Overview

About Romaine

Romaine Marshall helps clients protect their data, businesses, and reputations from cybersecurity and privacy incidents.

As a cybersecurity and privacy lawyer, he works with clients to properly secure and use electronic data, develop industry-specific cybersecurity programs, conduct risk assessments and internal privacy audits, and respond to regulatory investigations. He has represented clients in more than 100 incidents involving data breaches, ransomware, malware attacks, security misconfigurations, wire fraud, software vulnerabilities, social engineering, and other exploits.

As part of his practice, Romaine collaborates with software developers and consultants to integrate solutions that assess risk, provide metrics and KPIs, and analyze compliance with industry standards including the NIST Cybersecurity and Privacy Frameworks. Romaine is also an experienced business litigation and trial lawyer. He has been lead counsel in multiple jury and bench trials in business disputes that have included claims for breach of contract, trade secret misappropriation, negligence, and fraud.

Romaine frequently presents and publishes on the business continuity and reputational impacts of cybersecurity incidents, and the legal and regulatory standards that govern. He has also directed workshops and initiatives analyzing the implications of emerging technologies such as blockchain, cryptocurrency, artificial intelligence, the Internet of Things, drones, and self-driving cars, and their intersection with cybersecurity, privacy, and other business laws. He is a member of the Utah Bar Association’s Innovation in Law Practice Committee.

Before joining Stoel Rives, Romaine was a partner at Holland & Hart LLP, an associate at Kirton McConkie PC, and a law clerk for Judge J. Thomas Greene of the U.S. District Court for the District of Utah.

Expand to Read More + See Less -
Experience

Experience

Cybersecurity

  • Incident response, litigation, and regulatory investigation counsel for county physicians’ group, regional transportation company, and national insurance software company that experienced separate Ryuk and Maze ransomware attacks.
  • Counsel for California commercial construction company against insurer for alleged failure to implement reasonable cybersecurity safeguards.
  • Litigation counsel for employee recognition and technology company against telecommunication company that experienced data breaches.
  • Compliance counsel for publicly traded nutrition and supplement companies in relation to cybersecurity maturity and incident response assessments.
  • Cybersecurity due diligence counsel for connected device company in merger and acquisition involving Public Key Infrastructure (PKI).
  • Strategic advisor for digital marketing company’s implementation of quantitative risk management strategy for global benefits provider.
  • Litigation counsel for multistate transportation companies that experienced data breach and wire fraud incidents.
  • Lead counsel in dismissal of class action lawsuit against national grocer in data breach case.
  • Incident response, litigation, and FTC investigation counsel for SaaS and payment processor in case involving data breach.
  • Defense counsel for data centers in litigation alleging data loss, theft, and misuse in state and federal courts.
  • Incident response and litigation counsel for CRM software provider against service provider that experienced data breach exposing personal information of consumers.
  • Litigation counsel in case requiring emergency injunctive relief for telecommunications provider in data breach and misappropriation of trade secrets case.
  • Represented healthcare facilities in data breaches, lawsuits, and investigations involving the Health Insurance Portability and Accountability Act.

Privacy

  • Advising retail, marketing, managed service provider, and integration platform as a service companies on compliance with the General Data Protection Regulation and California Consumer Privacy Act.
  • Advising SaaS provider processing transactions and personal information for over 100,000 consumers pursuant to New York, California, Colorado, and Utah laws.
  • Represented CRM software provider against service provider that exposed personal information of more than 50,000 consumers.
  • Directed readiness report, risk assessments, and privacy audits for financial services, insurance software, and supply chain companies.

Business Litigation

  • Defense counsel for cryptocurrency and digital assets company in ongoing $12 million securities-fraud case brought by the United States Securities and Exchange Commission.
  • Successfully defended software company’s former CEO against claims for fraud, data theft, and misappropriation of trade secrets.
  • In bench trial, successfully defended multistate bank in breach of contract claims by developer.
  • Obtained judgment on behalf of multinational manufacturer of industrial hygiene products against unauthorized distributor.
  • Successfully defended software distribution and CRM company in California and voluntary dismissal of all claims by software manufacturer.
  • Secured summary judgment and dismissal for real estate finance company accused of violating the Utah Unfair Practices Act.
  • On behalf of government, obtained contempt of court order and incarceration of corporate officer and recovery of illegal investments.
  • Administered data governance and containment strategy in collaboration with the FBI, SEC, and IRS against a $200 million real estate company investigated for Securities Act violations.
Expand to Read More + See Less -
Honors

