Frankfurt Kurnit Klein & Selz

Elliott Siebers is an associate in the Privacy & Data Security Group. A former state privacy regulator, he advises on privacy and security issues, including cybersecurity preparedness, breach response, and regulatory investigations. 

Elliott represents organizations from start-ups to Fortune 500s, across a range of industries and on a wide array of matters involving consumer protection, data security and privacy. He has advised international brands, advertising agencies, adtech, media, and interactive entertainment companies, retailers, and telecommunications providers, among others.

With respect to data security, Elliott works with clients to identify and mitigate risks to clients’ sensitive data, and to implement and comply with industry security standards as well as with state and federal requirements, including through data mapping exercises and the development of information security programs and incident response plans. In the event of a security incident, Elliott assists clients with all aspects of a response, including investigation, containment, mitigation, and management as well as vendor selection, notification to affected individuals, regulators, stakeholders, and public relations strategy. He has represented and advised numerous clients in response to state attorney general investigations, as well as regulatory enforcement actions and litigations, with successful results. Elliott leverages his experience as a state privacy regulator to help clients identify and stay ahead of enforcement trends.

With respect to privacy compliance, Elliott helps clients address requirements under constantly evolving privacy laws and regulations, including the California Consumer Privacy Act (CCPA), the European General Data Protection Regulation (GDPR), the upcoming California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCPDA), and Colorado Privacy Act (all effective in 2023), the Children’s Online Privacy Protection Act (COPPA), the Telephone Consumer Protection Act (TCPA), the Health Insurance Portability and Accountability Act (HIPAA), and others. He regularly drafts and negotiates complex agreements involving data, including SaaS, ad tech, and technology agreements, and works with clients to develop internal and consumer-facing policies and procedures, including privacy policies and terms.

Prior to joining Frankfurt Kurnit, Elliott worked as a Deputy Attorney General with the New Jersey Office of the Attorney General, Division of Law. In his last role he served as Section Chief of the Data Privacy and Cybersecurity Section, overseeing a team of attorneys that handled multi-state and New Jersey-initiated investigations into violations of consumer protection law, including the New Jersey Consumer Fraud Act, Identity Theft Prevention Act, HIPAA, and COPPA. In addition to data privacy and cybersecurity matters, he investigated and prosecuted the New Jersey False Claims Act with the Division of Law’s Government and Healthcare Fraud Section. He was lead counsel and co-counsel in complex investigations and litigations relating to government contractor fraud, educational funding and health care fraud, and other consumer fraud matters, including the Opioid Crisis Response Task Force.

Elliott regularly writes on privacy and data security matters, and has spoken at industry conferences including the International Association of Privacy Professionals (IAPP) Global Privacy Summit. Elliott is certified by IAPP as an information privacy professional for the U.S. private sector (CIPP/US) and the European sector (CIPP/EU). He is admitted to practice in New York and New Jersey.