Stephen Robison, CIPP/US

Overview

Stephen is an Associate in the Litigation Department at McDonald Hopkins and a member of the firm’s national Data Privacy and Cybersecurity team. He is experienced in the areas of data privacy and cybersecurity, government contracts, national security, defense, technology and space.

As part of McDonald Hopkins’ national Data Privacy and Cybersecurity Practice Group, Stephen helps companies assess and respond to data privacy and cybersecurity incidents, including investigation of security incidents, breach notification obligations and compliance, and post-breach responses. His practice also includes providing clients with proactive, pre-breach services that focus on protecting personal, sensitive and confidential information and minimizing the risk of a data privacy incident.

Prior to joining McDonald Hopkins, Stephen ran his own law practice representing and advising clients on government regulations and contracting matters. His industry experience also includes several years with the Global Space Law Center developing proposals and responses to assist the United Nations Office for Outer Space Affairs. Furthermore, he worked in the Technology Transfer Office at the NASA Glenn Research Center where he negotiated, analyzed, and reviewed the licensing of government IP to private entities.

Prior to the start of his legal career Stephen served as a First Lieutenant in the United States Army at Fort Benning leading logistics and task delegation at the 199^th Infantry Brigade.

Stephen is certified by IAPP as a Certified Information Privacy Professional/United States (CIPP/US). He earned a LLM in national security law from Georgetown University Law Center, where he was an editor of the Journal of National Security Law & Policy and competed in the Manfred Lachs Space Law Moot Court Competition. He earned his J.D., magna cum laude, from Cleveland State University College of Law, and graduated with a BA in political science from John Carroll University.

Representative Cases & Matters

Data Privacy and Cybersecurity Matters

Incident Response. Coordinated and established a notification strategy and process regarding individuals and state regulators concerning all 50 states, the District of Columbia, Puerto Rico, and the Department of Education.
Incident Response. Advised company regarding cybersecurity incident outlining all legal obligations concerning compromised personally identifiable information (PII) and protected health information (PHI).
Incident Response. Obtained a positive outcome representing client through federal investigation led by the Army Criminal Investigation Division and Army Contracting Command.
Pre-Breach. Drafted and edited corporate documents concerning incident response plan and strategy, adding an indemnification clause regarding specific technical vulnerabilities.
Pre-Breach. Analyzed and incorporated federal obligations concerning incident response and notification policies concerning the Department of Defense.

National Security and Export Control

International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR). Advised client and drafted communication, leading all correspondence concerning federal obligations to the U.S. Department of State, Department of Defense, Army Criminal Investigation Division, and prime contractors regarding national security and defense contracts.
International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR). Developed, created, and executed a notification strategy and documents concerning federal contractor obligations specific to the Space industry and Defense Industrial Base. Incident involved federal awards estimated at $900,000,000. Notification included U.S. Department of State, Department of Defense, U.S. Army, Naval Sea Systems Command, the Defense Contract Management Agency, and large prime contractors in the Defense and Space industry.
Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS). Established and drafted incident response plan and notification strategy concerning controlled unclassified information (CUI), covered defense information (CDI), unclassified controlled technical information (CTI), and federal contract information (FCI).
Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS). Monitored forensic investigation and threat actor negotiations analyzing the legal significance and obligations concerning federally controlled data ensuring all data transfers and access complied with applicable federal laws and notification obligations.
Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS). Drafted and conveyed communication to the Department of Defense and large prime contractors concerning cybersecurity incident and the potential compromise of national security data and research.
Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS). Examined cybersecurity incident determining no federal notification obligation concerning the Department of Defense and potential covered contractor information system.
Sub-Contractor v. Prime. Counseled subcontractor concerning prime contractor payment and commercial remedies regarding dispute and negotiations.

Honors & Recognition

SBA Dwight D. Eisenhower Award for Excellence

NASA Silver Achievement Medal

Federal Bar Association Award for Constitutional Law

CALI Award Community Advocacy Law Clinic

CALI Award Constitutional Law

CALI Award Psychiatry and Law

Credentials

Education

Georgetown University Law Center

Cleveland State University College of Law

John Carroll University

Admissions – State

Ohio

Professional & Civic

Professional Activities

American Bar Association: Public Contract Law Section, Member; Cybersecurity and Data Privacy, Member; Forum on Air and Space Law, Member

Cleveland Metropolitan Bar Association: Member

National Defense Industrial Association (NDIA): Member

Community Involvement

Saint John School, Board Member

Space Generation Advisory Council (SGAC), Volunteer General Counsel

Accreditation

Commercial Space Regulatory Professional: White Belt

News & Insights

Blog Post
March 8, 2023
Anticipated CMMC 2.0 cybersecurity guidelines a reminder to government contractors to implement cybersecurity and incident response plans
Blog Post
February 6, 2023
New Department of Veteran Affairs contractor cybersecurity obligations
Blog Post
October 20, 2022
Creating a defensive cybersecurity culture
Blog Post
October 10, 2022
Cyber Savvy password tips for Cybersecurity Awareness Month 2022
Blog Post
October 3, 2022
Follow McDonald Hopkins for Cyber Savvy updates during Cybersecurity Awareness Month 2022
News
September 14, 2022
Air and Space Law Journal article by Stephen Robison: "Legality of Non-kinetic ASAT Weapons: A US Perspective on How Technology Outpaces Law"
Blog Post
September 9, 2022
5 foundational steps to DoD cybersecurity compliance
Blog Post
July 14, 2022
Billions available for cyber compliant construction companies
News
May 19, 2022
Robison appointed co-lead counsel of Space Generation Advisory Council
Blog Post
April 12, 2022
Prepare for the future, succeed today: Current system security plan requirements
Blog Post
March 23, 2022
Cybersecurity for government contractors: What you need to know about incident reporting
News
March 21, 2022
McDonald Hopkins welcomes Stephen Robison to national Data Privacy and Cybersecurity practice

Events

Speaking Engagement
August 7, 2023
10:35 AM - 11:00 AM MDT
Cybersecurity for Small Satellites
Speaking Engagement
June 16, 2023
10:00 A.M. - 10:50 A.M. ET
Cybersecurity Issues at PHAS
Speaking Engagement
April 12, 2023
2:15 PM - 3:00 PM ET
Legal & Policy Issues in the New Orbital Economy

Speaking Engagements

2021 Space Education & Strategic Applications Conference - Building Capacity in Space Law: An American Experience