Rick Borden is a partner in the Privacy & Data Security Group. With decades of experience both at firms and in-house, Mr. Borden translates privacy and data security requirements into budget-friendly operational solutions, advises on risk management, audits and incidents, and helps clients commercialize data and innovation.
Mr. Borden regularly represents FinTech, InsurTech, Software as a Service (SaaS), cloud computing, and other tech-forward companies on technology transactions, and privacy and data security issues. With a laser focus on data flows and a full understanding of operations, IT and the legal landscape, he translates complex risk discussions into plain English, and right-sizes mitigation strategies so that they fit with corporate budget and staffing limitations. Mr. Borden’s experience on both the customer and vendor side enables him to advise general counsel, boards of directors, and CEOs, CIOs, CTOs and other C-Suite executives on risk and incident response. He also interfaces with technology departments, advising them on how technology implementations and programs may expose companies to risk. Mr. Borden’s skill-set and experience is unique.
With comprehensive knowledge of fast-evolving state and federal regulation, Mr. Borden advises clients on data compliance programs, audits, and government compliance reviews. He drafts privacy policies and cybersecurity compliance documents, and assesses data sharing, protection and the collection and use of employee and consumer personal data. He works with clients to develop bring-your-own-device and mobile computing policies and provides privacy and data protection legal analysis and compliance counseling. In his data breach practice, he regularly advises on investigations, insurance coverage and claims, reporting and notification, and post-breach penalties and audits. He is currently helping clients comply with the New York State Department of Financial Services Cybersecurity Regulation, SEC Cybersecurity Rules and enforcement, the wave of new state privacy laws coming out of California, Virginia, Colorado, Utah, and Connecticut, and emerging issues with new Consumer Financial Protection Bureau rules for digital marketing agencies.
Mr. Borden understands that data is often a company’s most significant asset, and he represents clients structuring long-term collaborations to develop and commercialize their data and innovation. This experience includes artificial intelligence, SaaS and cloud contracting; data monetization agreements, joint ventures and strategic alliances; dispute avoidance and dispute resolutions relating to outsourcing; and blockchain, encryption and cryptography initiatives.
A well-known thought leader in data governance, cloud computing, SaaS, and the Internet of Things, Mr. Borden speaks and writes about these topics regularly and was named a JD Supra Readers' Choice Awards Top Author for cybersecurity. He has taught courses on information governance, cyber warfare and cybersecurity at the University of Connecticut School of Law, Benjamin N. Cardozo School of Law, and Rutgers Law School. He serves on the Board of Editors of the Journal of Law and Cyber Warfare and is a Senior Advisor to the RANE Networks. In addition to his work for law firms, corporations, and schools, Mr. Borden is also an inventor who holds several patents related to insurance claims processing and medical monitoring via mobile devices.
Mr. Borden’s representative matters include:
- Structuring loans of up to $250M using data and cloud infrastructure as collateral.
- Representing a Registered Investment Advisor in a major cybersecurity investigation by the New York State Department of Financial Services.
- Negotiating a SaaS agreement for transaction reporting for a blockchain-based gold purchasing platform.
- Representing a major FinTech company in a third party cybersecurity incident and related securities disclosure.
- Drafting comments to SEC Cybersecurity Rules.
- Drafting comments for the insurance industry on CPRA Rules.
- Drafting and implementing information security programs under GDPR.
- Developing cybersecurity policies, and training, awareness, monitoring and testing programs for a financial services corporation.
- Restructuring the privacy department for a major corporation.
Prior to joining Frankfurt Kurnit, Mr. Borden held senior positions at major law firms, and in-house legal and technology positions at companies including Bank of America, The Hartford, ORock Technologies, and the Depository Trust & Clearing Corporation, among others.
He is admitted to practice in New York and Connecticut.
awards & recognition
JD Supra Readers' Choice Awards Top Author (Cybersecurity)
New York University School of Law (J.D., 1990)
Amherst College (B.A., 1987)
Upcoming Speaking Engagements
Past Speaking Engagements
Cybersecurity, Privacy and Data Protection
Rick Borden is a panelist during the New York City Bar program, “Cybersecurity, Privacy and Data Protection.”
January 31 2023
Potential Pitfalls of Cloud Computing
Rick Borden is a speaker during the webinar, “Potential Pitfalls of Cloud Computing” hosted by Thomson Reuters (WestLegalEd), Global Cyber Institute, and Lexeprint.
December 1 2022
Global Legal ConfEx: GRC, Data Privacy & Cyber Security
November 17 2022
Consumer Privacy: What You Need to Know About the New State Privacy Laws
Rick Borden presents, "Consumer Privacy: What You Need to Know About the New State Privacy Laws (Part 1 and Part 2)" at the ANA Masters of Advertising Law Conference in Hollywood, Florida.
November 8 2022
news & press
Crypto Hack Lawsuits Rise as Theft Victims Try Untested Claims
Bloomberg Law quotes Rick Borden on arbitration provisions relating to lawsuits filed against cryptocurrency exchanges, digital wallet providers, and mobile service companies following cyberattacks. Read more.
Cyber Security Regulatory Risk Management
Hottest Firms and Stories on Law360 November 2022
New York Regulator Says Even One Access Control Failure Can Invalidate Years of Compliance Certifications
The New York Department of Financial Services (“NYDFS”) recently entered into a Consent Order (the “Consent Order”) with EyeMed Vision Care LLC (“EyeMed”) over violations of the agency’s Cybersecurity Requirements (23 NY CRR Part 500) (“Part 500”). Read more.