MENU
Senior Counsel

Kenneth N. Rashbaum

212.885.8836 krashbaum@bartonesq.com
Senior Counsel

Kenneth N. Rashbaum

212.885.8836 krashbaum@bartonesq.com
View All Attorneys

Kenneth N. Rashbaum advises multinational corporations, financial services organizations, life sciences organizations, and other businesses that collect, use, and share electronic information in the areas of artificial intelligence (AI) and machine learning, privacy, cybersecurity, e-discovery and electronic evidence issues for litigation and regulatory proceedings and information management. He counsels these entities on information governance and compliance with federal, state, and non-U.S. laws and the interface of e-commerce and legal and regulatory liabilities in areas such as cybersecurity and breach response. Ken has vast experience in preparation and negotiation of technology contracts, including service level agreements and license agreements relating to compliance with data protection and privacy laws in the U.S. and other countries.

In his artificial intelligence practice, Ken:

  • Drafts AI acquisition, deployment and use policies for clients, including law firm clients.
  • Drafts template data share and service agreements for transactions between customers and mid-sized AI providers.
  • Reviews and negotiates agreements for acquisition and deployment of AI models.
  • Provides counsel and opinions on questions of cyber risk and technology errors and omissions insurance coverage for claims arising from uses of AI models.
  • Revises privacy notices and policies for national and multinational organizations to comprise transparency in uses of personal data for training of AI models.
  • Prepares and presents corporate training materials comprising evaluation of prospective AI models and deployment, use and performance monitoring of those models.

The syllabus for the technology law class Ken teaches as an adjunct Professor at Fordham Law School includes the above areas as well as trends in US state laws and regulations and non-US laws, such as the EU AI Act, and admissibility of AI-generated or AI-enhanced evidence.

Ken also advises clients in the preparation of applications for privacy and cyber liability and technology errors and omissions insurance, assists them in preparation of information controls required by those applications and provides advice concerning proposed insurance policies. He leads information security and data breach response assessments, investigations, and remediation initiatives; prepares policies for social media legal and regulatory compliance; and represents technology and life sciences organizations in federal and state investigations and audits, and in litigation.

In his capacity as a nationally known expert on healthcare privacy, Ken counsels healthcare organizations on compliance with federal, state and judicial standards governing protected health information. He has served as HIPAA and privacy counsel to major hospital systems, health plans, physicians’ groups, cloud computing providers and health information application developers; advised academic hospital systems on protocols for implementation of security and privacy controls in electronic health records; and provided counsel on risk management issues in access, uses and disclosures of electronic patient information.

In 2019, Ken served as a special consultant to the New Jersey Assembly assisting in the preparation of a bill that, if passed, would have become New Jersey’s first comprehensive privacy and cybersecurity law. Ken testified as a cybersecurity and privacy expert before the New Jersey Homeland Security and State Preparedness Committee.

Ken is an Adjunct Professor of Law at Fordham University School of Law and had been a member of the Adjunct Faculty at the Maurice A. Deane School of Law at Hofstra University from 2013 – 2015.

Prior to joining Barton, Ken was a senior litigation partner in the New York office of Sedgwick LLP (formerly Sedgwick, Detert, Moran & Arnold) where he was the Founding Co-Chair of the E-Discovery, Compliance and Data Management and HIPAA Practice Groups.

Practices

Artificial Intelligence Banking and Finance Cybersecurity, Data Privacy, GDPR Compliance Insurance Securities Litigation, Regulatory Investigations, and Enforcement White Collar Defense
Practices

Industry Experience

Art, Fashion, Beauty, and Design Cannabis Finance Healthcare Manufacturing and Distribution Media and Publishing Real Estate Technology
Industry Experience
B
Practices
Industries
Admissions
  • New York State
  • U.S. District Courts: Southern, Eastern, Northern and Western Districts of New York
  • U.S. Court of Appeals, Second Circuit
Education
  • J.D., Hofstra University School of Law
  • B.A., State University of New York at New Paltz, summa cum laude

Honors

  • 2026 Legal 500 US Elite rankings: New York Elite – Cybersecurity and Data Protection
  • Selected to Fellows of the American Bar Foundation
  • Selected to Super Lawyers, 2018 to present
  • Team In Training, Leukemia and Lymphoma Society, Boston Marathon 2014
  • Past Member, Charter Revision Commission, South Orange, New Jersey

