Risk of a Cyber Breach,” Davie Kaplan Annual Tax Planning Symposium, Rochester, NY, November 10, 2016
• “Cyber Security Regulations – The Regulatory Arms Race,” Rochester Institute of Technology, B. Thomas Golisano College of Computing & Information Sciences, November 1, 2016
• “Compliance Issues & Risks in Turnaround,” Turnaround Management Association, Rochester, NY, October 20, 2016
• “Life’s a Breach,” DIGITS LLC Cyber Security Luncheon, Rochester, NY, October 19, 2016
• “Breaches in HIPAA,” New York State Association of Ambulatory Surgery Centers Fall Conference, Albany, NY, October 7, 2016
• “Managing Cyber Risk from a Legal Perspective,” Rochester Security Summit, Rochester, NY, October 5 & 6, 2016
• “Building Blocks of Cyber Security,” New Horizons at Logical Operations, Rochester, NY, September 13, 2016
• “Executive Forum: Cyber Security,” Buffalo Business First, Buffalo, NY, August 11, 2016
• “Cyber Security 2016,” Corporate LiveWire Virtual Roundtable, June 23, 2016
• “2016 Upstate New York Regional Cybersecurity Forum,” Rochester Institute of Technology, Rochester, NY, June 14, 2016
• “Cyber Threat Update Luncheon: A View of Recent Developments on the Cyber Risk Front from the Legal and Technical Perspectives,” Pittsburgh, PA – April 21, 2016 and Rochester, NY – May 5, 2016
• “Cyber Security Update,” Healthcare Financial Management Association Rochester Regional Chapter Spring Institute, March 18, 2016
• “Cyber Security and Human Resources – Addressing Legal Risk,” National Human Resources Association, Rochester, March 8, 2016
• “Billions Spent on Data Security,” Eyes on the Future, Greater Rochester Enterprise, February 2016
• “Cybersecurity: Privacy & Security Issues,” Monroe County Bar Association, January 2016
• “The Legal and Financial Impact on Employers when Health Insurers are Hacked,” Cyber Risk Breach Update, September 16, 2015
• “Data Security,” Eyes on the Future, Greater Rochester Enterprise, December 2014
• “Perspectives from the Law Enforcement, Legal, Auditing, and Insurance Fields,” Niagara Frontier Corporate Counsel Association: Data Breach Symposium , October 22, 2014
• “Planning for the Data Breach, Legal Framework,” Association of Corporate Counsel, Data Breach Symposium, June 13, 2014