About Octillo


We are a team of privacy professionals and IT specialists devoted to counseling companies on technology, data security and privacy matters. Our team is made up of former business owners and technologists and are excited to help clients innovate, minimize legal risk and grow their business. We leverage our multiple disciplines and practice experience to practice law in a different way. Octillo is one of the few firms in the country focused only on tech, data security and privacy. We are not Big Law – we are a boutique firm with specialized experience for when our clients need it most. Customer service is our highest priority and when we are not busy helping our clients one of our core missions is to support STEM initiatives in our communities.

Our attorneys are highly specialized and help clients manage their digital assets, from integrating information security and privacy principles into business units, to performing network risks assessments and table top exercises to test incident response. We assist clients as they deploy advance technologies and digital tools to promote their business growth.

We work with executive leadership teams to build privacy and security compliance programs, conduct trainings, respond to data incidents, prepare for regulatory investigations and defend against consumer class actions or vendor disputes.

With offices in New York and California, two of the most active states in data security and privacy initiatives and laws, Octillo attorneys are your partner for growth in the digital age.

Privacy and Security Compliance

In the age of data proliferation, sound technology policies and practices are the foundation to smart business growth. Octillo attorneys advise companies on end-user policies, including Information Technology and Cybersecurity Policies, Privacy Policies, Terms of Service/Use, ADA Website Accessibility Statements, Bring Your Own Device (BYOD), Data Protection Programs, Incident Response Plans, Disaster Recovery Plans, along with Record Retention and Deletion Policies, data sharing, transfer and disclosure policies, and workforce data security matters.

As CIPP/US and CIPP/E attorneys, coupled with our extensive experience, we provide counsel on the California Consumer Privacy Act (CCPA), Illinois Biometric Privacy Act (BIPA), NY’s SHIELD Act, and the European Union’s General Data Protection Regulation (GDPR).

We also advise clients on enforcement actions by regulatory and law enforcement agencies including the European Supervisory Authorities, the Federal Trade Commission (FTC), state attorney’s generals and other regulatory bodies.

Risk Assessments

Octillo understands the challenges posed by managing risk across multiple, separately hosted information systems and networks, because our services are purposefully aligned to help clients manage these types of risk. What’s more, we understand that the risk must be assessed and mitigated at multiple stages, whether by carefully selecting a third party vendor, performing an annual risk assessment, or responding to a cybersecurity event.

Our deep understanding of technological infrastructures allows us to work with IT departments and business executives to help put our clients in a legally defensible position and minimize risk. We help clients achieve cybersecurity goals by leveraging IT-specific counsel that takes a range of state and federal regulatory regimes into consideration.

Incident Response

Our incident response team shares extensive experience in incident response, meaning our attorneys have worked on incidents of varying natures and scope that allow us to coordinate responses efficiently and effectively. We have guided executive teams through incidents in all industries, including finance, healthcare, and manufacturing, taking time to help clients understand the regulatory framework that may specifically impact their business. Because of our focus on incident response, our attorneys are tied to a wide network of specialists, meaning we not only remain in constant information-sharing on threat updates, but also understand how to assemble the right team to respond to the details of a specific incident.

In fact, as a firm that provides specialty IT services, our incident response experience is augmented by Octillo professionals who are former technologists, tech company owners, former Chief Information Security Officer (CISO), Certified AWS Practitioner, public company executive, and federal regulator.

Litigation/Government Investigations

Octillo’s Privacy Litigation Practice Group represents clients in data breach actions, technology vendor disputes, and the defense of consumer class actions and related regulatory investigations in state and federal courts throughout the United States.

Octillo has offices in:

  • Buffalo, NY
  • New York, NY
  • Rochester, NY
  • Philadelphia, PA
  • San Diego, CA

Related Services:

  • Advertising, Marketing and Digital Media
  • Artificial Intelligence (AI)
  • Blockchain Technologies and Digital Currencies
  • Binding Corporate Rules
  • Class Action Defense – Telephone Consumer Protection Act Compliance, Americans with Disabilities Act WGAC
  • Digital Risk Advisory and Cybersecurity
  • Digital Transformation and Data Economy
  • Emerging Technologies
  • Healthcare Privacy and Compliance
  • Information Governance
  • Internet of Things (IoT)
  • Privacy and Digital Risk Class Action and Litigation
  • Privacy Governance and Technology Transactions
  • U.S. Consumer Privacy and the CCPA