Honors & Activities

  • Listed among Rising Stars (Business Litigation), Mountain States Super Lawyers®, 2008, 2011
  • Included in Utah Business Legal Elite, 2005–2009, Civil Litigation, 2015–2020
  • Member, Innovation in Law Practice Committee, Utah State Bar Association, May 2019–present
  • Member, Ethics and Disciplinary Committee, Utah Bar Association Office of Professional Conduct, 2015–2018
  • Recipient, Pro Bono Award, Utah Federal Bar Association, 2009
Expand to Read More + See Less -
Insights & Presentations

Insights & Presentations

  • “The Evolving Legal Landscape for Data Privacy Litigation,” Utah State Bar, Cyberlaw Section, July 16, 2020
  • Coast to Coast and Back Again – Cybersecurity and Data Privacy Rules,” Stoel Rives’ Global Privacy & Security Blog,  July 1, 2020
  • “Segments by Stoel” Cybersecurity Webinar Series, June 30, 2020 (Risk Management and Assessments)
  • Court Orders Disclosure of Capital One’s Incident Report,” Stoel Rives’ Global Privacy & Security Blog,  June 1, 2020
  • “Segments by Stoel” Cybersecurity Webinar Series, May 27, 2020 (Navigating the New WFH Era)
  • Is Your Incident Response Plan Ready for Novel Computer Viruses?,” Stoel Rives’ Global Privacy & Security Blog,  April 13, 2020
  • Soon, all ransomware attacks may be data breaches,” Stoel Rives’ Global Privacy & Security Blog,  March 20, 2020
  • “Solutions and Strategies by Stoel: Cybersecurity and Privacy Best Practices (the Children’s Online Privacy Protection Act and Incident Management Strategies),” March 11, 2020
  • Utah Considers a Cybersecurity Safe Harbor as Ransomware Runs Riot,” Stoel Rives’ Global Privacy & Security Blog®, Feb. 25, 2020
  • “Solutions and Strategies by Stoel: Cybersecurity and Privacy Best Practices (Compliance with CCPA and other new privacy laws),” Feb. 11, 2020
  • NIST Releases a Standard for Privacy,” Stoel Rives’ Global Privacy & Security Blog®, Feb. 7, 2020
  • “The FTC’s Role in Cybersecurity and Privacy Enforcement Actions,” Utah State Bar, Cyberlaw Section, Jan. 13, 2020
  • CCPA Is Here – Is Your Security ‘Reasonable’?,” Stoel Rives’ Global Privacy & Security Blog®, Jan. 7, 2020
  • CCPA is Here – Are Your Agreements Ready?,” Stoel Rives’ Global Privacy & Security Blog®, Dec. 27, 2019
  • CCPA is Here – Is Your Privacy Notice Ready?,” Stoel Rives’ Global Privacy & Security Blog®, Dec. 11, 2019
  • “Solutions and Strategies by Stoel: Cybersecurity and Privacy Best Practices (Insider Threats),” Nov. 13, 2019
  • “HACKed: Cybersecurity and Risk Management,” The Buckner Company, Nov. 13, 2019
  • Achieving Industry Standards,” Stoel Rives’ Global Privacy & Security Blog®, Oct. 28, 2019
  • Cybersecurity Issues for the Real Estate Industry, Salt Lake Board of Realtors Education Conference, Oct. 17, 2019
  • Panel Discussion on Cybersecurity, Utah Assoc. of CPAs Tech Series, Oct. 16, 2019
  • “Solutions and Strategies by Stoel: Cybersecurity and Privacy Best Practices (Vendor Risk Management, Director & Officer Liability, and CCPA Readiness),” Oct. 16, 2019
  • “Solutions and Strategies by Stoel: Cybersecurity and Privacy Best Practices (Ransomware and Privacy Regulation),” Sept. 18, 2019
  • Cybersecurity and Privacy 101 for Lawyers, 2nd Annual Innovation in Law Practice CLE Seminar, Utah Bar Association, Aug. 28, 2019
  • Recent FTC Enforcement Actions: What the FTC Wants, the FTC (Mostly) Gets” (co-author), Stoel Rives’ Global Privacy & Security Blog®, Aug. 21, 2019
  • “GDPR, PIPEDA, CCPA and Other International Regulations – Where Do We Stand Today?,” Association of Corporate Counsel Cybersecurity Summit, Vancouver, Canada, July 11, 2019
  • CCPA Bill Expanding Class Actions Fails but The Persistence of Chaos Succeeds,” Stoel Rives LLP Legal Alert, May 28, 2019
  • “GDPR and CCPA Understood,” Red Sky Security Conference, May 21, 2019
  • “Data Wars: How and Why Employers are Becoming More Responsible for Privacy,” Stoel Rives LLP, May 16, 2019
  • “The Changing Cybersecurity Landscape and Renewable Energy Market,” Utah Association of Energy Users, May 2, 2019
  • “Updates on the Global Privacy Landscape,” Utah iSymposium, Utah Bar Cyberlaw Section, April 24, 2019
