Rick Borden

Rick Borden is a partner in the Privacy & Data Security Group. With decades of experience both at firms and in-house, Mr. Borden translates privacy and data security requirements into budget-friendly operational solutions, advises on risk management, audits and incidents, and helps clients commercialize data and innovation.

Mr. Borden regularly represents FinTech, InsurTech, Software as a Service (SaaS), cloud computing, and other tech-forward companies on technology transactions, and privacy and data security issues. With a laser focus on data flows and a full understanding of operations, IT and the legal landscape, he translates complex risk discussions into plain English, and right-sizes mitigation strategies so that they fit with corporate budget and staffing limitations. Mr. Borden’s experience on both the customer and vendor side enables him to advise general counsel, boards of directors, and CEOs, CIOs, CTOs and other C-Suite executives on risk and incident response. He also interfaces with technology departments, advising them on how technology implementations and programs may expose companies to risk. Mr. Borden’s skill-set and experience is unique.

With comprehensive knowledge of fast-evolving state and federal regulation, Mr. Borden advises clients on data compliance programs, audits, and government compliance reviews. He drafts privacy policies and cybersecurity compliance documents, and assesses data sharing, protection and the collection and use of employee and consumer personal data. He works with clients to develop bring-your-own-device and mobile computing policies and provides privacy and data protection legal analysis and compliance counseling. In his data breach practice, he regularly advises on investigations, insurance coverage and claims, reporting and notification, and post-breach penalties and audits. He is currently helping clients comply with the New York State Department of Financial Services Cybersecurity Regulation, SEC Cybersecurity Rules and enforcement, the wave of new state privacy laws coming out of California, Virginia, Colorado, Utah, and Connecticut, and emerging issues with new Consumer Financial Protection Bureau rules for digital marketing agencies.

Mr. Borden understands that data is often a company’s most significant asset, and he represents clients structuring long-term collaborations to develop and commercialize their data and innovation. This experience includes artificial intelligence, SaaS and cloud contracting; data monetization agreements, joint ventures and strategic alliances; dispute avoidance and dispute resolutions relating to outsourcing; and blockchain, encryption and cryptography initiatives.

A well-known thought leader in data governance, cloud computing, SaaS, and the Internet of Things, Mr. Borden speaks and writes about these topics regularly and was named a JD Supra Readers' Choice Awards Top Author for cybersecurity. He has taught courses on information governance, cyber warfare and cybersecurity at the University of Connecticut School of Law, Benjamin N. Cardozo School of Law, and Rutgers Law School. He serves on the Board of Editors of the Journal of Law and Cyber Warfare and is a Senior Advisor to the RANE Networks. In addition to his work for law firms, corporations, and schools, Mr. Borden is also an inventor who holds several patents related to insurance claims processing and medical monitoring via mobile devices.

Mr. Borden’s representative matters include:

  • Structuring loans of up to $250M using data and cloud infrastructure as collateral.
  • Representing a Registered Investment Advisor in a major cybersecurity investigation by the New York State Department of Financial Services.
  • Negotiating a SaaS agreement for transaction reporting for a blockchain-based gold purchasing platform.
  • Representing a major FinTech company in a third party cybersecurity incident and related securities disclosure.
  • Drafting comments to SEC Cybersecurity Rules.
  • Drafting comments for the insurance industry on CPRA Rules.
  • Drafting and implementing information security programs under GDPR.
  • Developing cybersecurity policies, and training, awareness, monitoring and testing programs for a financial services corporation.
  • Restructuring the privacy department for a major corporation.

Prior to joining Frankfurt Kurnit, Mr. Borden held senior positions at major law firms, and in-house legal and technology positions at companies including Bank of America, The Hartford, ORock Technologies, and the Depository Trust & Clearing Corporation, among others.

He is admitted to practice in New York and Connecticut.

awards & recognition

JD Supra Readers' Choice Awards Top Author (Cybersecurity)

education

New York University School of Law (J.D., 1990)

Amherst College (B.A., 1987)

Upcoming Speaking Engagements

Weathering the Storm: Insights on the SolarWinds Wells Notice

Rick Borden is a speaker during the webinar, "Weathering the Storm: Insights on the SolarWinds Wells Notice” hosted by Thomson Reuters (WestLegalEd), Global Cyber Institute, Legal Cyber Academy, and Lexeprint.

