Corey J. Goldstein an associate in the Litigation Department. His practice centers on advising clients on cybersecurity, data privacy, and artificial intelligence issues, including complex, cross-disciplinary matters.
Corey counsels clients on breach preparedness and response, including on cybersecurity governance and risk management, and supports responses to significant cyber incidents, such as ransomware attacks and nation-state threats. He regularly assists clients in navigating delicate, high-profile situations involving multi-jurisdictional investigations, government inquiries, and significant media scrutiny.
He also advises clients on strategies to mitigate cyber and legal risk before an incident occurs. Corey regularly works with clients to develop and improve incident response, ransomware and crisis management policies and procedures. He partners with clients and leading cybersecurity firms to conduct and evaluate the results of cybersecurity testing and risk assessments, and also delivers cybersecurity tabletop exercises and briefings to business teams and executives.
In the rapidly evolving field of artificial intelligence, Corey advises companies on complex and cutting-edge matters, advising on issues such as AI safety, integrity, intellectual property, testing and red-teaming, governance, compliance, national security, privacy and data governance. Corey’s knowledge of global AI regulations and policy development allows him to provide practical, tailored solutions to clients at every stage of AI development and deployment.
Corey’s experience spans a broad range of industries and includes the following areas:
Cybersecurity
- Incident readiness & response: Corey develops incident response, ransomware and crisis management policies; conducts tabletop exercises and briefings; and guides clients through forensic investigations, containment, eradication and recovery efforts.
- Law enforcement & regulatory coordination: He works closely with clients to coordinate with law enforcement and regulators during and in the wake of cyber incidents, ensuring compliance with regulatory obligations and managing communications with customers, auditors and other stakeholders.
- Cyber governance & risk management: Corey counsels on cybersecurity governance, preparing companies to address ransomware and nation-state sponsored attacks, supporting clients in the development and enhancement of governance frameworks, internal controls, and sector-specific compliance programs tailored to technology, telecommunications, healthcare, banking, insurance, and asset management. He partners with cybersecurity firms to conduct risk assessments and improve governance policies.
- Compliance & legal strategy: He helps companies across industries meet U.S. and international legal requirements, guiding organizations through investigations, including responding to regulatory inquiries, and managing multi-jurisdictional matters related to significant cyber incidents. His work includes advising on issues under the Electronic Communications Privacy Act (ECPA), Stored Communications Act (SCA), and Computer Fraud and Abuse Act (CFAA).
Artificial Intelligence
- AI risk assessments & audits: Corey conducts AI product counseling and risk assessments, helping clients evaluate intellectual property, privacy, safety, integrity and algorithmic bias issues.
- AI governance & compliance: He advises on designing and implementing AI governance frameworks, including policies, procedures, inventories and vendor risk management. Corey conducts internal reviews of generative AI practices and assists in establishing governance committees, training programs and incident playbooks.
- Regulatory defense: Corey helps companies prepare for and respond to high stakes regulatory issues. He guides clients through regulatory guidance on issues such as AI safety, integrity, testing and red-teaming, data governance, and risk mitigation. He also advises on emerging global AI regulations and standards, providing risk assessments, and benchmarking practices.
- Strategic counsel & transactions: He advises on developing AI regulations—including the EU AI Act, U.S. executive orders and state laws. Corey also supports investment and deal diligence for AI-driven transactions.
Corey is active in the legal community, serving on the New York City Bar Association’s Insurance Law Committee and its Presidential Task Force on Artificial Intelligence and Digital Technologies. He currently serves on the task force’s AI in Commerce and Finance subcommittee and previously served on its AI and Cybersecurity subcommittees. He frequently publishes on cybersecurity and AI topics.