Memberships

  • American Bar Association
  • International Association of Privacy Professionals
Presentations
  • “Building an AI Business Case.” Speaker. Society of Corporate Compliance and Ethics (SCCE) New York Regional Conference. Hosted and sponsored by Fordham University. (December 12, 2025).
  • “The Potential Downsides of AI – Ethics, Bias, Discrimination, and Liability.” Panelist. New Jersey Hospital Association’s Conference on “AI in Healthcare.” Princeton, NJ. (October 15, 2025).
  • “What Comes After Discovery? How Providers Can Help Meet the Unique Admissibility Challenges of AI-Based or Enhanced Evidence.” Speaker. Webinar by myLawCLE. (September 11, 2025).
  • “The Global Privacy Playlist: Key Legal Updates and Best Practices.” Panelist. Association of Corporate Counsel. (June 26, 2025).
  • “Strategic Compliance: Adapting to the DOJ’s Bulk Data Transfer Restrictions.” Panelist. Association of Corporate Counsel. (June 17, 2025).
  • “Behind the Scenes with AI Entrepreneur, Sean Williams: Fireside Chat & Networking Reception.” Moderator. Hosted by BritishAmerican Business. (May 8, 2025).
  • “Forging Strategic AI Partnerships in the Life Sciences: Building Success from Research to Implementation.” Panelist. American Conference Institute’s 2nd Annual Life Sciences AI Summit. Hosted at the NYC Bar Association. (February 21, 2025).
  • “Ethics and Compliance in the Age of Technology’s Constant Evolution: Business, Regulatory and Statutory Data Privacy and Security Trends.” Panelist. Society of Corporate Compliance and Ethics (SCCE) NY Regional Conference. Hosted by Fordham University. (December 13, 2024).
  • “The Business of Law: Change Management for Lawyers.” Fordham Law School. (April 5, 2024).
  • “Ethics Standards in Technology.” CLE on Ethics, Cybersecurity, and Forensic Accounting. Hosted by Rechtman Consulting. (April 4, 2024).
  • “New SEC Cyber Disclosure & CISA Reporting Rules Pose Challenges: Defining the Regulatory Risks & Exposures to Lawyers, Firm Management & Clients.” Webinar. Speaker. Hosted by Global Cyber Risk Advisors Corp. (February 20, 2024).
  • “Doing Business in AI.” Primerus International Practice Committee Meeting. (January 23, 2024).
  • Faculty member. Association of Corporate Counsel’s In-house Counsel Certification Program. (November 28-December 1, 2023).
    • “Compliance, Ethics, and Legal Risk Management.”
    • “Managing Stakeholder Expectations.”
    • “Making the Law Department a Revenue Facilitator: Business Opportunities of Cybersecurity.”
    • “Developing an Effective Compliance Program.”
    • “Developing a Crisis Management Plan.”
  • “Real-World Cyber Risks for Attorneys and How They Can Protect Themselves: A Practical Guide to Crafting and Implementing Data Protection Controls and Meeting Technology Ethics Requirements.” Panelist. CLE Webinar hosted by the International Intellectual Property Society (IIPS). (September 7, 2023).
  • “Introduction to EU General Data Protection Regulation: Planning, Implementation, and Compliance.” Panelist. Webinar produced by Financial Poise and West LegalEdcenter. (September 6, 2023).
  • “Do You Have Insurance Coverage for that Fingerprint?: Liability and Insurance Issues Arising out of Biometrics.” Webinar hosted by Anderson Kill. (July 25, 2023).
  • “Realizing Benefits from Data Protection, the Inflation Reduction Act and Climate Crisis (Equator Principles and ESG).” Panelist. Primerus International Summit. New York, NY. (May 5, 2023).
  • “A Blessing in Disguise: Why Employers Should Welcome the FTC’s Proposed Non-Compete Ban.” Monthly Legal Update, ACC ILAN. (January 27, 2023).
  • “Privacy and Cybersecurity: Data Protection as an Opportunity and a Challenge in 2023.” ‘Bridge the Gap’ CLE Program. Hosted by Fordham University School of Law. (January 13, 2023).
  • “The Impact of Cybersecurity Controls on the Duties of Confidentiality and Communication with the Board and Senior Management.” Annual IBM Ethics Webinar, in partnership with ACC WESTSCT. (November 16, 2022).
  • “Understanding and Preparing for the New SEC Cybersecurity Regulations.” Webinar. Presented by Control Risks. (November 14, 2022).
  • “Data Privacy and Cybersecurity Update.” Panelist. Association of Corporate Counsel Annual Meeting. Las Vegas, Nevada. (October 24, 2022).
  • “Importance of Cybersecurity to Protect your Firm and your Clients.” Speaker. Round table discussion. 2022 Primerus Global Conference. San Diego, California. (October 22, 2022).
  • “Cybersecurity: Risks, Controls, and Advice for Client Service.” Panel member. Webinar. New York State Society of CPAs (NYSSCPA). (June 21, 2022).
  • “From Strategy to Tactics: Data Remediation at Private Equity and Hedge Funds.” Panelist. Webinar. Hosted by HaystackID. (April 20, 2022).
