Skip to main content

Financial Services IT 2014: Avoidance of Risk

Speaker(s): Ajay Ayyappan, Andrew Wels, Brian E. Finch, Dennis Conley, Iris Schwartz, Jane Shahmanesh, Jason Klitenic, John Gliedman, Jonathan A. Damon, Louis G. Ricciardi, Richard Raysman, Robert M. Finkel, Robin L. French, Ronald Abramson, Steven B. Roosa
Recorded on: May. 21, 2014
PLI Program #: 56242

Steven B. Roosa is a partner in Holland & Knight's New York office and co-chair of the Data Privacy and Security Team. He is also a fellow emeritus at the Center for Information Technology Policy (CITP) at Princeton University. His practice focuses on advising companies on a wide spectrum of technology and legal issues pertaining to privacy and data security. Representative issues include: mobile app privacy compliance; leveraging anonymity solutions to help clients safely unlock the value of large data sets; Internet tracking; web security; geo-fencing; data breach and incident response; Children's Online Privacy Protection Act (COPPA); Computer Fraud and Abuse Act (CFAA); FTC compliance; privacy considerations of modified network protocols; California best practices for websites and mobile apps; compliance with wiretap statutes and the Electronic Communications Privacy Act (ECPA); public-key infrastructure (PKI); certification authority matters pertaining to online trust; and web-based reputation and defamation issues.

Mr. Roosa's day-to-day practice includes helping companies better understand the privacy profile of their websites and mobile apps and translating that knowledge into actionable risk management options. He has helped infuse the Holland & Knight Team with a tech-focused approach in which law firm privacy counseling to clients includes:

  • proxying network traffic
  • analyzing the use of unique device identifiers for iOS, Android, and Windows 8 platforms
  • reviewing the privacy profiles of websites and mobile apps;
  • cataloging and evaluating the privacy characteristics and risks associated with third party hosted solutions, advertisers, and analytics companies
  • using specialized software and tools to understand the tracking implications of local storage
  • conducting cookie audits
  • providing advice on offensive and defensive cybersecurity measures

Because privacy and security matters often relate directly to a company's industry-specific, core business model or threat landscape, Mr. Roosa actively partners with Holland & Knight's national caliber attorneys and professionals in the following areas:

  •  intellectual property
  • energy
  • venture capital funding
  • legislative affairs
  • mergers and acquisitions
  • healthcare and life sciences
  • crisis communications
  • financial services industry

In the courtroom, Mr. Roosa represents a diverse array of companies in matters relating to consumer protection, online defamation, commercial disputes, and state and federal administrative law. He also works extensively on defending putative class actions involving Flash cookies and has been instrumental in obtaining voluntary dismissals for three large clients in these recent proceedings.

Typical clients include Fortune 500 corporations, privately held companies, large retailers, technology companies and nonprofit entities.

Mr. Roosa is the co-author of "Trust Darknet: Control and Compromise in the Internet's Certificate Authority Model," appearing in the May 2013 issue of the IEEE's Internet Computing. He is also a regular contributor to Holland & Knight's Privacy Blog.


Privacy-Related Class Action Litigation Defense and Regulatory Defense: represented companies in relation to FTC inquiries, Civil Investigative Demands (CIDs), subpoenas and investigations

Privacy-Related Class Action Litigation Defense and Regulatory Defense: represented companies in litigation resulting from data breach and security incidents

Privacy-Related Class Action Litigation Defense and Regulatory Defense: represented companies in relation to state attorneys general inquiries, Civil Investigative Demands (CIDs), subpoenas and investigations

Privacy-Related Class Action Litigation Defense and Regulatory Defense: represented mobile app companies in relation to privacy-related class action

Technical and Specialized Engagements: for large communications company, conducted quarterly website reviews, analyzing network traffic and assist in developing controls and revising disclosures

