S. Keith Moulsdale
Mr. Moulsdale co-chairs the Cyber Security, Information Management & Privacy practice at Whiteford Taylor & Preston. His practice focuses on licensing, IP, data security, privacy and other e-commerce and technology-related legal issues that organizations face, both in the U.S. and internationally. He regularly counsels a wide range of organizations – including financial institutions, software vendors, and trade associations – in connection with their most significant data security concerns, including: data security breach attempts; cross-functional assessment, containment and response efforts; mitigation strategies; information security policies; and compliance with statutory notification requirements.
In addition, Mr. Moulsdale regularly represents software and technology companies that develop and distribute products and services that mitigate data security risks, as well as cybersecurity forensic companies.
- Listed in Chambers USA: America's Leading Lawyers for Business, published by Chambers & Partners, 2020
- Listed in Best Lawyers in America, 2017 - present
- Martindale-Hubbell, Distinguished Peer Rating for High Professional Achievement, 2016
- Maryland Super Lawyers, 2012 - 2014
- Top Rated Technology Transaction Attorney and International Lawyer
- Listed in Baltimore's Legal Elite, 2006 - Baltimore SmartCEO Magazine
- Included among "Who's Who In Law" in Baltimore Business Journal, May 30, 2003 & December 1, 2000
- Judge: Daily Record 2003 Innovator of the Year
Memberships & Activities
- Member, Board of Directors, Cybersecurity Association of Maryland
- Member, Advisory Board, Cyber Incubator, UMBC
- Affiliate Professor of Cybersecurity Law in the MBA Program at Loyola University Maryland
- Chair: IP Committee of MSBA Business Section (2000-2002) (Vice-Chair 1998-2000)
- Appointed by Governor Glendenning to Governor's Task Force on e-Commerce (1999)
- Board Member, Anne Arundel Tech Council (now known as Chesapeake Regional Tech Council) (2003-2007)
- Advisory Committee Member, Chesapeake Innovation Center (2003-2006)
- At WTP: Co-Chair, Clean Energy Technology Group; Co-Chair, Cybersecurity & Information Privacy Group; Co-founder, past-Chair and current member of Technology & IP Section
IP, Technology & Software Protection, Licensing, E-Commerce
Representative matters include advice and counsel to:
- A mobile switching center system developer in purchasing and sales, an including international resale arrangement with a Fortune 100 Company
- A developer in drafting and negotiating license and ASP leases for a complex scanning system, including a license to one of world's top-five media companies
- A developer of a cashless, Internet-based payment processing system
- A licensee of exclusive, worldwide distribution rights in an intelligent data system from a Fortune 500 company
- A digital wireless carrier in outsourcing arrangements, including 411 service, telemarketing & negotiation of international roaming agreements
- Various distance learning providers in negotiating licenses and delivery systems
- A wide range of clients with respect to numerous other tech-related legal issues, including privacy policies and compliance, file-sharing, music and video downloading, publishing, software development certification programs, electronic commerce, cyber-security, OS license compliance programs and other IP issues
Open Source and SaaS
Representative clients include:
- Numerous open source vendors, including:
- dbms vendor MySQL AB through $1 billion sale to Sun Microsystems
- Hypervisor vendor XenSource through $500 million sale to Citrix Systems;
- Network monitoring and systems management vendor Zenoss Inc.;
- Nonprofit owner of the Joomla! brands (Open Source Matters, Inc.)
- ASP, SaaS and Cloud Computing providers in development and negotiation of alliance, SLA, subscriber, user, file sharing, reseller and other agreements
Cyber Security and Information Privacy
Representative matters include advice and counsel to cyber security software developers, cloud-based service providers, and other organizations, including in connection with:
- compliance and mitigation strategies;
- licensing, IP, open source, government contracting and corporate issues
- security breach attempts (including via internal theft, phishing, SQL injection attacks, brute-force attacks and ransomware);
- cross-functional assessment, containment and response efforts;
- information security policies, including WISPs, incident response plans, disaster recovery policies, clean desk policies, and BYOD policies;
- statutory notification requirements
- review and analysis of data security- and privacy-related aspects of insurance policies
Representative clients include:
- a large, national trade association in connection with the defacement of its website and related data theft claimed by an international hacktivist collective
- a financial institution in connection with a ransomware incident
- an electronic payments trade association in connection with a serious phishing scam that used its famous brand to lure email recipients into downloading Zeus malware that infected 13 million computers worldwide.