  • “Cybersecurity – Is Your Company Protected?” Panel Member. Primerus International Summit. Washington, D.C. (April 9, 2022).
  • “Data Privacy in 2021 and Beyond: Business Opportunities and Challenges.” Association of Corporate Counsel – Westchester/Southern Connecticut Chapter. CLE Seminar. (December 1 & 8, 2021).
  • “THE CYBERATTACK ATE MY LEGAL ADVICE: The Impact of Cybersecurity Controls on Legal Professional Privilege and the Duty of Confidentiality.” Association of Corporate Counsel Westchester-Southern Connecticut. CLE Webinar. (October 19, 2021).
  • “Privacy Beyond the GDPR and CCPA.” Association of Corporate Counsel International Legal Affairs Network. Webinar. (October 5, 2021).
  • “Legal Considerations for Doing Business in the US.” BritishAmerican Business’ Accelerate Program Series. Webinar. (September 30, 2021).
  • “How are firms handling cyber compliance internally, and how might it be a business tool to retain existing clients and win new clients?” Primerus, Coffee & Conversation Series. (July 12, 2021).
  • “What Is A Top Concern For Clients And Their In-House Counsel?” Primerus. (June 29, 2021).
  • “Practical Solutions to Managing Third-Party Cyber Risk.” Barton LLP & Global Cyber Risk Advisors Corp. (June 23, 2021).
  • “Certificate Program Offering a Deep Dive into Global Privacy Laws, Compliance Strategies & Case Studies.” Seton Hall Law. (June 15-18, 2021).
  • “Privacy Versus Discovery: GDPR, the Electronic Information Storage Act and Other Issues.” American Bar Association First Annual Virtual International Litigation Skills Conference. (May 26-7, 2021).
  • “The Duty of Technological Competence and Other Ethical Issues Relating to Technology and Law Practice.” Gibbons Institute of Law, Science & Technology / Seton Hall Law seminar. (April 29, 2021).
  • “Challenges of Privacy, Cybersecurity and Artificial Intelligence: Avoiding Discriminatory Impact.” International Law Section of the American Bar Association Virtual Conference. (February 10, 2021).
  • “Do the Right Thing in Cyberspace: Meeting Ethics Challenges When Practicing Across the Bandwidth.” Association of Corporate Counsel – Westchester/Southern Connecticut chapter. (October 20, 2020).
  • “Unlocking the Full Value of First-Party Data.” BritishAmerican Business webinar. (September 23, 2020).
  • “Privacy Shield Ruled Invalid by CJEU in Schrems II: Where do we go from here?” Primerus. (August 4, 2020).
  • “To Trace or Not to Trace?: Compliance in the Era of COVID-19 and Remote Surveillance.” Primerus. (July 21, 2020).
  • “To Trace or Not to Trace?: Compliance in the Era of COVID-19 and Remote Surveillance.” Association of Corporate Counsel’s “Quick Hits” Webinar. (July 8, 2020).
  • “Cyber Compliance & Its Impact on Litigation: Discovery.” Primerus. (June 2, 2020).
  • “Pandemics and Logistics – Meeting the International Supply Chain Challenges of the COVID-19 Crisis.” American Bar Association Section of International Law. Webinar. (April 21, 2020).
  • “How Does the New NYS Cybersecurity and Privacy Law (SHIELD Act) Impact Your Business?” Barton LLP & the International Legal Technology Association. (February 11, 2020).
  • “GDPR & CCPA Are Fueling High Demand for On-Point RegTech Solutions.” Thomson Reuters Panel, LegalWeek 2020. New York, New York. (February 4, 2020).
  • “Real Estate Owners, Developers and Operators: Is Your Tenant and Property Information Secure?” EisnerAmper Seminar. New York, New York. (June 19, 2019).
  • “Business in 2019 is Global and the Only Constant is Change: The Legal & Regulatory Landscape of Transactions Across Borders.” DiscoverBetterLaw Seminar. New York, New York. (June 10, 2019).
  • “A Resilient Privacy Program in Today’s Climate.” Crowe Risk Consulting Group New Jersey Roundtable. Upper Montclair, New Jersey. (May 8, 2019).
  • “21st Century Business Technologies and Legal Guidance to Facilitate Them: Blockchain, Smart Contracts, Artificial Intelligence and Machine Learning.” 2019 Primerus International Convocation. Miami, Florida. (May 3, 2019).
  • Section Council Policy Deliberations. ABA International Section Annual Meeting. Washington, D.C. (April 8-11, 2019).
  • “Connecting Bridges and Borders: Company Collaboration in Today’s Competitive Market” Conference. Budapest, Hungary. (October 16, 2018).
  • “General Data Protection Regulation: A Corporate Counsel’s Guide to Advising their Clients on GDPR.” Global Cyber Institute Webinar. (June 8, 2018).
  • Testified before the New Jersey Homeland Security & State Preparedness Committee. (May 22, 2018).
  • “Don’t Stop at HIPAA.” Esentire Webinar. (May 31, 2018).