Technical and Specialized Engagements: for numerous companies including mobile app developers, conducted deep-dive mobile app privacy reviews, analyzing network traffic and assisted in developing controls and disclosures

Privacy-Related Class Action Litigation Defense and Regulatory Defense: represented several companies in class action litigation related to the use of cookies and flash cookies General Compliance and Corporate Governance: provided advice to large retailers with respect to geo-fencing projects

General Compliance and Corporate Governance: provided strategic advice and counsel on local, national and international privacy and data protection and data transfer laws for numerous companies

Contracting and Due Diligence: for numerous companies, negotiated service level agreements in a range of privacy and security-related circumstances, including those related to data centers,  cloud computing services, IT outsourcing and PCI-DSS compliance

General Compliance and Corporate Governance: assisted numerous companies in drafting,

design and implementation of internal company policies, including information security, data and records management and retention, data classification and handling, device management and Bring Your Own Device policies, codes of conduct, white papers, marketing materials, vendor white lists and internal policies on Internet tracking

General Compliance and Corporate Governance: provided counseling for large communication provider, software companies and mobile app developers with respect to issues pertaining to security, encryption and authentication

General Compliance and Corporate Governance: provided advice to numerous companies with respect to the use of geo-location information

General Compliance and Corporate Governance: developed privacy training programs


Honors & Awards
Outstanding Lawyer, Nightingale's Healthcare News, 2009 Top 40 Under 40, New Jersey Law Journal, 2008


The Most Important Issue Involving Superfish Isn’t Superfish, Holland & Knight Privacy Blog, February 26, 2015

Lab Tuesday - How Not to Use iOS’s Identifier for Advertising (IDFA/IFA), Holland & Knight Privacy Blog, February 10, 2015

BBB Issues OBA Warning: What You Should Know and What to Do About It, Holland & Knight Privacy Blog, December 19, 2014

EU Cookie Sweep Initiative, Holland & Knight Privacy Blog, September 23, 2014

Why Are Companies Getting Sued Under the Video Privacy Protection Act?, Holland & Knight Alert, September 16, 2014

Why Are Companies Getting Sued Under the Video Privacy Protection Act?, September 16, 2014 Getting to the Real Issue on the Senate Subcommittee's Advertising Report, Holland & Knight Privacy Blog, May 15, 2014

Getting a Handle on VPPA Risk - A Data Driven Approach, Holland & Knight Privacy Blog, May 12, 2014

FTC Changes COPPA FAQ to Provide New Guidance on Consent and Data Collection in Educational Settings, Holland & Knight Privacy Blog, April 24, 2014

More Permissive Standard for Standing in Plaintiffs' Data Breach Suits, Holland & Knight Privacy Blog, April 23, 2014

FTC Provides Guidance on Obtaining Parental Consent under COPPA, Holland & Knight Privacy Blog, April 14, 2014

Heartbleed - A Picture is Worth a Thousand Words, Holland & Knight Privacy Blog, April 11, 2014 Heartbleed SSL/TLS Vulnerability, Holland & Knight Privacy Blog, April 10, 2014

Three Important TCPA Developments, Holland & Knight Privacy Blog, April 10, 2014

How Much Does Cybercrime Threaten Latin American Companies?, Inter-American Dialogue Financial Services Advisor, March 20-April 2, 2014

Where the Real Danger Lies: Media Focuses on a Real Concern But Misses the Key Point on "Flashlight Free" FTC Settlement, Holland & Knight Privacy Blog, December 9, 2013

The New COPPA FAQ's Clarify "Actual Notice" and the Responsibilities of 3rd Parties, Holland & Knight Privacy Blog, July 26, 2013

The FTC’s HTC Action: The Most Significant FTC Case in 5 Years, Co-Author, Holland & Knight Privacy Blog, March 1, 2013

Nothing Personal: Multiple Mobile Best Practices, and the Many Changing Faces of Personal Information, Co-Author, Holland & Knight Privacy Blog, February 19, 2013

