Robert Duffy helps clients manage their cybersecurity, privacy, and information technology legal risks by delivering practical advice, navigating crisis response and aggressively pursuing justice for victims of cybercrime and business torts. Robert conducts internal investigations into security incidents, vulnerability reports, potential compliance issues, insider threats and other high-stakes matters. Robert helps clients meet regulatory and legal obligations by assessing cybersecurity maturity and developing cost-effective and risk-prioritized remediation plans and maturity roadmaps. Robert also defends clients against regulatory investigations and other post-incident disputes.
Robert helps industry leaders and other mature organizations meet emerging legal and regulatory obligations by leveraging enterprise risk management tools and techniques, deploying best-of-breed technology solutions and developing novel tactics, techniques, and procedures. He also helps start-up, mid-market and acquisition-focused companies quickly close compliance gaps. Robert helps clients across industries bring compliant and secure products to market.
Robert is a trusted adviser to the cybersecurity industry. His current and former clients include the counter-cybercrime division of a major technology company, a leading consumer security software company, a multinational managed security services provider and a leading enterprise cybersecurity services provider.
Robert is a lifelong technology enthusiast who wrote his first “hello world” computer program more than 30 years ago. He learned Linux and FreeBSD as an undergraduate and has been a Unix hobbyist since. Between undergraduate and law school, he was a full-stack developer for a leading government contractor. Today, clients turn to Robert for guidance with issues across the technology spectrum, including secure software development, privacy-by-design, process automation, outsourcing and external dependency management, information assurance and resiliency, operations technology, critical infrastructure, AI governance, IT audit and compliance operations.
In his pro bono practice, Robert fights for the confidentiality of abuse victim services by defending VAWA-funded organizations from subpoenas. He also advises start-up and growing non-profit organizations on a broad array of issues.
During law school, Robert was the president of the Student Bar Association and chair of the ad hoc committee to redraft the Honor Code.
Helped global technology company recover from NotPetya malware incident by advising on safely restoring operations, communicating with customers, regulators, and the public, and defending against claims and regulatory inquiries*
Defended developer of consumer security software against FTC investigation of publicly reported security vulnerability, securing investigation closure after proving adequate security design and effective vulnerability response*
Helped leading online and physical retailer launch data subject rights program by working closely with consultants, technology vendors, and in-house legal, privacy, and engineering teams to define and defensibly implement program requirements*
Helped big-5 technology company expand counter-cybercrime program internationally, leading to multiple groundbreaking botnet takedown operations*
Represented leading market maker in dispute with departing quantitative analyst regarding return of company information, securing a temporary restraining order on an issue of first impression and successfully defending the TRO on appeal and before a FINRA panel, resulting in favorable settlement*
Represented forensic services firm in response to law enforcement requests for prior investigative materials and related witness testimony, resulting in indictment of multiple members of foreign military APT group*
Helped healthcare technology services provider minimize notification obligations after insider data breach by working with law enforcement to secure the exfiltrated data*
Represented cybersecurity services provider in suit against testing organization for trade secret misappropriation and computer fraud and abuse, prevailing against motion to dismiss on multiple issues of first impression, resulting in favorable settlement*
Defended domestic violence shelter against subpoena for patient records, successfully protecting all non-public information from disclosure*
Defended deposition of domestic abuse counselor, prevailing in dispute regarding scope of deposition and further protecting patient records*
Drafted and prosecuted patent applications on behalf of global semiconductor company covering technologies related to video broadcast protocols, biometrically authenticated communications, device and network security, mobile payments, certificate trust chains, decentralized social networks, and mobile-device user interfaces*
George Mason University School of Law, JD, 2009
Virginia Tech, BS, 2003
District of Columbia
US District Court for the District of Columbia
US District Court for the Eastern District of Virginia
US District Court for the Western District of Virginia
US Patent and Trademark Office
Do not send any information or documents that you want to have treated as secret or confidential. Providing information to McDermott via email links on this website or other introductory email communications will not create an attorney-client relationship; will not preclude McDermott from representing any other person or firm in any matter; and will not obligate McDermott to keep confidential the information you provide. McDermott cannot enter into an attorney-client relationship with you until McDermott has determined that doing so will not create a conflict of interest and until you and McDermott have entered into a written agreement or engagement letter that sets forth the terms of our relationship.