  • “GDPR: A European Privacy Conundrum or a Business Opportunity for US Companies?” Clear Law Institute Webinar Series. (January 8, 2018).
  • “Cybersecurity Regulations for Financial Services.” Investment Adviser Association Webinar Series. (April 20, 2017).
  • “Cybersecurity 2.0: What Can Boards Do Besides Lose Sleep?” National Association of Corporate Directors, New Jersey Chapter. (February 2017).
  • “Managing Information Risk in an Evolving Regulatory World.” Legal Tech New York. (February 2017).
  • “Episode 9: Pokemon Sun and Moon Leaks.” Fordham Intellectual Property, Media & Entertainment Law Journal Podcast. (November 2016).
  • “Technology and the Law: Adapting and Providing Value, a Conversation with Kenneth Rashbaum.” Legal Marketing Studio Podcast. (October 31, 2016).
  • “Defending and Enhancing Operational Integrity in Today’s Cybersecurity Landscape.” Minolta Konica All Covered Cybersecurity Program. Microsoft Event Center, New York, NY. (October 26, 2016).
  • “Complex Litigation Of Cyber Security Issues.” NJICLE Cyber Security Law Conference. New Brunswick, NJ. (June 14, 2016).
  • “Advanced Cybersecurity Law.” Pennsylvania Bar Institute. Philadelphia, PA. (June 1, 2016).
  • “Cross-Border Discovery and Information Management Times Are A-Changing.” Ing3nious Southeast eDiscovery and Information Governance Retreat. Atlanta, GA. (May 22-23 2016).
  • “Managing Vendor and Business Partner Cybersecurity Risks and Liabilities” Clear Law Institute. Philadelphia, PA. (April 26, 2016).
  • “What Happened to the US/EU Safe Harbor? The Tension Between Privacy and Business Efficiency for Multinational Companies.” LegalTech 2016. (February 4, 2016).
  • “Game Changer: Effects of the EU Safe Harbor Decision.” LegalTech 2016. (February 3, 2016).
  • “Cyber Security and Social Security.” New Jersey Society of CPAs. (January 7, 2016).
  • “Cyber Security in Health Law: Protecting Patients and Providers.” New York Law Journal Webinar. (October 20, 2015).
  • “Cyber Fraud: Fight Back!” REBNY. New York, NY. (April 23, 2015).
  • “eDiscovery Speaker Series: Responding to Government Investigations.” Driven Inc. Speaker Series. New York, NY. (April 22, 2015).
  • “Department Store Issues.” Federal Bar Association’s Fashion Law Conference. New York, NY. (March 20, 2015).
  • “Aligning the Values and Costs of Litigation Services.” Managing Litigation as a Business. Houston, TX. (February 18, 2015).
  • “The New Normal: Revisiting the Transatlantic Relationship.” International Bar Association Conference. New York, NY. (January 29, 2015).
  • “Ethics Challenges in Management of IP Litigation.” Managing Litigation as a Business. Phoenix, AZ. (January 22, 2015).
  • “Lock Out Cyber Crime: A Cybersecurity Workshop.” Barton LLP and CSA2. New York, NY. (January 13, 2015).
  • “Exploring the Security of the Internet of Things: Trust Comes First.” Internet of Things Innovation Summit. CLSA. New York, NY. (December 12, 2014).
  • “Do You Know Where Your Data Is: A Cybersecurity Workshop.” Barton LLP and CSA2. New York, NY. (December 8, 2014).
  • “Healthcare Regulatory and Litigation Readiness.” RVM Education Center. New York, NY. (September 18, 2014).
  • “HIPAA & Secure Information Governance – Myths, Realities & Practical Solutions.” Webinar. (September, 2014).
  • “Knowledge Group: Cyber Insurance – What You Need to Know in 2014.” Webinar. (July, 2014).
  • “Do the Right Thing in Cyber-Space: Ethics in the Digital Age.” Chicago Bar Association. Chicago, IL. (September, 2013).
  • “Cyber-Security: Legal Obligations, Precautions and Best Practices.” ABA Section of International Law-Israel Bar Association Joint Conference. Eilat, Israel. (May 2013).
  • “First Do No Harm: Preserving and Admitting Foreign ESI.” Georgetown Advanced e-Discovery Institute. (December, 2012).
  • “Silicon Alley South: Cyber-Compliance and Risk Management For the Burgeoning Technology Sector in South and Central America.” American Bar Association Section of International Law, Fall Meeting. (October, 2012).
  • “Where Are Your Data Tonight? Social Media and Economic Espionage.” American Bar Association Section of International Law, Spring Meeting. (April, 2012).
  • “Privilege In Electronic Communications.” New York City Bar Association. (February, 2012).
  • “Customs Stations On The Life Sciences Information Highway: Trans-Border Privacy and Data Protection.” New York State Bar Association-Ontario Bar Association Meeting. Toronto, Ontario. (March 2012).
  • “The Crossroads of Incident Response Planning and Data Breach Notification Obligations.” Master’s Conference. Washington, D.C. (October, 2011).
  • “A Perfect (Electrical) Storm: The Electronic Health Record in Litigation and Oversight Proceedings.” AHRM-NY. (December, 2010).
In The Media
Attorney Articles