Mobile App Privacy: The Hidden Risks, Co-Author, Practical Law Company, January 31, 2013 A Critical Appraisal of California AG’s "Privacy to Go" Best Practices for Mobile Apps, Holland & Knight Privacy Blog, January 14, 2013

The New COPPA Rule Announced Today: Big Changes Handed Down by the FTC, Co-Author,

Holland & Knight Privacy Blog, December 19, 2012

The Center for Digital Democracy Urges FTC to File Complaint Against Mobbles, Holland & Knight Privacy Blog, December 12, 2012

FTC Announces COPPA Enforcement Campaign with Second Report on Kids' Apps, Holland & Knight Privacy Blog, December 10, 2012

The NSA and Cybersecurity, Holland & Knight Privacy Blog, December 5, 2012

Study Criticizing Android Apps Was Pretty Lame, Co-Author, Law360, December 3, 2012

Safe Prediction for 2013: Significant Expansion of Mobile App Regulation (FDA and COPPA), Co- Author, Holland & Knight Privacy Blog, November 28, 2012

Tough Cop at the FTC: Commissioner Brill Gives Insight On COPPA Rule and Enforcement,

Holland & Knight Privacy Blog, November 21, 2012

Privacy Candy From Apple, Holland & Knight Privacy Blog, November 19, 2012

FTC Publishes New Privacy Guidelines for Mobile Apps, Co-Author, Holland & Knight Digital Technology & E-Commerce Blog, November 15, 2012

Insights From A Scandal: The Fundamentals Of On-Line Security And Privacy, Holland & Knight Privacy Blog, November 14, 2012

Study Criticizing Android Apps Was, Well, Pretty Lame, Holland & Knight Privacy Blog, November 12, 2012

Think You Won’t be Covered by the New COPPA Rule? Think Again!, Holland & Knight Privacy Blog, November 9, 2012

Corporate Privacy Compliance Becomes More Tech-Focused, Holland & Knight Privacy Blog, November 5, 2012

Complying with the California Attorney General's Statement on Mobile Apps: Don't Rely on Website Privacy Policies, Holland & Knight Alert, November 2, 2012

Complying with the California Attorney General's Statement on Mobile Apps, Holland & Knight Privacy Blog, November 2, 2012

Privacy and Security in Mobile Apps, the Cloud, and the Internet of Things: The Role of In-House Counsel in Mitigating New Class Action and Regulatory Risks, Co-Author, October 1, 2012

COPPA May Now Apply to You: FTC Proposes Additional Revisions to Children's Online Privacy Protection Rule and Seeks Public Comment, Holland & Knight Alert, August 9, 2012

The New Corporate Approach To Privacy Compliance, Co-Author, Law360, July 31, 2012

SSL Hacked: 2011 Proved That The Enterprise Can't Rely On Encrypted Communications; But Corporate Counsel Can Champion a Fix, Corporate Counsel,, September 28, 2011

Information Security and Privacy: A Practical Guide for Global Executives, Lawyers, and Technologists, Science and Technology Law Section, American Bar Association, February 17, 2011

The Flawed Legal Architecture of the Certificate Authority Trust Model, Freedom to Tinker Blog, December 15, 2010

The Devil Is in the Indemnity Agreements: A Critique of the Certificate Authority Trust Model's Putative Legal Foundation, Presentation to the Center for Information Technology Policy at Princeton University, December 9, 2010

The 'Certificate Authority' Trust Model for SSL: A Defective Foundation for Encrypted Web Traffic and a Legal Quagmire, Intellectual Property & Technology Law Journal, Vol. 22, No. 11, November 2010

Encryption Is Not Enough: Why It's Time for General Counsel to Weigh In on Authentication Practices Associated With Secure Communications, e-Commerce Law Report, Vol. 12, Issue 11, West Publications, November 2010

