Richard Santalesa

(p) 203.292.0667 (e) rsantalesa@infolawgroup.com

Richard Santalesa is Senior Counsel in Information Law Group’s east coast office, based in Fairfield, Connecticut and New York City. He focuses on representing clients on electronic commerce and internet issues, software and content licensing, privacy and data security, outsourcing, software and website development transactions and other commercial arrangements involving intellectual property and technology-savvy companies. He also counsels clients on the creation and development of technology-focused businesses and the global protection and exploitation of their intellectual property assets.

Immediately prior to joining the firm Richard served as Outside Counsel to FUJIFILM Holdings America Corporation, Valhalla, NY, where he provided counsel to numerous FUJIFILM entities in North America and as Legal Counsel to Ipsos America, Inc., New York, NY, the American holding company for Ipsos S.A., a publicly held global market research company headquartered in France with offices and subsidiaries around the world. Richard has also been an associate at well-respected New York and Connecticut law firms.

Prior to practicing law, Richard enjoyed a successful career in technology, initially as a computer programmer on Wall Street, and then as an award-winning journalist, editor and analyst covering internet, hardware, software and wireless issues. He held the positions of executive editor of NetGuide, editor in chief of Windows User, and technical editor of Computer Shopper. He registered his first domain name in 1994 and has authored columns for numerous publications, including Emedia Weekly (f/k/a MacWeek), Smart Reseller Magazine (f/k/a Smart Partner Magazine), WebWeek (f/k/a Internet World), Telecommute, PC Pro UK, ZDNet’s Enterprise Channel (wireless), NetGuide, Windows User and Computer Shopper. His articles on technology have appeared in The New York Times, PC Magazine, Wired, Digital Media, Windows Magazine, Windows Pro, IEEE Spectrum, IEEE Database, Small Business Computing, Home Office Computing, HomePC, and have been translated into many other languages.

As a co-founder in the late 90s of Virtual Growth, Inc., a NewYork City-based accounting firm providing outsourced financial and accounting services to New York City’s startup and new media companies, Richard served as Director of Technology to plan the firm’s infrastructure growth to keep pace as the company grew from 3 to more than 90 employees. At Virtual Growth Richard developed a first-hand understanding of the fast-paced nature and needs inherent in technology and outsourcing as the firm prepared for a nation-wide rollout.

Earlier Richard held the positions of New Media Manager and International Publishing Manager for Norwalk, CT-based Micro Warehouse, Inc.. At Micro Warehouse he crafted the company’s initial web strategy, launched the company’s Japanese language catalog and oversaw the production and development of catalogs in eleven countries.

Richard graduated from Queen College, of the City University of New York, cum laude, with a double major in Computer Science and English. He received his law degree from St. Johns University School of Law in 2005, cum laude. While at St. Johns he was the Executive Editor (Notes & Comments) of the American Bankruptcy Institute Law Review, and ran the St. Johns student bar associationÃ¢â‚¬â„¢s website, where he spearheaded a pilot program to digitize and archive streaming video of law school events.

Practice Areas

Contracts, service level agreements, software escrow and licensing
Privacy and data security counseling, compliance, and policies
Data security breach notices, data security program review and analysis,
Online sweepstakes and contests, EULAs, terms, advertising and marketing research and associated regulatory and statutory compliance
Intellectual property (copyrights and trademarks)
E-commerce, outsourcing, SaaS and technology infrastructure services
Consumer Product Safety Improvement Act compliance and counseling

Professional Associations

American Bar Association, Science & Technology Law: active member of the Information Security Committee
New York State Bar Association (Intellectual Property Law Section Ã¢â‚¬â€œ Internet and Technology Law Committee; Commercial & Federal Litigation Section; Real Property Law Legislative Committee)
New York Intellectual Property Law Association
Connecticut Bar Association
District of Columbia Bar Association
IEEE

Education

St. John’s University, School of Law, Jamaica, NY, J.D. (Executive Editor, Notes & Comments, American Bankruptcy Institute Law Review)
Queens College, NY, BA Computer Science and English, cum laude

Bar Admissions

New York
Connecticut
District of Columbia

Recent Articles

The Supreme Court Opens a Case of Vintage Arguments, May 2005
The New York State of Wine:e-Commerce Reaches the Supreme Court, April l2005
A Taxing Situation for Telecommuters, April 2005

Posts by Richard Santalesa

NIST to Launch Big Data Working Group

By Richard Santalesa on June 17, 2013 Posted in Big Data

The National Institute of Standards and Technology (“NIST”), which we’ve written about at length in the past in connection with its ongoing data security and cloud computing related work, announced the formation of a Big Data Working Group today, with a “kick off” conference call this Wed., June 19, from 1-3pm EDT. The group is… Continue Reading