- an organization whose former IT director exfiltrated the personally identifiable health information of thousands of customers
- the developer of unique tools which encrypt and shred data
Clean Energy Technology
Representative clients include:
- A manufacturer of regenerative electric propulsion system for sailboats
- A startup of first-ever, online electric energy marketplace for consumers
- A U.S. biodiesel processor seeking West African jatropha sources
- A processor converting of municipal solid waste to fuel
- The exclusive South American licensee of liquid fuel conditioning technology that improves combustion efficiency and reduces fuel consumption, without loss of power
- Owner and operator of plants that recycle human food waste into dried animal feed
- Licensor of technology used to manufacture, fabricate and assemble portable solar generators sold in Sub-Saharan Africa
- Owner of a system that optimizes the reheating cycle of electric water heaters by matching that use with small surges in power availability on the regional electric grid
- Drafted or negotiated license, distribution, development, manufacturing or other agreements in connection with assets or companies in many countries, including Australia, Barbados, Brazil, Canada, China, Ethiopia, Finland, France, Germany, Ghana, Hungary, India, Iraq, Israel, Italy, Japan, Kenya, Marshall Islands, Mexico, Norway, Singapore, South Africa, South Korea, Sweden, Switzerland, and United Kingdom
- Seconded to Ghana, West Africa for 3.5 years
NAPHSIS 2019 Identity & Security Conference - Legal Aspects of Data Sharing (November 2019)
Nonprofit Risk Management Center’s 2019 Risk Summit - Cyber Liability: Forming and Facilitating an Incident Response Team; Cyber Survivor – Surviving and Thriving in the Wake of a Data Breach Claim (October 2019)
Diocesan Fiscal Management Conference’s Annual Meeting - Navigating a Sea of Data Privacy + Security Risk (October 2019)
ASAE Annual Meeting & Exposition - A Primer for Understanding Your Association's Cyber Risk (August 2019)
Cybersecurity Association of Maryland, Inc. Maryland Cyber Breakfast Club - Risk Mitigation Strategies for Cybersecurity Product and Service Providers (June 2019)
Veterans Institute for Procurement - IP Risks and Protection When Doing Business Outside of the USA (June 2019)
bwtech@UMBC: European Privacy Invasion (GDPR) One Year In, California Privacy Takeover (CCPA) Six Months Out (May 2019)
Association of Commercial Financial Attorneys Continuing Legal Education Weekend - Navigating a Sea of Data Privacy + Security Risk (May 2019)
bwtech Executive Workshop for Int'l CyberSecurity Companies - What are the TOP Things a Foreign Company Should Know When Establishing a Business in the US? (April 2019)
ID Agent Webinar - Canadian-U.S. Legal Landscape (February 2019)
Edwards Project Solutions’ Cyberbytes Series - Cyber Realities In Corporate America Panel (January 2019)
bwtech@UMBC Cybertini, Baltimore, MD - Cybersecurity Issues in Healthcare (October 2018) (moderator)
Financial Executives International, Hunt Valley, MD - What Executives Need to Know About Cyber Security (June 2018) (speaker)
LeadingAge Maryland Finance & Strategy Symposium, Frederick, MD - What You Don't Know CAN Hurt You - Cybersecurity for Senior Living (November 2017) (presenter)
Association of Corporate Counsel, Baltimore, MD - Balancing Privacy Law Compliance with Safeguards Against Insider Data Security Threats, (May 2017) (presenter)
Panthera Technologies Seminar, Owings Mills, MD - The Roadmap to Sustained Security & Compliance: Overcoming the Challenges of Getting Started, (May 2017) (presenter)
ASAE’s 2017 Marketing, Membership & Communications Conference, Washington, D.C. - “Surviving and Thriving a Cyber Security Breach: A Guide for Membership, Marketing and Communication Association Executives” (May 2017) (presenter)
ASAE Law Symposium, Washington, D.C. – Compliance + Mitigation in a Sea of Data Security Risk (Oct. 2016) (panelist)
Katz Abosch Government Contracting Symposium, Arundel Preserve - Creating Marketplace Diversification with your Technology Service Offerings (Nov. 2016) (panelist with Spencer Wilcox and Dan Larkin)
CRTC Commercial Cyber Event – Insider Threats (Nov. 2016) (panelist with Mike Miller and Shawn Thompson)
Cyber Maryland, Baltimore - Good, Bad or Wacky? Recent Changes in Global Privacy & Security Laws (with Howard Feldman) (Oct. 2016)
CRTC Commercial Cyber Forum, Baltimore – Insider Threats (Nov. 2016)