The Next Generation of Artificial Intelligence in Light of In re Bilski, The Intellectual Property & Technology Law Journal, Vol. 21, No. 3, March 2009


Speaking Engagements
Mobile Apps and Network-Aware Devices: Legal Exposure in the Collection of Data and What to Do About It, AdvaMed Webinar, November 4, 2014

IP Trademark, Copyright & Licensing Counsel Forum, Cyber Security Risks that Threaten Corporate Intellectual Property and Client Confidentiality, October 28-29, 2014

Financial Services IT – Avoidance of Risks, Information Security Issues, Practising Law Institute, May 21, 2014

IP Trademark, Copyright & Licensing Counsel Forum, Moderator, Mobile Apps and Privacy: The Hidden Risks, October 22, 2013

Compromise and Control at the Perimeter of the Network: Online Trust, Mobile Security and Mitigating Risk in Mergers and Acquisitions, Moderator, North Virginia Technology Council General Counsel Committee Event, June 7, 2013

How to Prepare for New Corporate Cybersecurity Risks, Holland & Knight Webinar, May 15, 2013 Mobile Privacy and Security, The Current Regulatory Landscape and New Risk Threat Model, April 16, 2013

Mobile Privacy and Monetization: Risks and Opportunities in the Era of Networked Data, L2 Blog Social CRM Clinic, April 4, 2013

Data Security and Data Breaches: How to Avoid an Attack and Be Prepared When One Strikes & Observations from a Fortune 500 General Counsel, ACC and Holland & Knight Panel, March 20, 2013

COPPA Boot Camp - Practical Steps Towards Compliance, January 28, 2013

Privacy and Security in Mobile Apps, the Cloud, and the Internet of Things: The Role of In-House Counsel In Mitigating New Risks, Association of Corporate Counsel, Northeast Chapter, October 3, 2012

Mobile Security & Privacy Best Practices, Online Trust Alliance's Forum, October 1-4, 2012


Rutgers University School of Law-Camden, J.D. Cornell University, B.A.

Bar Admissions
New Jersey New York

District of Columbia

Brian Finch is a partner in the law firm’s Public Policy practice and is based in Pillsbury’s Washington, DC office. Named by Washingtonian magazine in 2011 as one of the top 40 federal lobbyists under the age of 40 and by Law360 as one of its “Rising Stars” in Privacy Law in 2014, Brian is a recognized authority on global security matters. He specializes in counseling on regulatory and government affairs issues involving the Department of Homeland Security, Congress, the Department of Defense, and other federal agencies. Brian in particular focuses his practice on assisting clients with matters involving cyber security, national defense and intelligence policies, homeland security concerns, and in general providing proactive advice to mitigate liability in the event of a significant security incident.

Areas of Concentration

Brian is a leading authority on the SAFETY Act, a federal statute that can provide liability protection to companies following a terrorist or cyber attack. He has helped prepare over 100 applications for such protections, including for services and technologies such as security guards and vulnerability assessments to software programs and security screening devices. He also testified twice before the U.S. Congress on matters related to the SAFETY Act, and writes regularly about its practical application for business.

Brian is recognized as a leading legal authority on matters related to cyber security, including the legal and policy challenges associated with the consequences of companies suffering a cyber attack, as well as the steps that can be taken to help mitigate the risk of attack as well as post-event litigation.

Brian also regularly advocates on behalf of companies seeking to ensure that federal agencies have sufficient funding for contract vehicles in which they participate.
Brian has represented a wide variety of clients on security matters, including Major League Baseball, FireEye, Inc,, the American Gas Association, the American Public Power Association, the Edison Electric Institute, the National Rural Electric Cooperative Association, Honeywell International, L-3 Communications, Emgerent BioSolutions, Washington Gas, Brookfield Office Properties, G4S, and McAfee Inc.


Prior to joining Pillsbury, Brian practiced with two Washington, DC law firms and worked as a legal intern with the Office of Chief Counsel of the Drug Enforcement Administration, U.S. Department of Justice.

