Karen Painter Randall

Karen Painter Randall, formerly Certified by the Supreme Court of New Jersey as a Civil Trial Attorney and a partner at Connell Foley LLP, where she chairs the Cybersecurity, Data Privacy, and Incident Response Group. With extensive experience counseling clients on cybersecurity, data rights, and privacy laws and regulation, Karen provides proactive measures to safeguard the enterprise data, including security assessments, policies and procedures, security awareness training, incident response plans, and cyber liability insurance.

Karen holistically guides a wide array of businesses through the rapidly evolving cybersecurity and privacy space, including GDPR, CCPA, FERPA, HIPAA, PCI DSS, and TCPA compliance. Her clients span multiple industries, from financial services to healthcare, public entities, education, transportation, and retail, as well as lawyers and other licensed professionals.

In addition, Karen serves as incident response counsel for businesses and for cyber liability insurance carriers, leading the incident response effort quickly and efficiently on crippling data breaches and vulnerabilities, particularly those involving insider threats, business email compromise and ransomware attacks. She drives strategic solutions related to post‐breach issues, including forensic and e‐discovery investigations, statutory notification requirements in all 50 states, remediation, class action litigation, Federal Trade Commission (FTC) inquiries or regulatory enforcement actions, and FTC, HHS, and state attorney general investigations. In addition to incident response, Karen has a depth of experience managing third-party vendor risk and drafting vendor agreements.

Karen received three presidential appointments to the American Bar Association’s Cybersecurity Legal Task Force and was recently appointed as the Task Force’s Private Sector Liaison. She is the founder and Chair of the New Jersey State Bar Association Cybersecurity Legal Task Force, and the University of South Carolina School of Law selected Karen to lead its Cybersecurity Legal Task Force and serve as Director of the annual National Cybersecurity Legal Institute. In addition, Karen serves as Chair of the USLAW Network Cybersecurity and Data Privacy Group. Most recently, Karen was appointed to the newly formed New Jersey State Bar Association's AI Task Force, where she will play a pivotal role in shaping the direction of this group's initiatives

A sought-after speaker, Karen presents frequently on a wide range of emerging concerns in the area of cybersecurity and data privacy. She is often quoted in business and trade publication articles on key cyber and data privacy issues, including recently on the issue of safeguarding the online privacy of Federal Judges.

Karen has been honored with the “NJ Digi-Tech Innovators Award" from NJBIZ for both years that the publication has held this program, including the inaugural awards in 2019 when Karen was the only attorney among the 34 honorees selected for this award. 

A Fellow of the American Bar Foundation, Karen was appointed by Chief Justice Stuart Rabner to serve on the Board on Civil Trial Certification. 

Karen's commitment to leadership, frequent speaking, and writing underscore her trailblazing impact on the cybersecurity landscape. 

Representative Experience
Results may vary depending on your particular facts and legal circumstances.

• Insider Wrongdoing: Served as breach response counsel for client related to insider wrongdoing involving unauthorized access to the personally identifiable information of co-workers’ payroll information.
• Website Compromise: Served as breach response counsel for client regarding unauthorized access to client’s website involving the inadvertent disclosure of customer’s personally identifiable information including credit card/payment information.
• Insider Wrongdoing: Served as breach response counsel for client regarding inadvertent disclosure of customers’ banking information requiring notification and regulatory evaluation under Gramm Leach Bliley Act.
• Social Engineering: Served as breach response counsel to provider of MRO whose employee responded Reply All to a phishing email purporting to be from the CEO sending the companies’ W2s for all U.S. based employees for the past two years.
• Insider Wrongdoing: Served as breach response counsel for client related to insider wrongdoing involving the theft of employee personnel files containing personally identifiable information including Social Security numbers, bank account numbers/PINS and protected health information.
• Business Email Compromise: Represented professional clients in external system breaches involving phishing emails wherein funds were fraudulently wired.
• Theft of School Files: Represented school district regarding theft of student IEPs from employee’s vehicle, and advised regarding notification and privacy implications under FERPA.
• Technical Support Compromise: Served as breach response counsel to accounting firm involving a “Microsoft Premium Technical Support” attack compromising the tax returns of its clients.
• Social Engineering/Ransomware:  Served as breach response counsel to a school district infected with malware indicative of two persistent banking Trojans, Emotet and Trickbot wherein the credentials of its employees who entered them into financial institution website and other similar websites were compromised.  This attack was followed by ransomware attack.
• Ransomware: Served as breach response counsel to law firm that was the victim of a ransomware attack (Ryuk), and worked with forensics and bitcoin broker to pay ransom, obtain the decryption key for the return of data and restore.
• Social Engineering: Represented law firm wherein a third-party gained unauthorized access to email account, and advised regarding obligations under applicable state statute and reporting requirements as bankruptcy trustee.
• Social Engineering: Served as breach response counsel to accounting firm involved in a third-party gaining unauthorized access to email account and firm’s portal storing confidential client PII information. 
• HIPAA: Represented physical therapist facility related to former employees downloading patient information prior to departure and advised on applicable state statute and HIPAA requirements.
• HIPAA:  Represented third-party organization that uses data analytics to promote patient safety and quality healthcare to advise them on potential HIPAA violation associated with information provided from a covered entity.
• Social Engineering: Represented service provider to insurance carriers in connection with processing premium payments under their Pay-As-You-Go workers compensation policy involved in a social engineering attack, which resulted in unauthorized access to PII and PHI information contained within an employee’s email account.  Data mining services were deployed.
• Ransomware: Served as breach response counsel to a school district infected by the Sodinokini strain of ransomware.  Because their back-up was also encrypted we helped to facilitate the payment of ransom to the attacker in return for the decryption key to its files.
• Ransomware: Served as breach response counsel to a school district infected by the Sodinokini strain of ransomware.  The school district maintained sufficient back-up and avoided having to pay the ransom demand.
• Ransomware: Served as breach response counsel to a school district infected by the Phobos strain of ransomware.  The school district maintained sufficient back-up and avoided having to pay the ransom demand.
• Served as incident response counsel to a billion dollar food service company that was the victim of wire fraud. 
• Served as incident response counsel to a national electric company who suffered a ransomware attack.
• Served as incident response counsel to a school district infected by ransomware.  The school district maintained sufficient back-up to avoid paying the ransom.
• Served as incident response counsel and provided recommendation regarding its regulatory obligations to an insurance company whose policyholders’ personal information may have been accessed without authorization as a result of a wire fraud scheme impacting a third-party vendor.