October 4 2023

FAIRCON23

Rick Borden is a speaker during the roundtable discussion, “Meeting the Requirements of the New SEC Rule” at the FAIR conference in Washington, DC. Details here.

October 18 2023

Investigating Third-Party SDKs – An Overview and Practical Steps to Reduce Risk

Rick Borden and Daniel M. Goldberg present, “Investigating Third-Party SDKs – An Overview and Practical Steps to Reduce Risk” at the Privacy+Security Forum’s Fall Academy. Read more.

November 10 2023

Steps to Comply With The New SEC Public Company Cybersecurity Rules and What May Come Next

Rick Borden presents, “Steps to Comply With The New SEC Public Company Cybersecurity Rules and What May Come Next” the Privacy+Security Forum’s Fall Academy. Read more.

November 10 2023

Past Speaking Engagements

What the New SEC Regulation on Cyber Reporting Means for the Risk Management Profession

Rick Borden is a speaker during the webinar, “What the New SEC Regulation on Cyber Reporting Means for the Risk Management Profession” hosted by the FAIR Institute. View the recording here.

August 8 2023

Privacy + Security Forum: Spring Academy 2023

Rick Borden is a panelist during the session, "Cyber Insurance Trend and Predictions; Evolving Threats, Policy, and Technology" hosted by The Privacy + Security Forum's Spring Academy. Read more.

May 11 2023

Frankfurt Kurnit’s Tech Law Summit

Please join us for Frankfurt Kurnit's inaugural Tech Law Summit at our offices in downtown Manhattan on Thursday, May 4, 2023. The event will be held in person only, and space is limited. Read more.

May 4 2023

How Much Data Risk Are Governments and Businesses Sitting On Today?

Rick Borden is a speaker during the fireside chat, “The Importance of Data Security for Government Agencies & Businesses” hosted by Evolver LLC and Galaxkey at the British Embassy in Washington DC. Read more.

April 19 2023

Does ChatGPT Belong On Your Cyber Risk Register? Some Legal Perspectives

Rick Borden is a panelist during the discussion, “Does ChatGPT Belong On Your Cyber Risk Register? Some Legal Perspectives” hosted by Spirion and SecureWorld. Read more.

March 30 2023

Craft Your Incident Response Strategy With Tips From Top Industry Experts

Rick Borden is a panelist during the discussion, “Craft your Incident Response strategy with tips from top industry experts” hosted by Google Cloud. Read more.

March 28 2023

Navigating the Evolving Cyber Regulatory Landscape

Rick Borden is a panelist during the webinar, “Brave New World: Navigating the Evolving Cyber Regulatory Landscape” hosted by RANE network. Read more.

February 28 2023

What Newly Proposed Cybersecurity Regulatory Requirements Mean for the Board

Rick Borden is a panelist during the webinar, “What Newly Proposed Cybersecurity Regulatory Requirements Mean for the Board” hosted by CohnReznick and the Association for Data and Cyber Governance. Read more.

February 23 2023

Potential Pitfalls of Cloud Computing Part 2

Rick Borden is a speaker during the webinar, “Potential Pitfalls of Cloud Computing in eDiscovery” hosted by Thomson Reuters (WestLegalEd), Global Cyber Institute, and Lexeprint.

February 9 2023

Cybersecurity, Privacy and Data Protection

Rick Borden is a panelist during the New York City Bar program, “Cybersecurity, Privacy and Data Protection.”

January 31 2023

Potential Pitfalls of Cloud Computing Part 1

Rick Borden is a speaker during the webinar, “Potential Pitfalls of Cloud Computing” hosted by Thomson Reuters (WestLegalEd), Global Cyber Institute, and Lexeprint.

December 1 2022

Global Legal ConfEx: GRC, Data Privacy & Cyber Security

Rick Borden is a speaker during the Global Legal ConfEx: GRC, Data Privacy & Cyber Security event. Details here.

November 17 2022

Consumer Privacy: What You Need to Know About the New State Privacy Laws

Rick Borden presents, "Consumer Privacy: What You Need to Know About the New State Privacy Laws (Part 1 and Part 2)" at the ANA Masters of Advertising Law Conference in Hollywood, Florida.

