About Romaine

Romaine Marshall helps clients protect their data, businesses, and reputations from cybersecurity and privacy incidents.

As a cybersecurity and privacy lawyer, he works with clients to properly secure and use electronic data, develop industry-specific cybersecurity programs, conduct risk assessments and internal privacy audits, and respond to regulatory investigations. He has represented clients in more than 100 incidents involving data breaches, ransomware, malware attacks, security misconfigurations, wire fraud, software vulnerabilities, social engineering, and other exploits.

Romaine is also an experienced business litigation and trial lawyer. Within the last two years, in addition to successfully defending clients against alleged violations of cybersecurity and privacy standards, he obtained successful outcomes in three jury trials that included claims for breach of contract, trade secret misappropriation, negligence, and fraud.

Romaine frequently presents and publishes on the business continuity and reputational impacts of cybersecurity incidents, and the legal and regulatory standards that govern. He has also directed workshops and initiatives analyzing the implications of emerging technologies such as blockchain, cryptocurrency, artificial intelligence, the Internet of Things, drones, and self-driving cars, and their intersection with cybersecurity, privacy, and other business laws. He is a member of the Utah Bar Association’s Innovation in Law Practice Committee.

Before joining Stoel Rives, Romaine was a partner at Holland & Hart LLP, an associate at Kirton McConkie PC, and a law clerk for Judge J. Thomas Greene of the U.S. District Court for the District of Utah.

Expand to Read More + See Less -


Cybersecurity and Privacy

  • Obtained dismissal of class action lawsuit against national grocer in data breach case.
  • Defended data centers in data loss, theft, and breach litigation in state and federal courts.
  • Counseled global SaaS provider throughout regulatory investigation into data breach.
  • Advised insurance companies on their compliance obligations with NYDFS cybersecurity regulations.
  • Obtained injunctive relief and settlement for telecommunications provider in data breach and misappropriation of trade secrets case.
  • Successfully represented healthcare facilities in data breaches, lawsuits, and investigations involving the Health Insurance Portability and Accountability Act (HIPAA).
  • Directing readiness report, risk assessments, and privacy audit for financial services and insurance software companies.
  • Advising managed service provider and marketing company on compliance with the General Data Protection Regulation and California Consumer Privacy Act.

Business Litigation

  • Successfully defended software company’s former CEO against claims for fraud, data theft, and misappropriation of trade secrets.
  • In bench trial, successfully defended multistate bank in breach of contract claims by developer.
  • Obtained judgment on behalf of multinational manufacturer of industrial hygiene products against unauthorized distributor.
  • Successfully defended software distribution and CRM company in California and voluntary dismissal of all claims by software manufacturer.
  • Secured summary judgment and dismissal for real estate finance company accused of violating the Utah Unfair Practices Act.
  • On behalf of government, obtained contempt of court order and incarceration of corporate officer and recovery of illegal investments.
  • Administered data governance and containment strategy in collaboration with the FBI, SEC, and IRS against a $200 million real estate company investigated for Securities Act violations.
Expand to Read More + See Less -

Honors & Activities

  • Listed among Rising Stars (Business Litigation), Mountain States Super Lawyers®, 2008, 2011
  • Included in Utah Business Legal Elite, 2005-2009, Civil Litigation, 2015-2019
  • Member, Innovation in Law Practice Committee, Utah State Bar Association, May 2019-present
  • Member, Ethics and Disciplinary Committee, Utah Bar Association Office of Professional Conduct, 2015-2018
  • Recipient, Pro Bono Award, Utah Federal Bar Association, 2009
Expand to Read More + See Less -
Insights & Presentations