  • “Securing the Blockchain,” 5th Annual Enterprise Risk Management Symposium, April 11, 2019
  • “Compliance and Regulation Panel,” Cybersecurity Conference, Salt Lake Chamber, March 27, 2019
  • “Hi-Tech Hub Breakfast Series: The Internet of Things and Self-Driving Cars,” Holland & Hart, Dec. 11, 2018
  • “Cybersecurity Updates,” Utah Association of Energy, Nov. 15, 2018
  • “GDPR Understood,” Red Sky Security Conference, Nov. 7, 2018
  • “Department of Health & Human Services Upgrades Security Risk Assessment Tool” (co-author), Holland & Hart News Update, Oct. 31, 2018
  • “Need a Cybersecurity Risk Assessment Tool? The Department of Health & Human Services Just Upgraded its Tool” (co-author), Holland & Hart News Update, Oct. 31, 2018
  • “Hi-Tech Hub Breakfast Series: Cybersecurity and Privacy Law: State of the States,” Holland & Hart, Oct. 24, 2018
  • “Data-Centric Security,” CISO Executive Network Roundtable, Denver, Colorado, Oct. 16, 2018
  • “Cloud Security and Third Party Risk Management,” CISO Executive Network Roundtable, Las Vegas, Nevada, Sept. 19, 2018
  • “Cloud Security and Third Party Risk Management,” CISO Executive Network Roundtable, Denver, Colorado, Sept. 11, 2018
  • “Self-Driving Cars: Are You In or Out?” (co-author), Holland & Hart News Update, July 12, 2018
  • “GDPR “Lite” Comes to the United States: The California Consumer Privacy Act of 2018” (co-author), Holland & Hart News Update, June 29, 2018
  • “Data Privacy for Employees: A Two-Edged Sword” (co-author), Holland & Hart News Update, June 11, 2018
  • “GDPR Starts with a Bang: NOYB Sues Google and Facebook” (co-author), Holland & Hart News Update, May 30, 2018
  • “The CLOUD Act: Where It Sheds Light and Where Shadows Remain” (co-author), Holland & Hart News Update, May 14, 2018
  • “Post Breach Response - Incident Handling and Data Breach Communications,” CISO Executive Network Roundtable, April 25, 2018
  • “Cybersecurity Breakfast Series: Demystifying Distributed Ledger Technology (the Blockchain),” Holland & Hart, April 11, 2018
  • “Incident Response,” CISO Executive Network Roundtable, April 10, 2018
  • “Cybersecurity Breakfast Series: Rise of the Machines - New Developments in Cybersecurity, the Internet of Things, and Artificial Intelligence,” Holland & Hart, March 14, 2018
  • “SEC Provides Long-Awaited Guidance on Cybersecurity Disclosures” (co-author), Holland & Hart News Update, March 5, 2018
  • Cybersecurity and Digital Privacy Roundtable,” Utah Business, Jan. 11, 2018
  • “DOJ Settlement Sets Forth Best Practices for Protecting Sensitive Data for Government Contractors and Information Technology Companies” (co-author), Holland & Hart News Update, Jan. 2018
  • “Supreme Court Hears Argument on Whether Cellphone Records Are Protected by Fourth Amendment” (co-author), Holland & Hart News Update, Nov. 29, 2017
  • “Cybersecurity Grabs Headlines, But Privacy Policies and Practices Are as Important,” Holland & Hart Cybersecurity Breakfast Series, Nov. 16, 2017
  • “Supreme Court to Consider Whether Companies That Store Data Outside the U.S. Can Be Required to Produce It in the U.S.” (co-author), Holland & Hart News Update, Nov. 13, 2017
  • “Safe Harbor for Data Security: New York’s Proposed Changes Could Be Followed by Other States” (co-author), Holland & Hart News Update, Nov. 7, 2017
  • “Protecting Data in the Wake of Recent Attacks and the Legal, Regulatory, and Industry Frameworks that Govern,” Holland & Hart Cybersecurity Breakfast Series, Oct. 24, 2017
  • “Equifax Removes Arbitration Clause; Confirms No Credit Card Required for Free Credit Monitoring Service” (co-author), Holland & Hart News Update, Sept. 15, 2017
  • “ID Theft Protection and Credit Monitoring for Equifax Cyberattack: Get It But Proceed With Caution” (co-author), Holland & Hart News Update, Sept. 11, 2017
  • “SEC Urges ”Robust” Cybersecurity Best Practices” (co-author), Holland & Hart News Update, Aug. 22, 2017
  • “Personal and Business Cybersecurity Hygiene,” Western Industrial Nevada Breakfast Meeting, Reno, Nevada, July 28, 2017
  • “Federal and State Cybersecurity Regulation of Financial Services” (co-author), The Corporate Counselor, June 2017
