Tara Swaminatha

Tara M. Swaminatha

Partner

Tara Swaminatha is a member of the Data Privacy & Cybersecurity Practice. She represents clients in the healthcare, financial, technology, insurance, media and entertainment, shipping and logistics, retail, aerospace and nonprofit sectors. Tara has acted as outside cybersecurity counsel on some of the most significant data breaches in recent years and has defended clients against federal, state and international regulatory actions and related litigation.

During her time in private practice, Tara has advised multinational companies on cybersecurity liability risk assessments, internal compliance measures and incident response protocols. In the instance of security or privacy incidents, Tara led an incident response effort and served as her client’s subject matter expert. Her extensive knowledge of how digital evidence may be used to prove facts litigation in security incidents has enabled her to minimize her clients’ litigation exposure during incident responses, investigations and data breaches.

At the Department of Justice (DOJ), Tara directed technical forensic investigations for federal law enforcement agencies, assisted prosecutors and investigators across the country with computer crime-related cases, and prosecuted IP crimes to combat massive online piracy of entertainment software, motion pictures and business software. Adding to her legal dexterity, Tara’s clients benefit from her technical understanding of cybersecurity methods and issues, having been the Information Security Administrator for the International Finance Corporation (IFC), part of the World Bank Group, built networks and conducted application security risk assessments while working at a boutique security firm prior to becoming a lawyer. Tara helped implement the IFC’s first information security policy for 3,000 employees worldwide.

In addition, Tara commits to considerable pro bono and volunteering activities. She represents pro bono juvenile clients seeking asylum and represents the National Association for the Education of Young Children on data governance and other matters. An active member of her community, she is a board member for the Hearing & Speech Center at Children’s National Medical Center and helps mentor families with children with hearing loss.

Tara is a frequent speaker on and writes extensively on security, privacy and cybercrime issues, having written one of the first textbooks on wireless security privacy and contributed to the National Association of Corporate Directors' Handbook on Cyber-Risk Oversight (2017 edition). She serves as an Adjunct Professor at George Mason University Law School where she teaches Computer Crime Law. She is also recognized in The Legal 500 for Cyber Law, where she is “commended for her experience in high-profile data breach investigations and “understands forensics and is able to digest technical reports in a meaningful and actionable way.”

Explore

  • Represented national and global companies in incident response, internal investigations following actual and alleged security incidents involving theft of corporate sensitive information and consumer information (including financial records, payment cards, SSNs, access credentials and PHI).
  • Advised boards of directors on corporate governance responsibilities relating to cybersecurity, brand and reputational harm, class action and regulatory liability.
  • Serve as cybersecurity legal subject matter expert in class action defense for major data breach and security incidents and federal regulatory investigations.
  • Directed cybersecurity assessments for large organizations to determine cybersecurity maturity and associated possible liability.
  • Represented multiple companies in wire transfer fraud phishing attacks resulting in loss of significant company funds.
  • Developed technical and operational policies and protocols for multiple large clients to reduce cybersecurity and privacy risks with consumer data.
  • Conduct privileged assessment of encryption algorithms and methodologies used to de-identification and anonymize data.
  • Represented multiple franchisors during franchisee data breaches.
  • Advise franchisors on legal risks associated with franchisee cybersecurity programs.
  • Directed privacy and security assessment for financial institution in encryption methodology used to de-identify and anonymize billion-record data sets.
  • Directed cybersecurity remediation efforts for technology, aerospace, insurance, healthcare, financial services and other companies.
  • Counseled multiple clients on legal risks associated with BYOD, remote access, insider threats.
  • Represent client conducting online undercover investigations for data breach victims.
  • Represent emerging growth cyber insurance company.
  • Direct cybersecurity risk assessment and development remediation for IoT start-up.
  • Represented international communications hardware company whose confidential information was compromised.
  • Represented non-profit institution in investigation of compromised social security information affecting its members and employees.
  • Advised networking infrastructure company in developing technical global privacy compliance strategy.
  • Counseled companies in cybersecurity incident response planning, and facilitated tabletop exercises.
  • Represented software application company following theft of source code by competitor.
  • Represented multiple service providers in responding to federal, state and local law enforcement requests to disclose customer records under the Electronic Communications Privacy Act and Stored Communications Act.

Education

  • Georgetown University Law Center, J.D., cum laude, 2005
  • University of Virginia, M.T., 1999
  • University of Virginia, B.A., with high distinction, 1998

Admissions

  • District of Columbia, 2008
  • Virginia, 2006
  • Named a 2017 Cybersecurity & Data Privacy Trailblazer by the National Law Journal

{{insights.date}} {{insights.source}} {{insights.type}}

  • Author, “Microsoft-Ireland: Decision underscores tension between privacy principles and the digital environment,” JDSupra, July 19, 2016.
  • Author, “Cybersecurity: past is prologue,” JDSupra, March 26, 2016.
  • Author, “Benchmark surveys: GCs, executives not prepared to defend against cyber breaches – key protective steps,” JDSupra, November 17, 2015.
  • Author, Plan now to use off-band communications during an incident response: key points,” JDSupra, October 27, 2015.
  • Author, Wire transfer phishing - an old scam returns: simple steps to protect your organization,” JDSupra, August 12, 2015.
  • Author, “New US sanctions program to combat cybercrimes: 3 action steps for tech companies,” JDSupra, April 21, 2015.
  • Author, “So You Think You Have a Point of Sale Terminal Problem?” Technology's Legal Edge, September 22, 2014.

  • Speaker, “Global Compliance Forum: Minimizing Risk to Protect Your Business Interests,” Squire Patton Boggs, November 1, 2017
  • Panelist, “Responding to a Data Breach: How to Run a Cyber Investigation and Learn from the Breach,” Georgetown Law Cybersecurity Institute, May 25, 2016.
  • Panelist, “Cybersecurity Law 301,” BCBS 50th Annual Lawyers Conference, May 18, 2016.
  • Panelist, “Cyber Security & NGOs: What Do You Need to Know,” Interaction (largest alliance of NGOs), Cyber Security & NGOs: What Do You Need to Know, April 20, 2016.
  • Panelist, “The Emergence of Cyber Deterrence, Implications for International Law,” American Society of International Law Annual Meeting, March 31, 2016.
  • Panelist, "The Role of In-House Counsel in Cybersecurity in Both the Pre-and Post-Breach Worlds,” 11th Annual General Counsel Institute, National Association for Women Lawyers, November 6, 2015.
  • Speaker, “In a Flash! A Lesson in Cybersecurity,” (CLE on cyber governance and internal investigations) multiple clients' legal departments, October 2015.
  • Moderator, "They keep fighting the good fight: Law enforcement success stories in cybercrime cases and efforts to protect victim companies,” Blue Cross Blue Shield Association Legal Department Cooperative Cybersecurity Summit, September 29, 2015.
  • Panelist, "Law Forum Symposium: Refining Maryland Law in a Technological World," University of Baltimore, November 2014.
  • Speaker, "Are You Prepared for a Data Breach?" Webinar for ICR, October 2014.
  • Speaker, “Managing Cybersecurity Risk – Governance, Incident Response and Supply Chain/Vendors,” The Marbury Institute, July 17, 2014.
  • Speaker, "US Cybercrime Law and Investigations," Shanghai Prosecutorial Delegation for Office of Global and International Strategies seminar, George Mason University, December 2013.