Kenneth N. Rashbaum > Matters

Close
Artificial Intelligence

Prepared generative AI use policies for a multinational biotech corporation and two law firms.

Drafted a template service agreement for customers in their transactions with mid-sized AI providers so they have an alternative to the providers’ Terms and Conditions.

Reviewed and provided suggested revisions of an agreement for uses of predictive and generative AI for an education consultancy.

Prepared and delivered training materials for uses of acquisition, deployment and monitoring of predictive and generative AI models to a global commercial insurer and a major university in New York City.

Drafted and delivered presentations to law firms and a law school class on admissibility and other foundation issues in offers of and opposition to AI-generated or AI-enhanced electronic evidence.

Cybersecurity, Data Privacy, GDPR Compliance

Represented an individual in litigation involving a title insurance company and an escrow agent alleging that cybersecurity and confidentiality deficiencies by the defendants led to an intrusion by a fraudster into communications for purchase of a home and resulted in a loss by the client to the fraudster of over $285,000.

Served as a special consultant to the New Jersey Assembly assisting in the preparation of a bill that, if passed, would have become New Jersey’s first comprehensive privacy and cybersecurity law. Ken testified as a cybersecurity and privacy expert before the New Jersey Homeland Security and State Preparedness Committee.

Obtained a Temporary Restraining Order, and then a favorable settlement, on the client’s behalf, in a matter in which an insurance broker’s employees stole and transferred company data in an attempt to start a competing organization.

