Alan M. Winchester

Member

“In cyber or information security my greatest satisfaction is in helping companies appreciate and assess their risk so they can make informed business decisions. In electronic discovery, my most fulfilling moments are found in applying technology to perform document reviews often resulting in meaningful early case assessment which allow all the stakeholders in the litigation to make an informed decision about how much to invest in the litigation effort and what outcome to expect.”

E-Discovery

Alan is experienced in all phases of the electronic discovery process. He and his group, which includes forensically trained IT professionals, routinely help organizations with the identification and preservation of potentially relevant content; its collection; review and finally production to the requesting party. He is a pioneer in the use of predictive coding to cost effectively and quickly identify responsive documents for early case assessment and review purposes and has been lecturing and writing in this area for the last four years. He has developed sampling methods used to test key word searches and to validate coding decisions.

Cybersecurity

Alan assists organizations develop and implement compliance programs for critical information and systems, offering guidance on legal and regulatory requirements associated with the storage of protected information and what to do in the event of a data breach, developing and implementing an information security incident response plan, working with IT professionals to investigate the scope of a data breach and working to represent organizations faced with either government investigations or private actions associated with cybersecurity loss.

Information Governance

Alan works with organizations to develop information governance policies. This includes preparing organizations for a potential regulatory or legal action, developing policies to safeguard important business transactions, and helping organizations comply with government and industry standards in developing best practices to manage and retain documents. Alan also assists organizations with information management relating to the development of document management strategies and retention policies and the development of disaster recovery plans.

Pharmaceutical and Medical Device Defense

In the tort arena, Alan focuses his practice primarily on litigation involving technology and pharmaceutical products. He has defended manufacturers of chemical or pharmaceutical products in products liability claims brought as class actions, multi-district litigation and statewide consolidations or as individual suits involving cancer, cardiac and pulmonary defects, birth defects and other systemic injuries. He has also acted as national counsel, local counsel, and science counsel for numerous companies.

Representative Matters

Data Breaches

We have handled breaches for towns, municipalities, and businesses – including HIPAA covered entities and federally regulated banks.

Data Privacy and Security Programs, Web Privacy Policies

Harris Beach has helped organizations from all industry sectors to implement data privacy and security programs that comply with New York Shield Law, California’s data privacy laws and the many additional privacy laws being developed in each state. This work also includes developing Web Privacy policies that balance the reporting and disclosure requirements with the flexibility to effectively use data collected from data subjects in the future. This is especially important for companies that want to allow for the possibility to merge into other organizations or be sold or acquired.
Successfully resolved complaint made against US-based business by Data Subject to the UK Data Protection Authority (the ICO) under the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR).
Drafted and revised Data Protection Agreements and Policies and Procedures for multiple businesses to reflect compliance obligations under the GDPR, the New York Department of Financial Services Cybersecurity Regulation (23 NYCRR 500), and other regulations governing data transfers, data privacy, and cybersecurity.
Defended multi-site healthcare provider in data breach/HIPAA violation action.

Defense Contractors

We have worked with many defense contractors to define policies and controls to support DFARS and NIST 171 security compliance. We are now working with many of these companies to implement programs that comply with the new CMMC security standard so they may certify to the level required for the contracts they desire.

Education

Harris Beach has developed privacy policies for many of New York’s school districts that comply with the new cybersecurity and data privacy regulation promulgated to support New York’s Education Law 2D as well as the federal standard, FERPA.

Energy

Assisting energy sector companies in events where one or more individuals from outside of the organization obtained access to: email systems; file servers and data bases without authorization. Harris Beach helped these companies with the initial investigation by retaining and directing forensic investigators to identify the root cause and scope of these events. The firm then assists its clients with their legal and contractual breach notification obligations and improving their security plan to reduce the risk of these events from occurring again.
Harris Beach is currently working with an IT security vendor to develop and implement a standard system security plan and set of controls for use in energy power plants for both operation technology and for informational technology. These will ultimately be implemented in over 70 power plants.
Harris Beach is working with a large regional reseller of energy products to develop a system security plan for the processing of Payment Cards and individual privacy requirements for all the states that company is currently operating within.
Harris Beach has assisted its energy clients with drafting data sharing and transfer agreements to allow the transfer of data between the US, Canada and the European Union.
Harris Beach is working with some of its major utility clients with cybersecurity matters involving federal and state agencies. This includes compliance with New York State’s Department of Financial Services.