  • “The Layered Federal and State Cybersecurity Regulation of Financial Services Firms” (co-author), Cybersecurity Law & Strategy and Legaltech News, June 2017
  • “Trump Executive Order Embraces New Standards for Federal Cybersecurity” (co-author), Holland & Hart News Update, May 16, 2017
  • “Contracts and Closings in the Cloud – The Effect of Technology on Real Estate Transactions,” Spring Symposia, ABA Real Property, Trust and Estate Law Section, April 20, 2017
  • “Cybersecurity Risks and the Apportionment of Liability: What Your Firm Should Be Aware Of in 2017,” The Knowledge Group, March 28, 2017
  • Cybersecurity: What Are Corporate Directors’ Duties?” (co-author), Westlaw Journal Computer & Internet, Vol. 34, Issue 21, March 24, 2017
  • “EU GDPR and Privacy Shield,” Holland & Hart Cybersecurity Breakfast Series, March 22, 2017
  • “New NY Cybersecurity Regs Will Have National Reach” (co-author), Law360, March 22, 2017
  • “Call Center and Compliance Issues,” Panelist, SIFMA Compliance and Legal Society, Salt Lake City, Utah, March 3, 2017
  • “New York’s New Cybersecurity Regulation for Financial Institutions Will Have National Reach” (co-author), Holland & Hart News Update, March 1, 2017
  • “Emerging Cybersecurity and Data Privacy Issues in 2017 and Beyond,” Holland & Hart Cybersecurity Winter Breakfast Series, Salt Lake City, UT, Feb. 22, 2017
  • “New Federal Guidance on Data Breaches, also Instructive for the Private Sector” (co-author), Holland & Hart News Update, Jan. 13, 2017
  • “New FDA Guidance Addresses Medical Device Cybersecurity for the Internet of Things” (co-author), Holland & Hart News Update, Jan. 5, 2017
  • “Information Privacy, Information Privacy vs. Information Security: Conflicts & Synergies,” Holland & Hart Cybersecurity Fall Breakfast Series, Nov. 16, 2016
  • “Risk Management, Cybersecurity Risk Management & Risk Assessments, Risk Transfer Through Cyber Insurance,” Cybersecurity Fall Breakfast Series Holland & Hart, Nov. 2, 2016
  • “Conduct a Thorough HIPAA Risk Analysis or Pay Big Fines” (co-author), Holland & Hart News Update,Oct. 26, 2016
  • “Building or Strengthening Your Information Security Program, Board Member Responsibilities,” Holland & Hart Cybersecurity Fall Breakfast Series, Oct. 5, 2016
  • “Data Breaches: How Data Breaches are Happening: Ransomware, Cyber Extortion and Hacktivism - Web Application Attacks,” Holland & Hart Cybersecurity Fall Breakfast Series, Sept. 21, 2016
  • “Data Breaches: Hacking Incidents that Hurt, Incident Response Life Cycle, Data Breach Handling and Communications, Data Breach Response Toolkit,” Holland & Hart Cybersecurity Fall Breakfast Series, Sept. 7, 2016
  • “Waiting May Cost You: Sanctions for Inadequate Cybersecurity Practices May Be Imposed Before a Cyber Attack” (co-author), Holland & Hart News Update, Aug. 1, 2016
  • “Federal Appeals Court Holds Data Breach Class Action Triggers Insurer’s Duty to Defend under General Liability Policy” (co-author), Holland & Hart News Update, April 15, 2016
  • “Third Circuit Finds that the FTC Has Authority to Sue Companies for Inadequate Cybersecurity Practices as an ‘Unfair’ Practice” (co-author), Holland & Hart News Update, Aug. 28, 2015
  • “Seventh Circuit Finds Customers’ Hassles Caused by Data Breach Enough to Save a Class Action From Dismissal” (co-author), Holland & Hart News Update, Aug. 3, 2015
  • “BIS Publishes Proposed Rule For New Export Controls on Cybersecurity Items” (co-author), Holland & Hart News Update, June 5, 2015
  • Hacked Again?! What to Know About Utah’s Data Breach Statute… For Now” (co-author), Utah Business, May 2015
  • What Colorado Companies Need to Know About Cybersecurity” (co-author), ColoradoBiz Magazine, May 2015



Related News & Publications


Expand to Read More + See Less -
×
Saved Pages

Use the arrows to arrange content.  Download pages as a .pdf file or share links via email..

{{ item.Title }} {{ item.AttorneyPosition }}, {{ item.AttorneyLocation }} , C. {{ item.AttorneyCell }} , P. {{ item.AttorneyPhone }} , F. {{ item.AttorneyFax }} {{ item.TypeText }} Remove
You have no pages saved
            {{ state | json }}