Robert Duffy - McDermott Will & Emery


Robert Duffy helps clients manage their cybersecurity, privacy, and information technology legal risks by delivering practical advice, navigating crisis response and aggressively pursuing justice for victims of cybercrime and business torts. Robert conducts internal investigations into security incidents, vulnerability reports, potential compliance issues, insider threats and other high-stakes matters. Robert helps clients meet regulatory and legal obligations by assessing cybersecurity maturity and developing cost-effective and risk-prioritized remediation plans and maturity roadmaps. Robert also defends clients against regulatory investigations and other post-incident disputes.

Show More


  • Helped global technology company recover from NotPetya malware incident by advising on safely restoring operations, communicating with customers, regulators, and the public, and defending against claims and regulatory inquiries*
  • Defended developer of consumer security software against FTC investigation of publicly reported security vulnerability, securing investigation closure after proving adequate security design and effective vulnerability response*
  • Helped leading online and physical retailer launch data subject rights program by working closely with consultants, technology vendors, and in-house legal, privacy, and engineering teams to define and defensibly implement program requirements*

Show More


  • District of Columbia Courts, Capital Pro Bono Honor Roll, 2023


  • American Bar Association


George Mason University School of Law, JD, 2009
Virginia Tech, BS, 2003

District of Columbia

US District Court for the District of Columbia
US District Court for the Eastern District of Virginia
US District Court for the Western District of Virginia
US Patent and Trademark Office