Anand Raj Shah* counsels clients on issues relating to cybersecurity, information governance, privacy, eDiscovery and data analytics. He assists clients in proactively evaluating and managing risks associated with their information practices, particularly during breach response or cybercrime investigations. Anand advises clients on a wide range of federal laws and regulations, including CFAA, ECPA, HIPAA, GLB, FISMA, CAN-SPAM, VPPA, COPPA, FCRA, and CISA, along with international and state data protection and breach notification laws. He guides clients on the implementation of information sharing practices, such as the DHS’s Automated Indicator Sharing initiative, and industry standards, such as the NIST Cybersecurity Framework. Anand assists in crafting incident response plans, vulnerability assessment tools, information security agreements, corporate policies, and product design reviews that are tailored to meet the needs of companies and boards seeking to safeguard their data.
Anand has experience dealing with cyber and other emerging technology issues, such as encryption, virtual currencies, and critical infrastructure protection, at the international-, national-, and local-levels. Prior to joining Drinker Biddle, he was a Deputy Attorney General at the New Jersey Attorney General’s Office, Financial and Computer Crimes Bureau. His primary responsibility was prosecuting cybercrime – from investigation to trial – involving hacking, identity theft, online fraud and extortion, money laundering, child endangerment, and other cases involving digital evidence. While there he initiated a joint criminal-civil enforcement taskforce to address consumer advocacy concerns stemming from data breaches and was an original member of the New Jersey Cybersecurity & Communications Integration Cell – promoting information sharing between government agencies, as well as the private sector. Anand started his career in-house as an attorney at Mandiant Corp. (a FireEye, Inc. company); he also served as a Tech/Cyber Law Fellow at ZwillGen PLLC.
While attending law school, Anand worked with the NATO Cyber Defence Centre of Excellence serving as the Research Assistant to the Group of Experts drafting the Tallinn Manual on the International Law Applicable to Cyber Warfare – a year-long project he undertook as part of Emory Law’s International Humanitarian Law Clinic. He also participated in Technological Innovation: Generating Economic Results (TI:GER®), a two-year interdisciplinary program with the Georgia Institute of Technology to learn about technology commercialization; in this capacity he gained experience with a 3D printing startup and consulted with incubator companies at the Advanced Technology Development Center, involving mobile payment security and augmented reality. Additionally, Anand served as a Legal Extern to The Coca-Cola Company in their Intellectual Property and Global Marketing Groups.
Anand is fluent in Mandarin Chinese and Gujarati.
*Admitted in New Jersey only. District of Columbia Bar application pending; practice supervised by partners of the firm who are active D.C. Bar members pursuant to D.C. Bar Rule 49(c)(8).
National Computer Forensic Institute – Selected to undergo trainings in computer forensics, cybersecurity, and mobile device forensics. (June 2014 and September 2015)
TI:GER® Scholar, Emory University School of Law
Awards Methodology (www.drinkerbiddle.com/content/awards)
- New Jersey
- Emory University School of Law, J.D., 2012
- Georgia Institute of Technology, Intellectual Property Certificate, 2012
- George Washington University, B.A., 2009, magna cum laude
- East China Normal University, Advanced Language Certificate, 2007
- U.S. District Court, District of New Jersey
- Superior Court of New Jersey, Appellate Division
- American Bar Association, Science and Technology Law Section
- Georgetown Law Cybersecurity Law Institute, Board of Advisors (Past Planning Committee Member)
- International Association of Privacy Professionals
- New Jersey Cybersecurity and Communications Integration Cell
- The Sedona Conference, Working Group 11 on Data Security and Privacy Liability