November 8 2022

NAIC 2022 Insurance Summit

Rick Borden presents, “Inside AI: An Interactive Demonstration (with Cybersecurity and Privacy)” at the National Association of Insurance Commissioners Summit in Kansas City. Read more.

September 21 2022

news & press

Six Steps to Help Your Team Comply with the New SEC Public Company Cybersecurity Rules

On July 26, 2023, the Securities Exchange Commission (“SEC”) approved final Rules entitled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (the “Rules”). The Rules require certain cybersecurity incident disclosures on Form 8-K, generally within 4 business days after the determination that a cybersecurity incident is material. Read more.

NYDFS Changes Its Cybersecurity Regulation Requirements Through Enforcement – Again

Rick Borden wrote the article, “NYDFS Changes Its Cybersecurity Regulation Requirements Through Enforcement – Again” published in Cybersecurity Law ReportRead more.

Five Action Items to Help You Prepare for the Wave of Privacy Enforcement Starting July 2023

Mark your calendars - July 2023 is an important month for US privacy enforcement. Read more.

Mondaq Thought Leadership Awards – Spring 2023

Rick Borden and Saphya Council are recognized as Mondaq Thought Leading Authors for Data Protection in the United States. Their article, “New York's Proposed New Cybersecurity Regulations Will Mandate Big Changes For Many Businesses” was one of the most viewed of the last 6 months. View Article

5 Issues For Execs To Consider In SEC Cyber Rule Proposals

Rick Borden wrote the expert analysis column, “5 Issues For Execs To Consider In SEC Cyber Rule Proposals” published in Law360Read more.

Data Breach Settlement: Manufacturing Company to Pay $1.75M to Employees

InformationWeek quotes Rick Borden on the class action lawsuit filed against manufacturing company, Parker Hannifin related to a March 2022 data breach. Read more.

Washington “My Health My Data” Act Dramatically Alters Health Data Compliance Landscape

Washington State’s My Health My Data Act (“the Act”) introduces a sweeping set of obligations for nearly all entities that do business in the state and that handle “consumer health data,” a broad new class of health-related data separate from that regulated by the federal Health Insurance Portability and Accountability Act (“HIPAA”). Read more.

5 Pointers For Game Cos. Facing Calif. Kids Privacy Law

Rick Borden and Emma Smizer wrote the expert analysis column, “5 Pointers For Game Cos. Facing Calif. Kids Privacy Law” published in Law360Read more.

CPRA Regs: 8 New Obligations You Need to Know

On February 14, the CPPA, California’s new privacy regulatory agency, filed the first part of its proposed final CPRA Regs with California’s Office of Administrative Law (OAL). Read more.

Crypto Hack Lawsuits Rise as Theft Victims Try Untested Claims

Bloomberg Law quotes Rick Borden on arbitration provisions relating to lawsuits filed against cryptocurrency exchanges, digital wallet providers, and mobile service companies following cyberattacks. Read more.

Cyber Security Regulatory Risk Management 

Rick Borden and Saphya Council wrote the article, “Cyber Security Regulatory Risk Management” published in the Jan-March 2023 issue of Risk & Compliance magazine. View Article

Hottest Firms and Stories on Law360 November 2022

Law360 lists Rick Borden’s article, “NY Data Breach Penalty Expands Regulatory Requirements” as one of the top 10 most read expert analyses the week of November 4th. View Article

New York Regulator Says Even One Access Control Failure Can Invalidate Years of Compliance Certifications

The New York Department of Financial Services (“NYDFS”) recently entered into a Consent Order (the “Consent Order”) with EyeMed Vision Care LLC (“EyeMed”) over violations of the agency’s Cybersecurity Requirements (23 NY CRR Part 500) (“Part 500”). Read more.

Attorneys ‘On the Move’

The New York Law Journal covers Rick Borden’s move to partner in our Privacy & Data Security Group in its announcement of recent hirings and promotions of New York attorneys. View Article

Crain’s New York Business: People on the Move

Crain’s New York Business covers Rick Borden’s move to Frankfurt Kurnit as a partner in the Privacy & Data Security Group. View Article

Frankfurt Kurnit Adds Privacy & Data Security Partner Rick Borden

Rick Borden has joined Frankfurt Kurnit as a partner in its Privacy & Data Security Group. Mr. Borden, who will be based in the firm’s New York office, joins Frankfurt Kurnit from Willkie Farr & Gallagher. Read more.