Photo of Evan D. Wolff

Evan D. Wolff is a partner in Crowell & Moring's Washington, D.C. office where he is co-chair of the firm's Privacy & Cybersecurity Group and a member of the Government Contracts Group. Evan has a national reputation for his deep technical background and understanding of complex cybersecurity legal and policy issues. Calling upon his experiences as a scientist, program manager, and lawyer, Evan takes an innovative approach to developing blended legal, technical, and governance mechanisms to prepare companies with rapid and comprehensive responses to rapidly evolving cybersecurity risks and threats. Evan has conducted training and incident simulations, developed response plans, led privileged investigations, and advised on hundreds of data breaches where he works closely with forensic investigators.

Crowell & Moring would like to invite government contractors to ring-side seats for the fight of the year – Congress v. the White House.  This year’s Ounce of Prevention Seminar (OOPS) will focus on the dynamic interplay between the opposite ends of Pennsylvania Avenue and how it will ultimately impact government contractors across the industry.  

In conjunction with his remarks at the White House Summit on Cybersecurity at Stanford University earlier this month, President Obama signed Executive Order 13691, entitled “Promoting Private Sector Cybersecurity Information Sharing.”  Published in the Federal Register last week, the Order is intended to encourage and facilitate cybersecurity information sharing within the private sector, and

President Obama recently proposed several new laws reflecting the administration’s increased focus on privacy and cyber issues. The proposals seek to create a consistent national data breach notification law (to replace the current patchwork of 47 state laws), to encourage cyber threat information sharing, and to update cybercrime enforcement. Although Immediate reactions to the proposed

As we near the one-year anniversary of the now infamous Target breach, more and more companies are coming to grips with the new reality that computer crime is a cost of doing business. Facing mounting pressure from customers and regulators alike, many are scrambling to find new ways to avoid becoming victims. In the most

The FDA recently passed down a set of guidelines governing the cybersecurity of medical devices. The guidelines, which are the first of its kind, were issued in response to the FDA’s recognition of the particular security concerns involved in the handling of sensitive medical information. The recommendations vary based on the specific vulnerabilities of each

Hackers, terrorists, and cyber criminals have ignited escalating threats to cybersecurity, homeland defense, and privacy largely unanticipated to the legal profession a generation ago. Today, lawyers must grapple with the intersection of technology, information governance, and law, navigating unprecedented legal challenges and crafting practical solutions on the emerging cyber, homeland, and privacy frontiers.

On behalf

In coordination with Crowell & Moring Antitrust partner David Laing — Evan Wolff, Liz Blumenfeld, and I have recently published an article in the BNA Antitrust & Trade Regulation Report entitled “DOJ and FTC Help Pave the Way For Greater Cyber Information Sharing in the Private Sector.” Our article focuses on the DOJ

Cybersecurity’s escalating threats, intensifying oversight, and expanding publicity in recent years exploded in 2013. It was a year bookended by President Obama’s cybersecurity warnings in his State of the Union message and the mega-breaches at Target and Neiman-Marcus. And it gave us a cyber panorama – the Cybersecurity Executive Order; industry security reports of massive

On June 20, 2014, Florida enacted the Florida Information Protection Act of 2014 (FIPA) to strengthen its data breach notification law. The amendments, which take effect July 1, will make Florida one of the strictest jurisdictions for reporting deadlines (which shortens to 30 days) and the types of information that trigger notification obligations (Which now

The Department of Justice and the Federal Trade Commission on April 10 issued Antitrust Policy Statement on Sharing of Cybersecurity Information, a joint policy statement that provides critical infrastructure industries the clarity they need to share cybersecurity information among themselves to combat cyber threats without violating the antitrust laws those agencies enforce. The agencies note that “properly designed cyber threat information sharing is not likely to raise antitrust concerns and can help secure the nation’s networks of information and resources.” The benefits of sharing this highly technical information are significant: sharing increases the security, availability, integrity, and efficiency of information systems, which in turn, leads to a more secure and productive nation. The agencies make clear that they “do not believe that antitrust is—or should be—a roadblock to legitimate cybersecurity information sharing.” This policy statement is meant to provide more certainty to the concerns private companies have raised as the threats to our nation’s infrastructure and information systems increase in number and sophistication.
Continue Reading