Christopher Song
Associate | New York,
United States
Christopher.Song@kennedyslaw.com
+1 212 832 4920
Download contact card
Profile
Education
- Vanderbilt University Law School, JD, 2013
- Duke University, BS, 2000
Chris is an associate on the Cyber and Data Privacy team in the New York office, where he focuses his practice on advising clients on cybersecurity, data privacy and incident response related legal issues.
He works closely with technology and security teams, forensic specialists, executive teams, vendors, insurers and other internal and external stakeholders to minimize the costs and impacts of cybersecurity incidents. He also advises clients on compliance with state and federal breach notification rules and regulations.
Prior to Kennedys, Chris worked as cybersecurity and incident response counsel for a Fortune 500 software company.
Certifications
- Member, International Association of Privacy Professionals (“IAPP”)
- CIPP/US, IAPP
Qualifications and admissions
- New York
- US District Court for the Southern District of New York
Market recognition
- Recognized to the list of New York Metro Super Lawyers “Rising Stars” (2022)
Work highlights
- Defended energy, fintech, and health care organizations in federal and state class actions alleging breach of data privacy resulting from cybersecurity incidents.
- Provided legal compliance advice and guidance to clients on state, federal, and international cybersecurity and data privacy laws, regulations, and standards.
- Advised clients on incident response by managing digital forensics investigations, negotiation and payment of ransom demands, remediation of computing environments, fulfillment of notification and reporting obligations, creation of internal and external communication plans, and responses to law enforcement and regulators.
- Advised commercial legal attorneys, sales, and client facing professionals on client questions and disputed contractual terms concerning cybersecurity, data privacy, and incident response obligations and practices.
- Helped create framework for and drafted communications to the SEC about cybersecurity related events and risk factors on behalf of public company clients.
- Provided legal oversight for clients undergoing internal or external cybersecurity and data privacy related audits.
- Advised on usage of AI/ML software and conducted data privacy impact assessments related to such applications.
- Conducted pre-acquisition due diligence and post-acquisition integration of acquired companies.
- Worked with cross-functional teams to create and implement Privacy by Design and Security by Design technologies into SaaS applications.
Banking and finance
Construction and engineering
Education
Healthcare
Information technology
Insurance and reinsurance
Public sector
Retail
Travel and tourism