Karen Painter Randall

Karen Painter Randall, formerly Certified by the Supreme Court of New Jersey as a Civil Trial Attorney and a partner at Connell Foley LLP, where she chairs the Cybersecurity, Data Privacy, and Incident Response Group. With extensive experience counseling clients on cybersecurity, data rights, and privacy laws and regulations, Karen provides proactive measures to safeguard enterprise data, including security assessments, policies and procedures, security awareness training, incident response plans, and cyber liability insurance.

Karen holistically guides a wide array of businesses through the rapidly evolving cybersecurity and privacy space, including GDPR, CCPA, FERPA, HIPAA, PCI DSS, and TCPA compliance. Her clients span multiple industries, from financial services to healthcare, public entities, education, transportation, and retail, as well as lawyers and other licensed professionals.

In addition, Karen serves as incident response counsel for businesses and cyber liability insurance carriers, leading the incident response effort quickly and efficiently on crippling data breaches and vulnerabilities, particularly those involving insider threats, business email compromise, and ransomware attacks. She drives strategic solutions related to post‐breach issues, including forensic and e‐discovery investigations, statutory notification requirements in all 50 states, remediation, class action litigation, Federal Trade Commission (FTC) inquiries or regulatory enforcement actions, and FTC, HHS, and state attorney general investigations. In addition to incident response, Karen has a depth of experience managing third-party vendor risk and drafting vendor agreements.

Karen received three presidential appointments to the American Bar Association’s Cybersecurity Legal Task Force and was named the Task Force’s Private Sector Liaison. She founded/chairs the New Jersey State Bar Association Cybersecurity Legal Task Force and Institute. Most recently, the New Jersey State Bar Association appointed her to the AI in the Law Task Force as Co-Chair of the inaugural Cybersecurity and Data Privacy Committee and member of the AI Committee. Additionally, Karen was selected by the University of South Carolina School of Law to lead its Cybersecurity Legal Task Force and serve as Director of its annual National Cybersecurity Institute. She also chairs the USLAW Network Cybersecurity and Data Privacy Group. Among her many honors, Karen has been named by NJBIZ as a “Leading Women in Business” honoree, a “Leader in Law” for Cybersecurity and a “Digi-Tech Innovator,” and by ROI-NJ to its “Influencers: Law” list for E-discovery/Cyber.

A sought-after speaker, Karen frequently addresses a wide range of emerging concerns in cybersecurity and data privacy. She is often quoted in business and trade publication articles on key cyber and data privacy issues, including recently on safeguarding the online privacy of Federal Judges.

A Fellow of the American Bar Foundation, Karen was appointed by Chief Justice Stuart Rabner to serve on the Board on Civil Trial Certification. 

Karen's commitment to leadership, frequent speaking, and writing underscore her trailblazing impact on the cybersecurity landscape. 

Representative Experience
Results may vary depending on your particular facts and legal circumstances.

• Insider Wrongdoing: Served as breach response counsel for client related to insider wrongdoing involving unauthorized access to the personally identifiable information of co-workers’ payroll information.
• Website Compromise: Served as breach response counsel for client regarding unauthorized access to client’s website involving the inadvertent disclosure of customer’s personally identifiable information including credit card/payment information.
• Insider Wrongdoing: Served as breach response counsel for client regarding inadvertent disclosure of customers’ banking information requiring notification and regulatory evaluation under Gramm Leach Bliley Act.
• Social Engineering: Served as breach response counsel to provider of MRO whose employee responded Reply All to a phishing email purporting to be from the CEO sending the companies’ W2s for all U.S. based employees for the past two years.
• Insider Wrongdoing: Served as breach response counsel for client related to insider wrongdoing involving the theft of employee personnel files containing personally identifiable information including Social Security numbers, bank account numbers/PINS and protected health information.
• Business Email Compromise: Represented professional clients in external system breaches involving phishing emails wherein funds were fraudulently wired.
• Theft of School Files: Represented school district regarding theft of student IEPs from employee’s vehicle, and advised regarding notification and privacy implications under FERPA.
• Technical Support Compromise: Served as breach response counsel to accounting firm involving a “Microsoft Premium Technical Support” attack compromising the tax returns of its clients.
• Social Engineering/Ransomware:  Served as breach response counsel to a school district infected with malware indicative of two persistent banking Trojans, Emotet and Trickbot wherein the credentials of its employees who entered them into financial institution website and other similar websites were compromised.  This attack was followed by ransomware attack.
• Ransomware: Served as breach response counsel to law firm that was the victim of a ransomware attack (Ryuk), and worked with forensics and bitcoin broker to pay ransom, obtain the decryption key for the return of data and restore.
• Social Engineering: Represented law firm wherein a third-party gained unauthorized access to email account, and advised regarding obligations under applicable state statute and reporting requirements as bankruptcy trustee.
• Social Engineering: Served as breach response counsel to accounting firm involved in a third-party gaining unauthorized access to email account and firm’s portal storing confidential client PII information. 
• HIPAA: Represented physical therapist facility related to former employees downloading patient information prior to departure and advised on applicable state statute and HIPAA requirements.
• HIPAA:  Represented third-party organization that uses data analytics to promote patient safety and quality healthcare to advise them on potential HIPAA violation associated with information provided from a covered entity.
• Social Engineering: Represented service provider to insurance carriers in connection with processing premium payments under their Pay-As-You-Go workers compensation policy involved in a social engineering attack, which resulted in unauthorized access to PII and PHI information contained within an employee’s email account.  Data mining services were deployed.
• Ransomware: Served as breach response counsel to a school district infected by the Sodinokini strain of ransomware.  Because their back-up was also encrypted we helped to facilitate the payment of ransom to the attacker in return for the decryption key to its files.
• Ransomware: Served as breach response counsel to a school district infected by the Sodinokini strain of ransomware.  The school district maintained sufficient back-up and avoided having to pay the ransom demand.
• Ransomware: Served as breach response counsel to a school district infected by the Phobos strain of ransomware.  The school district maintained sufficient back-up and avoided having to pay the ransom demand.
• Served as incident response counsel to a billion dollar food service company that was the victim of wire fraud. 
• Served as incident response counsel to a national electric company who suffered a ransomware attack.
• Served as incident response counsel to a school district infected by ransomware.  The school district maintained sufficient back-up to avoid paying the ransom.
• Served as incident response counsel and provided recommendation regarding its regulatory obligations to an insurance company whose policyholders’ personal information may have been accessed without authorization as a result of a wire fraud scheme impacting a third-party vendor.