Insights & Presentations

  • Cybersecurity and Privacy 101 for Lawyers, 2nd Annual Innovation in Law Practice CLE Seminar, Utah Bar Association, August 28, 2019
  • Recent FTC Enforcement Actions: What the FTC Wants, the FTC (Mostly) Gets,” Stoel Rives’ Global Privacy & Security Blog®, August 21, 2019
  • “GDPR, PIPEDA, CCPA and Other International Regulations – Where Do We Stand Today?,” Association of Corporate Counsel Cybersecurity Summit, Vancouver, Canada, July 11, 2019
  • “GDPR and CCPA Understood,” Red Sky Security Conference, May 21, 2019
  • “Data Wars: How and Why Employers are Becoming More Responsible for Privacy,” Stoel Rives LLP, May 16, 2019
  • “The Changing Cybersecurity Landscape and Renewable Energy Market,” Utah Association of Energy Users, May 2, 2019
  • “Updates on the Global Privacy Landscape,” Utah iSymposium, Utah Bar Cyberlaw Section, April 24, 2019
  • “Securing the Blockchain,” 5th Annual Enterprise Risk Management Symposium, April 11, 2019
  • “Compliance and Regulation Panel,” Cybersecurity Conference, Salt Lake Chamber, March 27, 2019
  • “Hi-Tech Hub Breakfast Series: The Internet of Things and Self-Driving Cars,” Holland & Hart, Dec. 11, 2018
  • “Cybersecurity Updates,” Utah Association of Energy, Nov. 15, 2018
  • “GDPR Understood,” Red Sky Security Conference, Nov. 7, 2018
  • “Department of Health & Human Services Upgrades Security Risk Assessment Tool” (co-author), Holland & Hart News Update, Oct. 31, 2018
  • “Need a Cybersecurity Risk Assessment Tool? The Department of Health & Human Services Just Upgraded its Tool” (co-author), Holland & Hart News Update, Oct. 31, 2018
  • “Hi-Tech Hub Breakfast Series: Cybersecurity and Privacy Law: State of the States,” Holland & Hart, Oct. 24, 2018
  • “Data-Centric Security,” CISO Executive Network Roundtable, Denver, Colorado, Oct. 16, 2018
  • “Cloud Security and Third Party Risk Management,” CISO Executive Network Roundtable, Las Vegas, Nevada, Sept. 19, 2018
  • “Cloud Security and Third Party Risk Management,” CISO Executive Network Roundtable, Denver, Colorado, Sept. 11, 2018
  • “Self-Driving Cars: Are You In or Out?” (co-author), Holland & Hart News Update, July 12, 2018
  • “GDPR “Lite” Comes to the United States: The California Consumer Privacy Act of 2018” (co-author), Holland & Hart News Update, June 29, 2018
  • “Data Privacy for Employees: A Two-Edged Sword” (co-author), Holland & Hart News Update, June 11, 2018
  • “GDPR Starts with a Bang: NOYB Sues Google and Facebook” (co-author), Holland & Hart News Update, May 30, 2018
  • “The CLOUD Act: Where It Sheds Light and Where Shadows Remain” (co-author), Holland & Hart News Update, May 14, 2018
  • “Post Breach Response - Incident Handling and Data Breach Communications,” CISO Executive Network Roundtable, April 25, 2018
  • “Cybersecurity Breakfast Series: Demystifying Distributed Ledger Technology (the Blockchain),” Holland & Hart, April 11, 2018
  • “Incident Response,” CISO Executive Network Roundtable, April 10, 2018
  • “Cybersecurity Breakfast Series: Rise of the Machines - New Developments in Cybersecurity, the Internet of Things, and Artificial Intelligence,” Holland & Hart, March 14, 2018
  • “SEC Provides Long-Awaited Guidance on Cybersecurity Disclosures” (co-author), Holland & Hart News Update, March 5, 2018
  • Cybersecurity and Digital Privacy Roundtable,” Utah Business, Jan. 11, 2018
  • “DOJ Settlement Sets Forth Best Practices for Protecting Sensitive Data for Government Contractors and Information Technology Companies” (co-author), Holland & Hart News Update, Jan. 2018
  • “Supreme Court Hears Argument on Whether Cellphone Records Are Protected by Fourth Amendment” (co-author), Holland & Hart News Update, Nov. 29, 2017
  • “Cybersecurity Grabs Headlines, But Privacy Policies and Practices Are as Important,” Holland & Hart Cybersecurity Breakfast Series, Nov. 16, 2017
  • “Supreme Court to Consider Whether Companies That Store Data Outside the U.S. Can Be Required to Produce It in the U.S.” (co-author), Holland & Hart News Update, Nov. 13, 2017
  • “Safe Harbor for Data Security: New York’s Proposed Changes Could Be Followed by Other States” (co-author), Holland & Hart News Update, Nov. 7, 2017
  • “Protecting Data in the Wake of Recent Attacks and the Legal, Regulatory, and Industry Frameworks that Govern,” Holland & Hart Cybersecurity Breakfast Series, Oct. 24, 2017
  • “Equifax Removes Arbitration Clause; Confirms No Credit Card Required for Free Credit Monitoring Service” (co-author), Holland & Hart News Update, Sept. 15, 2017