BrightTALK Webinar - Privacy v. Security: Balancing Vulnerability Awareness & Incident Prevention (Oct. 2016) with Tim Vogel of Xtium and Kevin Lancaster of ID Agent
ALM cyberSecure, New York, NY – The Dark Web: A Black Market for Exploiting your Stolen Data (Sept. 2016) (moderator)
Risk Summit, Chicago, IL - Solving The Puzzle: How To Prepare For And Respond To Data Security Threats (Sept. 2016)
Retail Solution Providers Association, Grapevine, TX - Compliance + Mitigation in a Sea of Data Security Risk (Aug. 2016)
ASAE Association Law for Non-Lawyers, webinar – Data Security Breach Response Best Practices (May 2016)
Association Trends Finance Live, Washington, DC – Data Security Risk Management: How to Prepare for and Respond to Data Security Threats (May 2016)
Private Client Presentation – Panama Papers (April 2016)
Cybersecurity Association of Maryland + Chesapeake Regional Tech Council , Baltimore, MD – Identifying, Quantifying, Insuring & Mitigating Cyber Risk (April 2016) (with PSA Insurance, Ernst & Young LLP, and NFP Property & Casualty)
ASAE law Symposium, Washington, D.C. - Data Security Breach Response: Best Practices (Oct. 2015) (with DataStreet)
Association Trends Finance Live, Washington, D.C. – How to Find a Silver Lining in an AMS Cloud Contract (Sept. 2015)
ASAE Annual Meeting, Detroit, MI – Help! I’ve Been Hacked! (August 2015)
Association Trends, Webinar – Negotiating Association Software Contracts: Effective Business and Legal Strategies (May 2015)
Percona Live, Santa Clara, CA – Data Security - Emerging Legal Trends (April 2015)
Private Client Presentations, New York + Baltimore - GPL + LGPL Presentations for Executive Management (August 2014; Nov. 2014; April 2015)
Ft. Meade Alliance Industry Day, Baltimore – Commercial Cyber Discussion (March 2015) (with Exelon) (moderator)
bwtech@UMBC, Baltimore - The Startup Yellow Brick Road: Going from Service to Product Company (Feb. 2015) (moderator)
Private Presentations for Accounting Firms, Baltimore - Cyber Security for Accountants – (2014)
Association Execs, Webinar – Protecting Your Association’s IP (Dec. 2014) (with Jeff Glassie)
ASAE Law Symposium, Washington, D.C. - The Impact of Data Breaches, Cloud Computing, Tech. Contracts + Cyber Insurance (Oct. 2014) (with Spotkick)
PSA Insurance, Hunt Valley, MD – Understanding, Preparing for & Responding to Cyber Threats (Sept. 2014) (with Tangible Security)
Association Trends Finance LIVE: Technology Initiatives in Nonprofits, Washington, D.C. – Could this be You? (Sept. 2014)
NYSE Governance Services, Washington, D.C. – Thought Leadership Roundtable on Cyber Security (May 2014)
ASAE Tech Conference, Washington, D.C. - Understanding, Preparing for, and Responding to Legal Risks that Cyber Threats Pose to Associations and Nonprofit Organizations (Nov. 2013) (with APhA and Howard Feldman)
Corporate Board Member: The Board IT Challenge, Atlanta – Battling Cyber Crime: Do you Know your Enemy? (Oct. 2013)
ASAE Law Symposium, Washington, D.C. – Cybersecurity Threats + Legal Risks (Sept. 2013) (with NACHA and Howard Feldman)
Association Trends Finance Live, Washington, D.C. – An Update on Legal Issues in Technology (Sept. 2013)
bwtech@UMBC, Baltimore – Cybersecurity Threat Info. Sharing Executive Order (May 2013) (with NIST and others) (moderator)
Association of Corporate Counsel, Baltimore – Practical Lessons learned: An Overview of Cyber Law & Information Governance (Feb. 2012) (with Feldman)
Corporate Board Member: The Board IT Challenge, Chicago – An Overview of Cloud Computing Risks (Oct. 2012)
Cyber Maryland, Baltimore – Demystifying Cyber Policy: What Every Executive Should Know (Oct. 2012) (panel)
WTP Blog - Are Associations and Nonprofit Organizations the Next Big Target for Cyber Attacks? (Sept. 2012)
Cyber Security Summit, Baltimore Business Journal (2011)
International Information Privacy Compliance, eZ Systems Conference, Skein, Norway (2006)
Managing Success in a Post-9/11 World, techcenter@UMBC (2004)
Understanding Open Source & Its Business Implications, Greater Baltimore Tech Council (2004)
U.S. & Int'l IP Protection Strategies, Loyola College Exec. MBA Program (2005, 2004, 2003, 2002 & 2001)
Issues in Technology Contracting, Maryland Judicial Institute for Judges Assigned to Business & Technology Case Management Program (2003)
Whose Design Is it Anyway?, Whitmore Lunch & Learn Series (2003) & AIGA Seminar (2002)
Assessing & Managing Your IP Risk, Marsh/WTP Seminar (2002)
Open Source Software Licensing, U. Balt. School of Law (2002)
