areas of expertise
Rick Borden is a partner in the Privacy & Data Security Group. With decades of experience both at firms and in-house, Mr. Borden translates privacy and data security requirements into budget-friendly operational solutions, advises on risk management, audits and incidents, and helps clients commercialize data and innovation.
Mr. Borden regularly represents FinTech, InsurTech, Software as a Service (SaaS), cloud computing, and other tech-forward companies on technology transactions, and privacy and data security issues. With a laser focus on data flows and a full understanding of operations, IT and the legal landscape, he translates complex risk discussions into plain English, and right-sizes mitigation strategies so that they fit with corporate budget and staffing limitations. Mr. Borden’s experience on both the customer and vendor side enables him to advise general counsel, boards of directors, and CEOs, CIOs, CTOs and other C-Suite executives on risk and incident response. He also interfaces with technology departments, advising them on how technology implementations and programs may expose companies to risk. Mr. Borden’s skill-set and experience is unique.
With comprehensive knowledge of fast-evolving state and federal regulation, Mr. Borden advises clients on data compliance programs, audits, and government compliance reviews. He drafts privacy policies and cybersecurity compliance documents, and assesses data sharing, protection and the collection and use of employee and consumer personal data. He works with clients to develop bring-your-own-device and mobile computing policies and provides privacy and data protection legal analysis and compliance counseling. In his data breach practice, he regularly advises on investigations, insurance coverage and claims, reporting and notification, and post-breach penalties and audits. He is currently helping clients comply with the New York State Department of Financial Services Cybersecurity Regulation, SEC Cybersecurity Rules and enforcement, the wave of new state privacy laws coming out of California, Virginia, Colorado, Utah, and Connecticut, and emerging issues with new Consumer Financial Protection Bureau rules for digital marketing agencies.
Mr. Borden understands that data is often a company’s most significant asset, and he represents clients structuring long-term collaborations to develop and commercialize their data and innovation. This experience includes artificial intelligence, SaaS and cloud contracting; data monetization agreements, joint ventures and strategic alliances; dispute avoidance and dispute resolutions relating to outsourcing; and blockchain, encryption and cryptography initiatives.
A well-known thought leader in data governance, cloud computing, SaaS, and the Internet of Things, Mr. Borden speaks and writes about these topics regularly and was named a JD Supra Readers' Choice Awards Top Author for cybersecurity. He has taught courses on information governance, cyber warfare and cybersecurity at the University of Connecticut School of Law, Benjamin N. Cardozo School of Law, and Rutgers Law School. He serves on the Board of Editors of the Journal of Law and Cyber Warfare and is a Senior Advisor to the RANE Networks. In addition to his work for law firms, corporations, and schools, Mr. Borden is also an inventor who holds several patents related to insurance claims processing and medical monitoring via mobile devices.
Mr. Borden’s representative matters include:
- Structuring loans of up to $250M using data and cloud infrastructure as collateral.
- Representing a Registered Investment Advisor in a major cybersecurity investigation by the New York State Department of Financial Services.
- Negotiating a SaaS agreement for transaction reporting for a blockchain-based gold purchasing platform.
- Representing a major FinTech company in a third party cybersecurity incident and related securities disclosure.
- Drafting comments to SEC Cybersecurity Rules.
- Drafting comments for the insurance industry on CPRA Rules.
- Drafting and implementing information security programs under GDPR.
- Developing cybersecurity policies, and training, awareness, monitoring and testing programs for a financial services corporation.
- Restructuring the privacy department for a major corporation.
Prior to joining Frankfurt Kurnit, Mr. Borden held senior positions at major law firms, and in-house legal and technology positions at companies including Bank of America, The Hartford, ORock Technologies, and the Depository Trust & Clearing Corporation, among others.
He is admitted to practice in New York and Connecticut.
awards & recognition
JD Supra Readers' Choice Awards Top Author (Cybersecurity)
New York University School of Law (J.D., 1990)
Amherst College (B.A., 1987)
Upcoming Speaking Engagements
Weathering the Storm: Insights on the SolarWinds Wells Notice
Rick Borden is a speaker during the webinar, "Weathering the Storm: Insights on the SolarWinds Wells Notice” hosted by Thomson Reuters (WestLegalEd), Global Cyber Institute, Legal Cyber Academy, and Lexeprint.
October 4 2023
October 18 2023
Investigating Third-Party SDKs – An Overview and Practical Steps to Reduce Risk
November 10 2023
Past Speaking Engagements
What the New SEC Regulation on Cyber Reporting Means for the Risk Management Profession
August 8 2023
Privacy + Security Forum: Spring Academy 2023
May 11 2023
Frankfurt Kurnit’s Tech Law Summit
Please join us for Frankfurt Kurnit's inaugural Tech Law Summit at our offices in downtown Manhattan on Thursday, May 4, 2023. The event will be held in person only, and space is limited. Read more.