  • “ID Theft Protection and Credit Monitoring for Equifax Cyberattack: Get It But Proceed With Caution” (co-author), Holland & Hart News Update, Sept. 11, 2017
  • “SEC Urges ”Robust” Cybersecurity Best Practices” (co-author), Holland & Hart News Update, Aug. 22, 2017
  • “Personal and Business Cybersecurity Hygiene,” Western Industrial Nevada Breakfast Meeting, Reno, Nevada, July 28, 2017
  • “Federal and State Cybersecurity Regulation of Financial Services” (co-author), The Corporate Counselor, June 2017
  • “The Layered Federal and State Cybersecurity Regulation of Financial Services Firms” (co-author), Cybersecurity Law & Strategy and Legaltech News, June 2017
  • “Trump Executive Order Embraces New Standards for Federal Cybersecurity” (co-author), Holland & Hart News Update, May 16, 2017
  • “Contracts and Closings in the Cloud – The Effect of Technology on Real Estate Transactions,” Spring Symposia, ABA Real Property, Trust and Estate Law Section, April 20, 2017
  • “Cybersecurity Risks and the Apportionment of Liability: What Your Firm Should Be Aware Of in 2017,” The Knowledge Group, March 28, 2017
  • Cybersecurity: What Are Corporate Directors’ Duties?” (co-author), Westlaw Journal Computer & Internet, Vol. 34, Issue 21, March 24, 2017
  • “EU GDPR and Privacy Shield,” Holland & Hart Cybersecurity Breakfast Series, March 22, 2017
  • “New NY Cybersecurity Regs Will Have National Reach” (co-author), Law360, March 22, 2017
  • “Call Center and Compliance Issues,” Panelist, SIFMA Compliance and Legal Society, Salt Lake City, Utah, March 3, 2017
  • “New York’s New Cybersecurity Regulation for Financial Institutions Will Have National Reach” (co-author), Holland & Hart News Update, March 1, 2017
  • “Emerging Cybersecurity and Data Privacy Issues in 2017 and Beyond,” Holland & Hart Cybersecurity Winter Breakfast Series, Salt Lake City, UT, Feb. 22, 2017
  • “New Federal Guidance on Data Breaches, also Instructive for the Private Sector” (co-author), Holland & Hart News Update, Jan. 13, 2017
  • “New FDA Guidance Addresses Medical Device Cybersecurity for the Internet of Things” (co-author), Holland & Hart News Update, Jan. 5, 2017
  • “Information Privacy, Information Privacy vs. Information Security: Conflicts & Synergies,” Holland & Hart Cybersecurity Fall Breakfast Series, Nov. 16, 2016
  • “Risk Management, Cybersecurity Risk Management & Risk Assessments, Risk Transfer Through Cyber Insurance,” Cybersecurity Fall Breakfast Series Holland & Hart, Nov. 2, 2016
  • “Conduct a Thorough HIPAA Risk Analysis or Pay Big Fines” (co-author), Holland & Hart News Update,Oct. 26, 2016
  • “Building or Strengthening Your Information Security Program, Board Member Responsibilities,” Holland & Hart Cybersecurity Fall Breakfast Series, Oct. 5, 2016
  • “Data Breaches: How Data Breaches are Happening: Ransomware, Cyber Extortion and Hacktivism - Web Application Attacks,” Holland & Hart Cybersecurity Fall Breakfast Series, Sept. 21, 2016
  • “Data Breaches: Hacking Incidents that Hurt, Incident Response Life Cycle, Data Breach Handling and Communications, Data Breach Response Toolkit,” Holland & Hart Cybersecurity Fall Breakfast Series, Sept. 7, 2016
  • “Waiting May Cost You: Sanctions for Inadequate Cybersecurity Practices May Be Imposed Before a Cyber Attack” (co-author), Holland & Hart News Update, Aug. 1, 2016
  • “Federal Appeals Court Holds Data Breach Class Action Triggers Insurer’s Duty to Defend under General Liability Policy” (co-author), Holland & Hart News Update, April 15, 2016
  • “Third Circuit Finds that the FTC Has Authority to Sue Companies for Inadequate Cybersecurity Practices as an ‘Unfair’ Practice” (co-author), Holland & Hart News Update, Aug. 28, 2015
  • “Seventh Circuit Finds Customers’ Hassles Caused by Data Breach Enough to Save a Class Action From Dismissal” (co-author), Holland & Hart News Update, Aug. 3, 2015
  • “BIS Publishes Proposed Rule For New Export Controls on Cybersecurity Items” (co-author), Holland & Hart News Update, June 5, 2015
  • Hacked Again?! What to Know About Utah’s Data Breach Statute… For Now” (co-author), Utah Business, May 2015
  • What Colorado Companies Need to Know About Cybersecurity” (co-author), ColoradoBiz Magazine, May 2015

Related News & Publications

Expand to Read More + See Less -
Saved Pages

Use the arrows to arrange content.  Download pages as a .pdf file or share links via email..

{{ item.Title }} {{ item.AttorneyPosition }}, {{ item.AttorneyLocation }} , C. {{ item.AttorneyCell }} , P. {{ item.AttorneyPhone }} , F. {{ item.AttorneyFax }} {{ item.TypeText }} Remove
You have no pages saved
            {{ state | json }}