Maryland IP Law Update, U. Balt. School of Law (2001)
Emerging Privacy Laws (2001); Facets of Law as Applied to Technology, Loyola College Exec. MBA Program (2000 & 1999)
IP Issues in the Workplace, Lorman Seminar on Covenants Not to Compete (2000)
International IP & Technology Transfer Strategies, Ukraine Technopark Managers Course, Loyola College Int'l Technology Research Institute (2000)
Practical Legal Issues in e-Commerce, MICPEL Seminar (2000) (also, co-chair)
Facing E-Commerce Head On; International E-Commerce: Order Out of Chaos, IP Licensing Skills Workshop, WTP Technology and IP Legal Issues Workshop (1999)
Trademarks, Digital Signatures & Privacy Issues on the Internet, MSBA Annual Meeting, (1999)
Electronic Commerce and the New Millennium - Current Issues From a Practitioner's Perspective, U. of Baltimore School of Law IP Law Society (1999)
Strategies for Protection of U.S. IP; Webpage Do's & Don'ts; Fundamentals of Trademark Law, WTP Technology and IP Legal Issues Workshop (1998)
Electronic Commerce, MICPEL (1998)
IP Issues in the Workplace, WTP Employment Law Seminar (1998)
Computer Software Copyright Infringement Analysis and Resolution, IP Committee of MSBA Business Section (1998)
Selected Internet Domain Name and Jurisdiction Issues, IP Committee of MSBA Business Section (1997)
U.S. Trademark Registration Practice, full-day lecture to Chinese IP Lawyers and Judges (1996)
UCITA Spells Controversy, The Business Monthly (2001) and The Maryland Bar Journal (2000)
Kids Say The Darnedest Things, The Advocate, (1999)
Businesses May Get Burned By New Online Law, Baltimore Business Journal (1999)
The New Millennium: Don't Let It Bug Your Practice, TortSource (1999) and Bar Bulletin (1999)
Who's Minding The Store?; Protecting Your Company's Trade Secrets, The Business Monthly (1998)
The Internet: Spamming, Framing and Free Speech, The Maryland Bar Journal (1998)
Client Alert: OCR Issues Guidance About Sharing Patient Information and Telehealth Communications during Pandemic
The OCR has recognized that, during the COVID-19 national emergency, health care providers may seek to communicate with patients, and provide so-called “telehealth” services, through remote communications technologies. Some of these technologies, and the manner in which they are used by HIPAA-covered healthcare providers, may not fully comply with the requirements of the HIPAA Rules. However, in light of the national emergency, the OCR said that it will not impose penalties against covered health care providers for the lack of a HIPAA business associate agreement (“BAA”) with video communication vendors, or any other noncompliance with the HIPAA Rules that relates to the good faith provision of telehealth services during the COVID-19 nationwide public health crisis.
You may think that most cyberattacks happen to for-profit businesses and government agencies. But don’t be lulled into a false sense of security; when it comes to collecting and storing valuable data, many trade associations and nonprofits could give a like-sized corporation a run for its money.
Data privacy laws in much of the world apply regardless of industry, source or region. In contrast, the US features an alphabet soup of sector-specific federal data privacy laws. For example, the German-Leach-Bliley Act (GLBA) applies to financial institutions, the Health Insurance Portability and Accountability Act (HIPAA) applies to healthcare institutions, the Children's Online Privacy Protection Act (COPPA) applies to online businesses collecting information from children under age 13, the Family Educational Rights and Privacy Act (FERPA) and Protection of Pupil Rights Amendment (PPRA) apply to student records, the Driver Privacy Protection Act (DPPA) applies to motor vehicle records, and the Fair Credit Reporting Act (FCRA) applies to data collected by consumer reporting agencies. Stir in 50 US state and territorial data security laws governing data breach notice, security and destruction, and you get a complex thicket of data privacy and security laws.
Like most people in our tech-inundated world, you might be a bit numb to seemingly daily reports that yet another organization has been hacked. But, as an executive or employee of a nonprofit organization or association, you may have taken notice and some comfort in the fact that the lion’s share of those attacks appear to have been perpetrated on for-profit businesses and government agencies, like Sony, Citibank, Lockheed Martin, ADP, the FBI and the CIA.