Santalesa to Address Connecticut Association of Paralegals

By Richard Santalesa on June 12, 2013 Posted in In The News

Rich will address the CAP on the following topic: “Technological developments have had a tremendous impact on the practice of law, from the way we conduct legal research and present evidence at a trial to the way law firms are managed. Keeping up with new technology has become as important to the Paralegal profession as… Continue Reading

NIST Releases Cloud Computing “Security Reference Architecture” (SP 500-299) for Public Comment

By Richard Santalesa on May 21, 2013 Posted in Cloud Computing

The National Institute of Standards and Technology (“NIST”) loves its “Special Publications” the way IRS agents love new tax forms. NIST’s SP’s, however, are much more useful, and its latest Special Publication release in draft form for public comment, SP 500-299 “Cloud Computing Security Reference Architecture” introduces NIST’s Cloud Computing Security Reference Architecture (“SRA”) as… Continue Reading

InfoLawGroup to address Connecticut Association of Paralegals

By Richard Santalesa on May 13, 2013 Posted in Events

Senior Counsel, Richard Santalesa will address the Connecticut Association of Paralegals at its June 12, 2013 member event on how technological developments have effected the practice of law, from the way we now conduct legal research and present evidence at a trial to the way law firms are managed, with links to the changing expectations… Continue Reading

Lessons From When Cyber Security Meets Physical Security

By Richard Santalesa on May 10, 2013 Posted in Cybersecurity, Reasonable Security

Data security and what qualifies as “reasonable” security is on everyone’s mind these days – at least if you’re involved in IT, or responsible for addressing any aspect of the “GRC” troika of governance, risk management and compliance issues. Sometimes overlooked on the cyber side, however, is the interaction of cyber with real world, physical… Continue Reading

2013 Verizon Data Breach Report Is Out – Risks Increase

By Richard Santalesa on April 24, 2013 Posted in Breach Notification, Cybersecurity, Information Security

Verizon’s annual “Data Breach Investigations Report” (“DBIR”) is a must read for data and information security professionals and we eagerly await each release. The 2013 DBIR is now out and being carefully read by information security professionals. Now in its sixth year, each DBIR provides a broad overview of the changing information security and data… Continue Reading

Upcoming Webinar on FFIEC Social Media Compliance

By Richard Santalesa on April 22, 2013 Posted in In The News

Senior Counsel, Richard Santalesa, will be conducting an upcoming webinar in connection with MetricStream, discussing the Federal Financial Institutions Examination Council’s (“FFIEC”) proposed recent social media guidance (see FFIEC Social Media Guidance Public Comment Revelations). Date to be announced in the near future.

FTC Report Issues Recommendation on Mobile Payments

By Richard Santalesa on March 14, 2013 Posted in Big Data, FTC, Mobile

This year, 2013, is definitely shaping up to be the “Year of Mobile” at the FTC, as predicted last month. Just last week the FTC’s latest Staff Report, Paper, Plastic,… Mobile – An FTC Workshop on Mobile Payments (“Staff Report,” PDF) serves to kick the ball further downfield in the FTC’s mobile push and begins… Continue Reading

NIST Issues Final Draft of Security Controls for Comment

By Richard Santalesa on February 13, 2013 Posted in Information Security, PII, Uncategorized

Over three previous drafts of its Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication 800-53, the National Institute of Standards and Technology (“NIST”) has honed focus while expanding the reach of infosec controls, all culminating in this latest 455-page “Revision 4″ released for public comment last week. Dubbed the “Final Public… Continue Reading

FTC Releases Recommendations for Mobile Privacy Disclosures

By Richard Santalesa on February 4, 2013 Posted in FTC, Mobile

This weekend’s excellent Superbowl game, which was delayed by a power outage that prompted several announcers in passing to mention the “extra power” used by tablets and smartphones, highlighted that the mobile arena continues to take center stage everywhere. We’ve covered the growing attention on mobile privacy policies and data gathering in recent posts (see,… Continue Reading

2013 Data Privacy, Information Security and Cyber Insurance Trends Report

By Richard Santalesa on January 28, 2013 Posted in In The News

On Data Privacy Day, recognized annually on Jan. 28th, Senior Counsel, Richard Santalesa, is quoted in the 2013 Data Privacy, Information Security and Cyber Insurance Trends Report, released each January by Cyber Data Risk Managers LLC. The Report surveys well-known industry experts and respected thought leaders, including Rick Kam, Bruce Schneier, Dr. Larry Ponemon and… Continue Reading

Ponemon Study on Patient Privacy Highlights Security Failings

By Richard Santalesa on December 6, 2012 Posted in BYOD, Cloud Computing, Health Care, HITECH, Identity Theft, Red Flags Identity Theft Rules, Uncategorized