Professional Affiliations

• International Association of Privacy Professionals (IAPP)
  • Member
  • Co-chair, New Jersey KnowledgeNet Chapter
• Bloomberg BNA Cybersecurity and Data Privacy
  • New Jersey Contributing Practitioner
• USLAW NETWORK, Inc.
  • Chair, Data Privacy and Security Practice Group
    • Co-chair and Instructor, Cybersecurity and Privacy Bootcamp
  • Chair, Professional Liability Practice Group
  • Women's Connection Leadership Committee
  • National Chair, Fall Conference
  • Speaker
    • Managing Partner Forum
    • TELFA Crossborder Meeting
    • Women's Connection Conference
    • Practice Group Exchanges
  • Author
    • USLAW Magazine
    • Digi-Know
• American Bar Association
  • Presidential Appointments
    • Standing Committee on Lawyers' Professional Liability
    • Cybersecurity Legal Task Force 
      • Private Sector Liaison
  • Professional Liability Litigation Committee
    • Attorneys' Liability Subcommittee
  • Contributor, LPL E-Advisory  (Legal and Cyber)
  • Section Member, Science and Technology Law
• Association of Corporate Counsel (ACC) Foundation
  • Advisory Board Member, 2019 ACC Foundation Cybersecurity Summit
• New Jersey State Bar Association
  • Artificial Intelligence in the Law Task Force 
  • Founder and Chair, Cybersecurity Legal Task Force

• University of South Carolina School of Law

  • Chair, Cybersecurity Legal Task Force
  • Director, Cybersecurity Institute
  • Adjunct Professor, Cybersecurity
• University of South Carolina
  • Member, College of Arts and Sciences Board of Visitors
• Claims and Litigation Management Alliance
  • Member, Cyber Liability Committee
  • Co-chair, 2016 Cyber Liability Summit in New York City 
  • Northeast Regional Chair
  • New Jersey State Chair
  • President, Northern New Jersey CLM Chapter
  • American Law Journal - Professional Liability Editorial Board
  • Contributor, Around the Nation Newsletter
• Defense Research Institute (DRI)
  • Professional Liability Advisory Committee
  • Data Breach and Privacy Law Committee
• Healthcare Information and Management Systems Society (HIMSS) - NYS Chapter
  • Member, Security & Privacy Committee
    • Legal/Regulatory Subcommittee
• Supreme Court of New Jersey, Board on Trial Certification
  • Board Member, Appointed by New Jersey Chief Justice Rabner
• National Association of Women Lawyers
  • National Mentor
• Professional Liability Underwriters' Society
• New Jersey Business and Industry Association
  • Law and Technology Section

• Co-Chair, Inaugural Cybersecurity and Data Privacy Committee
• Member, AI Committee (2024-2025)

• Leading Women in Business honoree - Traditional Category (2024)
  
• Leaders in Law (2021)
• NJ Digi-Tech Innovators Awards (2019, 2021)
• Best 50 Women in Business (2012)
  

ROI-NJ "Influencers"

• Law (2022)
• Women in Business (2021, 2022)

• Professional Malpractice Law - Defendants

New Jersey’s Women Leaders in Law, Complex Litigation (2013)

National Finalist, CLM Litigation Management Professional of the Year (2012)

New Jersey Super Lawyers (2011-2024)

• Top 50 Women (2016-2021)
• Top 100 (2020, 2021)

New Jersey Law Journal

• Diverse Attorneys of the Year (2017)
• Prominent Woman Among Women and Minority Attorneys in New Jersey