Professional Activities

Brian is a senior advisor to the Homeland Security and Defense Council, serves the National Center for Spectator Sports Safety and Security’s advisory board, and as an inaugural Senior Fellow at George Washington University’s Homeland Security Policy Institute. Brian is a professorial lecturer in law at The George Washington University Law School, where he co-teaches homeland security law and policy.

Brian regularly speaks and writes on security issues. He has cyber security blog on The Huffington Post, a regular cyber security column on the Fox Business website, and appears regularly on cable news as a security expert. He also has authored or co-authored articles for the Wall Street Journal, Politico, The Hill, National Journal, The Washington Times, and other publications.

Honors & Awards
  • Law360 – Rising Stars, April 2014
  • Washingtonian 40 Lobbyists Under 40, March 2011
Speaking Engagements

Information Security Issues, Practising Law Institute Financial Services IT 2014: Avoidance of Risk Seminar, May 21, 2014

Cybersecurity: Progress and Challenges to Keep Your Co-Op Safe, National Rural Electric Cooperative Association Legal Seminar 54, May 20-21, 2014

Cultivating Ethics: Mitigation Vulnerability to Cyber and Data Security Threats in Order to Maintain Client Confidentiality, Virtual LegalTech, May 15, 2014

Insight on Cyber Security Strategies, Cyber Security and Countering Corporate Espionage Symposium, May 1, 2014

Surviving the Cyber Tsunami: Cybersecurity Worries and Opportunities for Security Contractors, 2014

Security Industry Association Education@International Security Conference and Exposition West, April 2, 2014

Dennis Conley, Managing Partner, Transition Partners

Mr. Conley is a managing partner with Transition Partners, a management consultancy headquartered in Reston, Virginia. He is a senior business and information technology executive and transformation leader with over 20 years of broad corporate and consulting experience. His extensive background and experience covers such areas as mergers and acquisitions, outsourcing, business development, technology management, organization development, business and strategic planning, and leadership training. Recently, he has been providing strategic advice for multiple merger and acquisition activities. He has directed over dozens of business process and information technology sourcing transactions valued in range from $1 million to over $250 million per year.

Jane Shahmanesh is a Managing Director with Adherence Consulting Group, which provides outsourced regulatory compliance, general counsel and operational services to asset managers and broker-dealers.  Prior to Adherence, Jane worked as an in-house legal and compliance lawyer for a Who’s Who of financial institutions - including Lehman Brothers (where she counseled the bankrupt entity’s derivative unwind),  Goldman Sachs & Co. (where she ran a division of their Compliance Department), Credit Suisse (where she was the interim legal manager for CSAM and its hedge fund businesses), Citibank (where she was the General Counsel to the Private Bank), and Deutsche Asset Management (legacy Bankers Trust)(where she supervised the legal and compliance department).  

She was also a Partner at McGuireWoods, LLP, one of the nation’s largest law firms. 

Jane currently teaches regulatory compliance at Pace Law School

She has a BA from Barnard College and a JD from American University.

Ronald Abramson is an IP litigator with Lewis Baach Kaufmann Middlemiss in New York.

Ron’s practice involves litigation in the areas of patent infringement, copyright infringement, trademark infringement and anti-counterfeiting, and trade secret misappropriation.

He has practiced extensively in areas involving computer software, telecommunications networks and equipment, as well as entertainment and brand-related IP and general commercial litigation.

Mr. Abramson is past Chair of the Committee on Patents of the New York City Bar Association, and also a past Chair of Association’s Committee on Computer Law.

John Gliedman is an Assistant General Counsel with Conduent, a BPO provider and parent company of Buck Consultants.  His primary expertise is negotiating services arrangements for digitized employee benefits delivery, and related consulting, to a wide variety of corporate users.