Released today, the Ponemon Institute‘s Third Annual Benchmark Study on Patient Privacy & Data Security (available at, http://www2.idexpertscorp.com/ponemon2012/) starkly highlights the continued serious challenges faced by healthcare organizations in adequately safeguarding protected health information (“PHI”). As the study notes straight out of the gate “the threats to healthcare organizations have become increasingly more difficult to… Continue Reading

FTC Recommends Best Practices for Facial Recognition Technologies

By Richard Santalesa on November 2, 2012 Posted in Advertising Law, Behavioral Advertising, Facial Recognition, FTC

Regardless of your view of government, you have to on some level hand it to the Federal Trade Commission (“FTC”). It is doggedly persistent, like perhaps few other federal agencies, in working to stay ahead of the ever breaking digital security and privacy wave. At the end of 2011 the FTC hosted a unique workshop… Continue Reading

How Cyber Risk Insurance Can Help SMB’s Stay in Business After a Breach

By Richard Santalesa on October 3, 2012 Posted in Events

Join us for a free webinar on Oct. 24th at 1pm ET, where Richard Santalesa, ILG Senior Counsel, and Christine Marciano, President of Cyber Data Risk Managers LLC, will discuss why it is important for small-to-mid sized businesses to prepare for a data breach, and how cyber insurance provides a valuable risk management tool that… Continue Reading

Whitepaper – Local & State Govt Data Security and Cyber Risks

By Richard Santalesa on September 13, 2012 Posted in In The News

Senior Attorney, Richard Santalesa introduced a whitepaper on legal risks and cyber insurance at this past week’s fall meeting of the New York State Association of Counties - dubbed the think tank for NY’s counties since 1923. The white paper was released at a breakout session on the meeting agenda addressing “Cyber Security and Cyber Risks in Your County” where… Continue Reading

Federal CIO Council Releases BYOD Toolkit

By Richard Santalesa on August 28, 2012 Posted in BYOD

Bring Your Own Device (“BYOD”) is the latest overnight IT sensation. But like most “overnight sensations” the foundational work took years before now familiar names “suddenly” hit the bright lights. In broader response to the ongoing Consumerization of Information Technology trend (“COIT”), no less than the Federal government has jumped on the BYOD bandwagon. Last week… Continue Reading

Two Northeast States Update Breach Notification Statutes – CT & VT

By Richard Santalesa on June 20, 2012 Posted in Data Privacy Law or Regulation

In the last month both Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to closely monitor state legislatures, particularly end of session happenings. Each modification highlights the growing trend of states requiring notification to the state’s attorney general, under often new compressed timeframes.

InfoLawGroup Co-Authors NYSAC Article on Cyber Risks For Municipalities

By Richard Santalesa on June 19, 2012 Posted in In The News

Richard Santalesa recently co-wrote an article in the Spring/Summer 2012 NYSAC News magazine, the official publication of the New York State Association of Counties, a bipartisan municipal association serving all 62 counties of New York State including the City of New York. The article, available here, was co-written with Christine Marciano, President of Cyber Data Risk… Continue Reading

13 Expert Security Tips to Combat Mobile Device Threats to Healthcare

By Richard Santalesa on June 16, 2012 Posted in In The News

In this collection of security tips for mobile device ILG Attorney Richard Santalesa recommends keeping close tabs on mobile devices coming "off plan" in any BYOD scenario. The article is available at: http://www2.idexpertscorp.com/resources/BestPracticesChecklists/13-security-tips-to-combat-mobile-device-threats-to-healthcare/

Ninth Circuit Narrows Reach of CFAA In En Banc US v Nosal Decision

By Richard Santalesa on April 13, 2012 Posted in Computer Fraud and Abuse Act (CFAA)

The legal and online arenas have been abuzz the last several days in response to the Ninth Circuit’s issued en banc opinion in U.S v. Nosal, 2012 WL 1176119 (9th Cir. April 10, 2012), addressing the reach and scope of the oft-litigated and controversial, Computer Fraud and Abuse Act (CFAA), codified at 18 U.S.C. §… Continue Reading

New Ponemon Data Breach Study Finds Breach Costs Have Fallen

By Richard Santalesa on March 28, 2012 Posted in Breach Notification

Since its first issue seven years ago, the Ponemon Institute’s annual Cost of Data Breach Study (“CDBS”) has become a must read for privacy and breach professionals. The latest CDBS study, covering the 2011 year, can be considered a bookend to Verizon’s annual Data Breach Investigations Report, which 2012 edition was likewise recently released The… Continue Reading

FTC Issues Final Commission Report on Protecting Consumer Privacy

By Richard Santalesa on March 26, 2012 Posted in Privacy Law

Earlier today the Federal Trade Commission issued its long-awaited final report “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers” focusing on three primary principles: 1) Privacy by Design; 2) Simplified Choice for Businesses and Consumers; and 3) Greater Transparency. The vote approving the report was 3-1. Commissioner J. Thomas Rosch dissented from the issuance of the Final Privacy Report.