Robert Duffy

Robert E. Duffy

Baker & McKenzie LLP


Robert Duffy is an associate in the cybersecurity practice group. He advises clients regarding internal investigations, regulatory compliance, and legal risk management, as well as administrative, civil and criminal litigation matters. He regularly utilizes his background in computer science and software engineering to deliver unique insights to clients facing complex legal issues implicating a wide variety of technology.

Practice Focus

Robert helps clients manage systemic legal risks and achieve compliance with cybersecurity, privacy and information governance laws and regulations through conducting assessments, developing risk-prioritized remediation plans, drafting policies, guidelines, and opinions, and establishing compliance technology and operations. He also helps clients respond to cybersecurity incidents, by managing the forensic response and investigation, drafting internal and external communications and disclosures, navigating customer disputes and government investigations, and aggressively pursuing their rights as crime victims. Additionally, he represents clients in civil litigation regarding trade secret misappropriation, computer fraud and abuse, and other matters.

Representative Legal Matters

  • Defended developer of consumer security products against FTC investigation into security vulnerability
  • Advised leading online and physical retailer on the development of technologies and processes supporting data subject rights for opting-out of data processing, and for the access and deletion of personal information
  • Counselled leading technology company on the development of global anti-cybercrime program to leverage local laws to take down cybercrime infrastructure
  • Advised global technology services provider responding to 2017 NotPetya global malware incident
  • Advised cybersecurity services firm regarding government investigations and subpoenas targeting prior investigative material and work product
  • Represented software developer in lawsuit against testing company for misappropriation of trade secrets, unauthorized access under the CFAA, and other torts
  • Advised managed IT services provider responding to DarkSide ransomware event
  • Defended multiple providers of services to abuse victims against subpoenas for documents and testimony regarding client information


  • District of Columbia~United States (2012)
  • U.S. Patent & Trademark Office~United States (2011)
  • Virginia~United States (2010)


  • George Mason University School of Law (J.D.) (2009)
  • Virginia Tech (B.S.) (2003)


  • English