May 4 2023
How Much Data Risk Are Governments and Businesses Sitting On Today?
Rick Borden is a speaker during the fireside chat, “The Importance of Data Security for Government Agencies & Businesses” hosted by Evolver LLC and Galaxkey at the British Embassy in Washington DC. Read more.
April 19 2023
Does ChatGPT Belong On Your Cyber Risk Register? Some Legal Perspectives
March 30 2023
Craft Your Incident Response Strategy With Tips From Top Industry Experts
March 28 2023
Navigating the Evolving Cyber Regulatory Landscape
February 28 2023
What Newly Proposed Cybersecurity Regulatory Requirements Mean for the Board
Rick Borden is a panelist during the webinar, “What Newly Proposed Cybersecurity Regulatory Requirements Mean for the Board” hosted by CohnReznick and the Association for Data and Cyber Governance. Read more.
February 23 2023
Potential Pitfalls of Cloud Computing Part 2
Rick Borden is a speaker during the webinar, “Potential Pitfalls of Cloud Computing in eDiscovery” hosted by Thomson Reuters (WestLegalEd), Global Cyber Institute, and Lexeprint.
February 9 2023
Cybersecurity, Privacy and Data Protection
Rick Borden is a panelist during the New York City Bar program, “Cybersecurity, Privacy and Data Protection.”
January 31 2023
Potential Pitfalls of Cloud Computing Part 1
Rick Borden is a speaker during the webinar, “Potential Pitfalls of Cloud Computing” hosted by Thomson Reuters (WestLegalEd), Global Cyber Institute, and Lexeprint.
December 1 2022
Global Legal ConfEx: GRC, Data Privacy & Cyber Security
November 17 2022
Consumer Privacy: What You Need to Know About the New State Privacy Laws
Rick Borden presents, "Consumer Privacy: What You Need to Know About the New State Privacy Laws (Part 1 and Part 2)" at the ANA Masters of Advertising Law Conference in Hollywood, Florida.
November 8 2022
news & press
Six Steps to Help Your Team Comply with the New SEC Public Company Cybersecurity Rules
On July 26, 2023, the Securities Exchange Commission (“SEC”) approved final Rules entitled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (the “Rules”). The Rules require certain cybersecurity incident disclosures on Form 8-K, generally within 4 business days after the determination that a cybersecurity incident is material. Read more.
NYDFS Changes Its Cybersecurity Regulation Requirements Through Enforcement – Again
Five Action Items to Help You Prepare for the Wave of Privacy Enforcement Starting July 2023
Mark your calendars - July 2023 is an important month for US privacy enforcement. Read more.
Mondaq Thought Leadership Awards – Spring 2023
Rick Borden and Saphya Council are recognized as Mondaq Thought Leading Authors for Data Protection in the United States. Their article, “New York's Proposed New Cybersecurity Regulations Will Mandate Big Changes For Many Businesses” was one of the most viewed of the last 6 months. View Article
5 Issues For Execs To Consider In SEC Cyber Rule Proposals
Data Breach Settlement: Manufacturing Company to Pay $1.75M to Employees
Washington “My Health My Data” Act Dramatically Alters Health Data Compliance Landscape
Washington State’s My Health My Data Act (“the Act”) introduces a sweeping set of obligations for nearly all entities that do business in the state and that handle “consumer health data,” a broad new class of health-related data separate from that regulated by the federal Health Insurance Portability and Accountability Act (“HIPAA”). Read more.
5 Pointers For Game Cos. Facing Calif. Kids Privacy Law
CPRA Regs: 8 New Obligations You Need to Know
On February 14, the CPPA, California’s new privacy regulatory agency, filed the first part of its proposed final CPRA Regs with California’s Office of Administrative Law (OAL). Read more.
Crypto Hack Lawsuits Rise as Theft Victims Try Untested Claims
Bloomberg Law quotes Rick Borden on arbitration provisions relating to lawsuits filed against cryptocurrency exchanges, digital wallet providers, and mobile service companies following cyberattacks. Read more.
Cyber Security Regulatory Risk Management
Hottest Firms and Stories on Law360 November 2022
New York Regulator Says Even One Access Control Failure Can Invalidate Years of Compliance Certifications
The New York Department of Financial Services (“NYDFS”) recently entered into a Consent Order (the “Consent Order”) with EyeMed Vision Care LLC (“EyeMed”) over violations of the agency’s Cybersecurity Requirements (23 NY CRR Part 500) (“Part 500”). Read more.