Robert Finkel is a partner in the Corporate Practice Group, the Chair of the firm’s Outsourcing Practice and a member of the FinTech Group. Mr. Finkel has more 30 years of experience in private practice representing leading international corporations and financial institutions in complex commercial transactions with a particular focus on technology and outsourcing. Over the course of his career, he has represented clients in more than 100 major outsourcing transactions, across a wide variety of industries and types of transactions.

Mr. Finkel is consistently recognized by Chambers USA: America's Leading Lawyers for Business for his nationwide outsourcing and New York technology and outsourcing practices, and we was recognized as a "Leading Lawyer" in media, technology and telecoms outsourcing by The Legal 500 United States in 2019 and 2020. He was also named to the inaugural Legal 500 US Hall of Fame list in 2017. Mr. Finkel is widely regarded by outside observers as being one of the leaders in the profession.

Mr. Finkel has published on a broad range of corporate, outsourcing and technology issues in such publications as the M&A Lawyer, the Computer Lawyer, Cyberspace Lawyer, the Journal of Internet Law, Intellectual Property Today, E-Commerce Adviser, Global eCommerce, Director's Monthly and the National Law Journal, among others.

Mr. Finkel received a BA from the University of Pennsylvania, MA from Columbia and JD from Stanford University.

Mr. Finkel is a recent member of the Stanford Law School Board of Visitors. He is an adjunct professor at New York Law School, where for the past several years he has instructed an advanced seminar course on Corporate Governance. Prior to attending law school, Mr. Finkel served as an aide to the late United States Senator from New York, Daniel Patrick Moynihan.

Richard Raysman is a partner in the New York office of Holland & Knight.  Richard has been selected by Chambers as one of America's leading technology lawyers, and he is a regular guest columnist for The Wall Street Journal Technology Section.  He has represented clients in billions of dollars of outsourcing transactions, and he has litigated reported cases for the New York state and federal courts including Internet and licensing disputes.  Richard writes a monthly column for the New York Law Journal on "Technology Law".  He is a graduate of M.I.T. and prior to practicing law, he was a Systems Engineer for IBM Corporation for six years.

Ajay Ayyappan is the Acting General Counsel and Corporate Secretary of ExlService Holdings, Inc.  

He is responsible for managing EXL’s Legal department, which includes, acting as the Corporate Secretary to the Board of Directors, managing corporate governance, oversight and negotiation of all mergers and acquisitions, SEC and NASDAQ compliance and reporting, negotiation of customer, vendor and partnership agreements, litigation oversight and all other legal matters.  Ajay joined EXL in March, 2007 as an Assistant General Counsel and AVP.

Prior to joining EXL, Ajay was a Corporate Associate at the New York offices of Morgan, Lewis & Bockius LLP where he was responsible for mergers and acquisitions. 
He holds a B.A. degree from Binghamton University where he graduated magna cum laude, and a J.D. from the Fordham University School of Law where he was an Editor of the Law Review.


Jonathan A. Damon is an Associate General Counsel at MetLife, heading up the Intellectual Property and Global Technology Unit. He is responsible for overseeing the legal aspects of the intellectual property portfolio of MetLife and its affiliates. In addition, he assists MetLife’s Global Tech and Ops group with the implementation of enterprise-wide platforms and systems. Prior to joining MetLife in 2012, Jon was a partner at Dewey & LeBoeuf, LLP in its IP/IT Department. Jon holds a J.D. from Columbia School of Law and a B.A. from Amherst College.

Robin French is currently Senior Counsel to KPMG International Cooperative, the coordinating firm of the worldwide KPMG network. Ms. French, a graduate of the University of Michigan Law School, began her career as a corporate associate at Cahill, Gordon and Reindel and was Assistant General Counsel at Scholastic, Inc, the children’s book publisher. Her areas of practice include global agreements for various services including technology, intellectual property, and general corporate advice, utilized by the 155 member firms and over 150,000 employees in the KPMG network.