As Google and Facebook and countless others have discovered, most netizens tend to be pretty blasé about privacy – until all of a sudden they aren’t. While we all love the detailed photo views on Google Maps, the revelation that Google’s camera cars were also sweeping WiFi networks as they captured those images was met with outrage. And, Facebook users seemed to carelessly love that app’s ability to track down long-lost friends, until last week it pulled friends’ phone numbers into a handy online directory “for you”.
59 lawyers from Whiteford, Taylor & Preston have been selected by their peers for inclusion in The Best Lawyers in America® 2018 (copyright 2017 by Woodward/White, Inc., of Aiken S.C.). The lawyers selected are based in the firm’s Maryland, Washington and Virginia offices. Client comments are posted on the U.S. News & Best Lawyers web site, at bestlawfirms.usnews.com.
In addition, two lawyers were selected as “Lawyer of the Year” for their particular areas of practice.
59 Whiteford, Taylor & Preston Attorneys Listed in Best Lawyers in America, 2017, Eight Named as "Lawyers of the Year"
Fifty-nine lawyers from Whiteford, Taylor & Preston have been selected by their peers for inclusion in The Best Lawyers in America® 2017 (copyright 2016 by Woodward/White, Inc., of Aiken S.C.). The lawyers selected are based in the firm’s Maryland, Washington and Virginia offices.
In addition, eight lawyers were selected as “Lawyers of the Year” for their particular areas of practice.
On February 4, Anthem, Inc., the second largest health insurer in the U.S., reported that hackers breached one of its IT systems and stole personal information relating to consumers and employees. Described as “very sophisticated,” the attack involved the records of an estimated 80 million people. While information accessed apparently did not involve medical information or credit card numbers, it did include such personally identifiable information as names, social security numbers, and income data.
Whiteford, Taylor & Preston is pleased to announce that 54 of its Maryland-based attorneys are listed among the 2014 Super Lawyers and Rising Stars.
The firm is particularly proud of the young lawyers who are recognized as “Rising Stars” and the three partners who received special recognition -- Edward Buxbaum and Dwight Stone in the Top 100, and Mary Claire Chesshire in the Top 50 Women.
Whiteford, Taylor & Preston is pleased to announce that 64 of its attorneys are listed among the 2013 Super Lawyers and Rising Stars in three states.
The firm is particularly proud of the young lawyers who are recognized as “Rising Stars”; the four partners who are listed in the Top 100 in Maryland – Edward Buxbaum, Edwin Fee, William Ryan, and Dwight Stone; and the 16 who are named for the first time this year.
Forty-Six Whiteford, Taylor & Preston Attorneys Named Super Lawyers and Rising Stars in Maryland; Five in Maryland Listed in “Top 100”
The firm is particularly proud of the five who are listed in the Top 100 in Maryland – Edward Buxbaum, Edwin Fee, Paul Nussbaum, William Ryan, and Dwight Stone. Selection of the Top 100 lawyers in a jurisdiction is strictly based on the highest scores in the Super Lawyer judging process, and Whiteford is one of the two firms with the most names on the list.
Whiteford, Taylor & Preston LLP (WTP) is proud to announce that 23 attorneys from three of WTP's five offices have been listed in Woodward White, Inc.'s The Best Lawyers in America® 2007.
Whiteford, Taylor & Preston LLP (WTP) is delighted to announce that Baltimore SmartCEO Magazine (SmartCEO) has selected six WTP attorneys for its list of Baltimore's Legal Elite.
"We're honored that our attorneys have been recognized for their skills, knowledge, and client dedication. While we've always known how fortunate we are to have them as part of the Whiteford family, we're very pleased to have this type of outside recognition," explained Martin Fletcher, a member of the firm's Management Committee.
Sixteen Whiteford, Taylor & Preston Attorneys Recognized in the Best Lawyers in America 2006 by Woodward/White
Whiteford, Taylor & Preston has become a Sustaining Sponsor of the Chesapeake Innovation Center LLC (CIC), the nation's first incubator focusing on homeland security technologies. Sustaining Sponsorsdonate a minimum initial contribution of $25,000 and an annual contribution of$5,000 to help fund new business formation in Anne Arundel County, Maryland.
Whiteford, Taylor & Preston L.L.P. is pleased to announce Pamela M. Conover, S. Keith Moulsdale, Dwight W. Stone, II, Brent C. Strickland and Steven E. Tiller have been elected partners. (All five new partners practice in the firm’s Baltimore office.)