Professional Affiliations

• International Association of Privacy Professionals (IAPP)
  • Member
  • Co-chair, New Jersey KnowledgeNet Chapter
• Bloomberg BNA Cybersecurity and Data Privacy
  • New Jersey Contributing Practitioner
• USLAW NETWORK, Inc.
  • Chair, Data Privacy and Security Practice Group
    • Co-chair and Instructor, Cybersecurity and Privacy Bootcamp
  • Chair, Professional Liability Practice Group
  • Women's Connection Leadership Committee
  • National Chair, Fall Conference
  • Speaker
    • Managing Partner Forum
    • TELFA Crossborder Meeting
    • Women's Connection Conference
    • Practice Group Exchanges
  • Author
    • USLAW Magazine
    • Digi-Know
• American Bar Association
  • Presidential Appointments
    • Standing Committee on Lawyers' Professional Liability
    • Cybersecurity Legal Task Force 
      • Private Sector Liaison
  • Professional Liability Litigation Committee
    • Attorneys' Liability Subcommittee
  • Contributor, LPL E-Advisory  (Legal and Cyber)
  • Section Member, Science and Technology Law
• Association of Corporate Counsel (ACC) Foundation
  • Advisory Board Member, 2019 ACC Foundation Cybersecurity Summit
• New Jersey State Bar Association
  • Artificial Intelligence in the Law Task Force 
  • Founder and Chair, Cybersecurity Legal Task Force

• University of South Carolina School of Law

  • Chair, Cybersecurity Legal Task Force
  • Director, Cybersecurity Institute
  • Adjunct Professor, Cybersecurity
• University of South Carolina
  • Member, College of Arts and Sciences Board of Visitors
• Claims and Litigation Management Alliance
  • Member, Cyber Liability Committee
  • Co-chair, 2016 Cyber Liability Summit in New York City 
  • Northeast Regional Chair
  • New Jersey State Chair
  • President, Northern New Jersey CLM Chapter
  • American Law Journal - Professional Liability Editorial Board
  • Contributor, Around the Nation Newsletter
• Defense Research Institute (DRI)
  • Professional Liability Advisory Committee
  • Data Breach and Privacy Law Committee
• Healthcare Information and Management Systems Society (HIMSS) - NYS Chapter
  • Member, Security & Privacy Committee
    • Legal/Regulatory Subcommittee
• Supreme Court of New Jersey, Board on Trial Certification
  • Board Member, Appointed by New Jersey Chief Justice Rabner
• National Association of Women Lawyers
  • National Mentor
• Professional Liability Underwriters' Society
• New Jersey Business and Industry Association
  • Law and Technology Section

Certified by the Supreme Court of New Jersey as a Civil Trial Attorney (1992-2022)

Fellow, American Bar Foundation

NJBIZ

• Leaders in Law (2021)
• NJ Digi-Tech Innovators Awards (2019, 2021)
• Best 50 Women in Business (2012)

ROI-NJ "Influencers"

• Law (2022)
• Women in Business (2021, 2022)

University of South Carolina, College of Arts and Sciences Dean’s Award (2020)

Diverse Attorneys of the Year, New Jersey Law Journal (2017)

New Jersey’s Women Leaders in Law, Complex Litigation (2013)

National Finalist, CLM Litigation Management Professional of the Year (2012)

New Jersey Super Lawyers (2011-2023)

• Top 50 Women, New Jersey Super Lawyers (2016-2021)
• Top 100, New Jersey Super Lawyers - (2020, 2021)

Prominent Woman Among Women and Minority Attorneys in New Jersey, New Jersey Law Journal

_{Please see Honor and Award Methodology. No aspect of this advertisement has been approved by the Supreme Court of New Jersey.}