Financial Institutions

The firm has worked with insurance carriers, financial institutions and brokers to comply with Sarbanes Oxley, Gramm Leach Bliley, New York State Department of Financial Services, Federal Trade Commission, and Federal Communication Commission data protection and privacy rules.
Represented clients before the DFS

Health Care

We have worked with several hospitals and health care systems, nursing and assisted living centers and insurers to develop system security plans that comply with HIPAA, CMS Medicaid data and NY State’s OHIP 3.1 data protection standard.
Performed HIPAA cyber assessments and audits

Additional Legal Representation

Discovery counsel for a major pharmaceutical drug subject to recall due to concerns about the manufacturing process.
Discovery counsel to defendants in complex federal court matters in the implementation of litigation holds and good faith compliance with obligations for disclosure of Electronically Stored Information (ESI) under the revised Federal Rules.
Document counsel to an entity involved in a significant Department of Justice investigation.
Regulatory and compliance counsel to national health care insurer seeking to develop document retention plans that incorporate ESI.
Regulatory and compliance counsel to quasi-governmental agencies seeking counseling on record retention strategies for ESI.
Risk assessment counsel to multiple international pharmaceutical companies seeking prelaunch evaluations of their products.
National counsel of a manufacturer of devices and pharmaceuticals used in dentistry.
Counsel to a company involving the theft of intellectual property through its computer systems by a competitor.
Counseling companies which maintain credit card information on the requirement of PCI data security standards.
Discovery counsel to a compounding pharmacy facing criminal and civil liability associated with allegedly contaminated pharmaceuticals.
Regional counsel to a sporting goods and toy manufacturer for product liability and Consumer Products Safety Commission claims.

Professional and Civic

Claims and Litigation Management Alliance, member
Defense Research Institute, member
Sedona Conference, member
New York State Unified Court System’s E-Discovery Working Group, co-leader of the Operations Group, by appointment of Chief Administrative Judge Ann Pfau

Recognition

Super Lawyers, E-Discovery and Personal Injury – Products: Defense, since 2014

Legal Practices

Cybersecurity Protection and Response

E-Discovery (e-info℠)

Mass Torts and Industry-Wide Litigation

Industry Teams

Health Care

K-12 Education

Medical and Life Sciences

Real Estate Developers

Science and Technology

Unmanned Aircraft Systems – Drones

Brooklyn Law School

1989

Albany Law School

1986

Location

New York, NY Office

Rochester, NY Office

November 4, 2022

Ransomware Attack Hits Major Healthcare System CommonSpirit Health

A major healthcare system recently experienced a ransomware attack that affected patient care.

October 14, 2022

Cyberattacks Hitting School Districts

School districts are particularly vulnerable to hackers because they operate with limited budgets

April 4, 2022

Division Y-Cyber Incident Report for Critical Infrastructure Act of 2022 Becomes Law, with Regulations Expected by 2025

Division Y – Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law by President Biden on March 15.

February 11, 2022

Recent NYSED Decision Underscores Need for School Districts to Protect Data Privacy

School districts must consider the sanctity and privacy of data they maintain, as a recent decision underscores from the New York State Educ

July 8, 2021

New York Sen. Gillibrand Proposes Data Protection Agency to Regulate Collection, Sharing of Personal Information

A cynical online commenter once wrote this about the data collection practices of the online news site Digg: “If you are not paying for it,

March 17, 2021

When in Doubt, Report Cybersecurity Events

The New York State Department of Financial Services (DFS) announced the $1.5 million settlement of its investigation of Residential Mortgage

February 19, 2021

New York’s Department of Financial Services Urges Cyber Insurance Companies to Require Insureds to Implement Robust Cybersecurity Programs

The New York State Department of Financial Services (DFS) issued a letter to the cyber insurance community on February 4, 2021 that should s

October 7, 2020

Education Data Privacy and Security Laws: Best Practices for School Districts

As if this fall weren’t hectic enough, school districts now need to prioritize compliance with a critical new regulation expanding New York

June 24, 2020

COVID-19’s Impact on Cybersecurity – Don’t Let Your Data Privacy, Security and Regulatory Compliance Waver

COVID-19 has had a dramatic impact on nearly all aspects of organizations nationwide – from employee safety to reimagined workplaces to fina

April 10, 2020

12 Ways to Ensure Strong Cybersecurity During the COVID-19 Pandemic

In addition to the upheaval and emergency measures taken to combat the COVID-19 virus, organizations are increasingly vulnerable to cyber-at

January 14, 2020

New York Board of Regents Approves Part 121 Regulations Required by Education Law § 2-d

Today the Board of Regents formally adopted Part 121 to the Commissioner’s Regulations to implement Education Law § 2-d. The regulation will

December 23, 2019

New Guidance Clarifies Schools Health Records Governed by FERPA Are Not Subject to HIPAA

New guidance issued jointly by the U.S. Department of Education and the U.S. Department of Health and Human Services advises schools that mo

November 21, 2019

Alan Winchester Presents SHIELD Act Webinar

For many organizations, New York’s SHIELD Act is the first legal obligation to implement security protections. Any business that maintains p

September 25, 2019

NYS Education Law Section 2-D

Now that school is back in session, partners Ed Trevvett and Alan Winchester discuss New York state’s renewed focus on strengthening data pr

June 20, 2019

Six Steps To Take Immediately After You Suspect Wire Fraud

Wire fraud is on the rise. Health care providers engaging in transactions, whether operational or financial, need to remain aware of crimes

June 5, 2019

Legislation Poised to Award Increased Rights for Breach of Consumer Data

Legislation pending in New York state may grant broader rights to consumers after breaches expose their personal information. If passed and

April 3, 2019

Illinois Law Restricting Biometric Identifiers May Set Precedent for Other States

The Illinois Biometric Information Privacy Act (BIPA) is receiving a great deal of attention because it includes a private right of action.

