Mark Paulding


Partner, DC Office

O:(240) 561-7455 C:(202) 288-9549




About Mark

Mark Paulding advises clients on data security, privacy, and consumer protection matters. His practice includes conducting privacy and security risk and compliance assessments; development of security programs, policies, and procedures; development of privacy policies and procedures; security incident investigation, response, and reporting; and development and implementation of web content accessibility policies and procedures.

Mark is extremely knowledgeable about privacy matters. He monitors developments and trends in the privacy space closely and is able to bring clarity to novel issues even in the face of ambiguous and, at time, conflicting laws and regulations. His advice is always prompt, thorough and, perhaps most importantly, practical.
— Happy Client


  • Preparing privacy policies and terms of use for websites and mobile applications published by a wide variety of organizations.
  • Conducting privacy assessments for online and offline businesses, including performing data mapping analyses.
  • Drafting and counseling on data security policies, procedures, and guidelines.
  • Conducting cybersecurity risk assessments and compliance audits.
  • Drafting and negotiating agreements affecting privacy and security of sensitive personal information of consumers and/or employees.
  • Assisting clients with investigation of data breaches and, when appropriate, notification to government regulators and affected consumers.
  • Counseling clients regarding website accessibility and compliance with the Americans with Disabilities Act and Web Content Accessibility Guidelines.
  • Advising clients that process payment card transactions regarding compliance with PCI-DSS.
  • Counseling clients regarding compliance with the Fair Credit Reporting Act concerning collection and use of consumer information for fraud prevention, identity verification, and assessing creditworthiness.
  • Representing clients in data privacy and consumer protection investigations and enforcement actions by federal and state regulators.
  • Counseling clients regarding compliance with the Computer Fraud and Abuse Act and Wiretap Act, and similar state laws, concerning interception and analysis of information transmitted over private and public networks.


District of Columbia, 1999

Maryland, 1998 (inactive)



Princeton University, A.B. 1994

Harvard Law School, J.D. 1998