Robert W. Rubenstein


Robert focuses on corporate transactional matters and advises clients on technology transactions, data privacy, and security compliance (FTC, GDPR, FFIEC, and the New York DFS Cybersecurity Regulation). He negotiates and drafts various transactional documents, such as software as a service (SaaS) and software licensing agreements, software and technology development agreements, privacy policies and online terms of service, and data licensing agreements. Robert also counsels clients on a broad range of corporate matters, including mergers and acquisitions.

Robert also has experience counseling clients on compliance with federal, state, and European privacy laws, including all of the U.S. comprehensive state laws and biometric privacy laws. He assists clients in mitigating risk both prior to and during litigation. Robert has experience drafting employee facing biometric privacy policies for compliance with all U.S. biometric privacy laws for clients in a number of different industries. He is also responsible for tracking biometric privacy legislation nationwide as part of the Emerging Data Privacy Trends team. 

Prior to joining the firm, he was an attorney in the corporate practice group of an international law firm.

Robert earned his bachelor’s degree from Dickinson College and his law degree from Drexel University Thomas R. Kline School of Law. While in law school he was an intern for the Honorable Timothy J. Savage, U.S. District Court for the Eastern District of Pennsylvania.



U.S. Department of Commerce Proposes a New KYC Rule Applicable to U.S. IaaS Providers [Alert]

February 27, 2024

Robert Rubenstein and Christopher Dodson discuss the Commerce Department’s Proposed Rule that proposes a new Customer Identification Program and other requirements for U.S. providers and foreign resellers of infrastructure as a service products.

Final Interagency Guidance on Managing Risks Associated with Third-Party Relationships [Cyber Law Monitor Blog]

June 27, 2023

On June 6, 2023, the Board of Governors of the Federal Reserve System, Office of the Comptroller of the Currency and Federal Deposit Insurance Corp. (collectively, the “Agencies”) issued final interagency guidance that provides granular recommendations for how banks and other regulated financial...

Washington Passes the My Health My Data Act [Alert]

May 08, 2023

On April 27, 2023, Washington’s Governor Inslee signed the My Health My Data Act into law, adding to the increasingly complex patchwork of state privacy laws.

The New Standard Contractual Clauses Deadline is Approaching [Cyber Law Monitor Blog]

August 15, 2022

On June 4, 2021, the European Commission introduced the new set of Standard Contractual Clauses (“SCCs”), a primary mechanism for lawfully transferring personal data from Europe to the United States under the European Union’s General Data Protection Regulation. These new SCCs replace the three...

SEC Proposes New Cybersecurity Disclosure Rules for Public Companies [Cyber Law Monitor Blog]

March 24, 2022

On March 9, 2022, the SEC proposed new rules (“Proposed Rules”) that would expand cybersecurity disclosures applicable to public companies subject to the reporting requirements of the Securities Exchange Act of 1934 (“Exchange Act”). Existing SEC rules do not explicitly require cybersecurity...

Federal Agencies Announce a New 36-Hour Cybersecurity Incident Rule Reporting Requirement [Cyber Law Monitor Blog]

January 05, 2022

On November 18, 2021, the Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Board”), and the Federal Deposit Insurance Corporation (“FDIC”) (collectively, the “Agencies”) issued a new rule (the “Rule”) that requires banking organizations and...

FTC’s Amended Safeguards Rule Imposes Significant Requirements on Covered Entities [Cyber Law Monitor Blog]

December 16, 2021

On October 27, 2021, the Federal Trade Commission (“FTC”) announced new updates to the Gramm-Leach-Bliley Act (“GLBA”) by amending the Standards for Safeguarding Customer Information, known as the “Safeguards Rule,” and issuing a final rule (the “Final Rule”). The Safeguards Rule is designed to...


  • Drexel University Thomas R. Kline School of Law, J.D., 2018
  • Dickinson College, B.A., 2015

Awards & Honors

Sarah Nerino Perseverance Award

  • Pennsylvania
  • U.S. District Court -- Eastern District of Pennsylvania

Hon. Timothy J. Savage, United States District Court for the Eastern District of Pennsylvania