Marc S. Roman

Marc S. Roman

Of Counsel

Marc Roman

450 New Karner Road
Albany, NY 12205

Telephone: (518) 452-1800
Direct Dial: (518) 764-0402
Fax: (518) 452-6435

Marc Roman provides a variety of cybersecurity, data protection, privacy and information technology services to clients. With more than 20 years as an IT professional and a firm understanding of federal and state cybersecurity laws, he is uniquely positioned to identify the physical and digital security risks that plague businesses of virtually every size.

Mr. Roman focuses his practice on identifying, evaluating and managing risks associated with privacy and data security practices. He advises clients on the GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, FTC enforcement, and other U.S. state and federal privacy and data security requirements, including risks related to global data protection laws such as the GDPR and PIPEDA. He provides advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness, assurance, and resiliency. Marc also guides clients on risks and potential liabilities associated with inadequate privacy and data security practices. He conducts all phases of online and offline privacy assessments and information security policy audits, and develops corporate records management programs, including policies, records retention schedules and training modules.

While prevention is usually the best policy, Mr. Roman also helps clients who have been unable to avoid a security issue, data breach or other unfortunate event. These solutions may take many forms, and they can be detective, corrective, recovery-based, deterrent or compensating in nature, depending on the client’s particular situation.

A skilled litigator, Mr. Roman also vigorously pursues legal action against employees, contractors, competitors and other offenders who have unlawfully breached a company’s privacy and security controls.

Mr. Roman is an adjunct professor at Albany Law School, where he teaches courses dealing with the continuously evolving federal and state cybersecurity and privacy laws. He has multiple professional certifications and licenses in the information technology, privacy and system security fields.

Bar Admissions

  • New York, 2009
  • U.S. District Court, Northern District of New York, 2009
  • U.S. Supreme Court, 2016


  • Albany Law School of Union University, J.D., 2008
  • State University of New York at Albany, B.A., 1992


  • IAPP Certified Information Privacy Professional/United States (CIPP/US) (Cert. #00245765I)
  • (ISC)2 Certified Information Systems Security Professional (CISSP) (Cert. #309726)
  • ISACA Certified Information Systems Auditor (CISA) (Cert. #1080650)
  • ISACA Certified in Risk and Information Systems Control (CRISC) (Cert. #1116049)
  • ISACA Control Objectives for Information and Related Technologies (COBIT) Foundation
  • OGC Information Technology Infrastructure Library (ITIL) Foundation

Memberships and Affiliations

  • Member, New York State Bar Association
  • Member, Albany County Bar Association
  • Member, Capital District Women’s Bar Association Legal Project
  • Member, Capital District Trial Lawyers Association