December 19, 2018

Breach of Health Systems Data: Managing and Mitigating Risks

Earlier this year, Anthem, Inc. agreed to pay $16 million to settle claims brought by the Office of Civil Rights of the U.S. Department of

December 5, 2018

Breach of Consumer Information Yields Lessons for Companies

As Marriott International and Quora reel from data breaches, we discuss ways for companies to implement lessons learned and strengthen their

March 10, 2022

Caetra.io Wins Legalweek 2022 Leader in Tech Award in Cybersecurity and Data Privacy

Caetra.io, a provider of governance, risk and legal compliance (GRC) software, has been recognized at Legalweek New York 2022 for precedent-

December 19, 2021

Caetra.io Named Finalist in 2nd Annual Legalweek Leaders in Tech Law Awards

Harris Beach PLLC subsidiary Caetra.io has been named a finalist in the data privacy and cybersecurity category of the Leaders in Tech Law A

June 8, 2021

Alan Winchester discusses law firm technology with Rochester Business Journal

Like all businesses, law firms have been forced to accelerate their plans for technology transformation in the wake of the global pandemic.

March 23, 2021

Alan Winchester, Mike Compisi Discuss Cyber-Insurance

Ongoing threats to cybersecurity and data privacy have organizations increasingly thinking about ways to reduce risks through cyber insuranc

December 13, 2019

Alan Winchester Discusses Nuances of CCPA and NYS SHIELD Act Regulations

Data privacy considerations will get much more complicated in the new year as both New York and California implement new laws aimed at prote

November 12, 2019

79 Attorneys from Harris Beach Named to 2019 Super Lawyers List

A total of 79 Harris Beach PLLC attorneys have been named to the 2019 edition of Super Lawyers, a peer-based rating service that recognizes

February 21, 2019

Harris Beach Launches Software Company to Address Gaps in Cybersecurity Regulatory Compliance

First new application, CyMetric, converts cyber and data privacy regulations into measurable policies and controls Harris Beach PLLC, one o

September 27, 2022

Alan Winchester and Dawn Russell Presenting at CyMetric K-12 User Group Conference v1.0

CyMetric K-12 User Group Conference is designed for customers to share experiences, define best practices and network with peers.

June 14, 2022

Alan Winchester and Mike Compisi to Join War and Cyberwar Expert Panel

Presented by Core BTS, Harris Beach, Caetra.io and Arctic Wolf, this presentation meant to unpack some of the behind-the-scenes geopolitical

June 14, 2022

Alan Winchester and Mike Compisi to Present on War and Cyberwar Panel

Harris Beach and its subsidiary Caetra.io are co-sponsoring a “War and Cyberwar seminar/ webinar.”

April 22, 2022

Alan Winchester to Present on Panel at TechRochester and The Builders Exchange of Rochester Program on Cybercrime: A $6T Business, Are You at Risk?

Join TechRochester and the Builders Exchange of Rochester on Tuesday, May 10, 2022 at 7:30 AM at Blades Private Events and Catering for Cybe

November 19, 2021

Harris Beach, Tompkins Insurance Agencies and Caetra.io Present Cyber Insurance 101 Webinar Recording

The rise of ransomware attacks has spurred an increased demand for cybersecurity insurance. However, many organizations find coverage can be

November 15, 2021

Cybersecurity in Schools Webinar: The Dark Web, Ransomware & Protecting Your District

Who should attend: School board members, Superintendents, business officials, data and privacy officers

November 11, 2019

Alan Winchester Presents SHIELD Act Webinar

For many organizations, New York’s SHIELD Act is the first legal obligation to implement security protections. Any business that maintains p

September 30, 2019

Alan Winchester Presenting CLE on Cybersecurity at the National Federation of Paralegal Association Annual Convention and Policy Meeting

The program will cover: cybersecurity; cybersecurity compliance and data privacy, how they differ and overlap and form part of a governance

August 21, 2019

Neal Slifkin and Alan Winchester to Speak at Photonics Business Meeting

Neal and Alan will speak at the New York Photonics Business Meeting on September 9th on the new Department of Defense (DOD) cybersecurity st

March 21, 2019

Alan Winchester Presenting CLE on Cybersecurity at the National Federation of Paralegal Association Annual Convention and Poicy Meeting

The program will cover: cybersecurity; cybersecurity compliance and data privacy, how they differ and overlap and form part of a governance

March 21, 2019

Alan Winchester Presenting at ISACA WNY 2019 Control and Compliance Conference

Alan will be presenting ” Laws, Controls and Compliance – Solving the Puzzle” at the ISACA WNY Cybersecurity Past, Present and Future confer

November 29, 2018

Alan Winchester Presenting to NY Photonics Executives

Alan Winchester, leader of the Harris Beach Cybersecurity Protection and Response Practice Group will discuss how to prevent an attack, acti

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Alan M. Winchester

Member

Brooklyn Law School

Albany Law School

Alan M. Winchester

■ Areas of Expertise

Legal Practices

Industry Teams

■ Profile

■ Representative Matters

■ Professional and Civic

■ Admissions

■ Education

Offices throughout New York:

Cookies