Has represented security consultancies, CPA firms, media companies, and life science organizations in the negotiation of service agreements with customers and vendors from multiple countries.

Negotiated a contract for data collection on a global basis between a consultancy and one of the largest investment banks in the world, with a particular focus on international data transfer laws and regulations.

Prepared information security, privacy, and data preservation protocols and training for a five-hospital system in New York.

Advised a Boston academic hospital system on health data preservation protocols, prepared preservation policies, and conducted work force training on the protocols.

Represented an insurance broker with regard to federal and state claims concerning allegations of data misuse and theft and defeated motions to dismiss.

Represented a global media company in negotiation of service level and vendor agreements pursuant to the General Data Protection Regulation of the European Union (GDPR) and provided counsel in GDPR requirements and privacy/cybersecurity requirements of multiple U.S. states.

Counseled multiple organizations—such as fashion studios, CPA firms, law firms, hospitals and technology and media companies—on cybersecurity attack investigations, breach response, and remediation initiatives.

Has represented several multi-national organizations, providing counsel and advice on privacy and cybersecurity compliance pursuant to applicable laws and regulations including facilitation of security risk assessments; preparation of policies and procedures; and delivery and presentation of corporate training materials.

Provided counsel to healthcare IT app developers regarding solutions for secure, real-time sharing of medical information among providers.

Delivered Grand (teaching) Rounds at three academic medical centers on patient safety, cybersecurity, and privacy risks in the design of electronic medical records systems.

Represented a major assisted living facility in a cybersecurity audit by the New York Department of Financial Services.

Provided FDA remediation training required by audit findings at biotech corporations with regard to record-keeping and manufacturing practices.

Internal Investigations

Represented a family-owned real estate company regarding a data incident. Our role was to liaise with insurance carriers, secure and contract with a forensic investigator, lead the investigation and analyze the results to determine whether a breach had occurred while keeping the conversation privileged.

Represented a New York City hospital system by leading an investigation into breach of patient information from five hospitals and disclosure onto five Internet search engines, while also coordinating breach response and reporting.

Led investigation into and provided counsel and coordination for response to theft of trade secrets from a multi-national oil equipment manufacturing corporation, where theft originated in eleven countries.

Litigation

Served as special e-discovery counsel for the preservation and production of electronic evidence from Switzerland, Germany, and Italy for U.S. District Court litigation.

Tried multiple criminal, healthcare, product liability, commercial, and construction law cases to verdict in federal and state courts.

Co-represented the defense in a thirty-two-party lawsuit in the Western District of New York arising from a months-long labor dispute.

Led e-discovery teams in multi-district pharmaceutical product liability litigation.

Represented an internationally-known singer and songwriter in a lawsuit arising from a concert in Europe and obtained a dismissal of the claims against him in a New York state court.

Represented Spectrum Inc. General Contracting in litigation in the Supreme Court of New York, New York County against Capital One arising from claims that Capital One failed to prepare and implement procedures to notify account holders and step in to halt embezzlement fraud that resulted in a loss of $7,016,129.50.

Handled litigation claims under the Uniform Commercial Code arising from a wire transfer fraud loss of $341,100 alleging deficiencies in security protections and processes at Wells Fargo Bank.

ADA Compliance

Represented Dance America, Inc. in litigation in the U.S. District Court alleging that its website was not sufficiently accessible to visually impaired visitors in violation of US federal and state laws.

Represented Sports Endeavors, LLC in a matter in which the plaintiff alleged that the client’s website did not permit access to visually impaired visitors in violation of state and federal laws.

Represented 1617 Abbott Kinney, LLC in litigation brought in the U.S. District Court for the Central District of California in a matter alleging violations of the Americans with Disabilities Act and negotiated a settlement prior to the filing of dispositive motions or commencement of pretrial discovery. Settlement included a provision that each side would pay its own attorneys’ fees, a critical provision because the largest element of damages obtainable under this statute is payment of the adversary’s attorneys’ fees which, in some cases, can extend into very large sums. In addition, we negotiated full payment of the client’s legal fees to be paid by the client’s tenant.

Barton LLP
Privacy Overview

Our website uses certain cookies to enhance site navigation, analyze website usage, and assist in marketing efforts that may collect your personal information. You can accept or reject these cookies.