log in
Print | Back

Lowenstein Sandler LLP

Mary J. Hildebrand

Mary J. Hildebrand

Founder and Chair, Privacy & Cybersecurity

Lowenstein Sandler LLP
New Jersey, U.S.A.

tel: 973.597.6308
Send an Email

Local Time: Sun. 00:08


For more than 30 years, Mary has drawn on her deep experience in privacy and data security, tech, and intellectual property to handle sophisticated technology deals from concept to conclusion.

Mary regularly serves as lead counsel to both public and private companies in complex commercial matters involving:

  • Digital and social media
  • Software
  • Clean tech
  • Renewable energy
  • Public utilities
  • Financial services
  • Medical devices
  • Entertainment
  • E-commerce
  • Transportation
  • Universities
  • Not-for-profit organizations 

Additionally, she counsels startups on the transactions and foundational legal structures needed to launch their businesses.

As a leading intellectual property lawyer, Mary has achieved an enviable track record in commercializing, protecting, and managing intellectual property, technology, and database assets around the world. She is also a recognized authority on EU and U.S. data privacy and information security laws.

A highly regarded "top-notch," "hugely responsive," and "skilled, bright and knowledgeable" practitioner, Mary has been consistently recognized by Chambers USA (2009-2019) for her successful handling of complex transactions involving significant IP assets. Her clients commend her as "a phenomenal client manager" who gives "useful, pragmatic, practical advice."

Mary has served as a member of Lowenstein Sandler's board of directors and Strategic Planning Committee, as well as chair of the firm's Diversity and Inclusion Committee.

Bar Admissions

    New Jersey


Duke University School of Law (J.D. 1984)
Union College of Union University (B.A. 1980), magna cum laude
Areas of Practice
Professional Career

Significant Accomplishments

Speaking Engagements

Cathy Serafin and Mary Hildebrand will present a webinar entitled "Insurance Issues in Commercial Contracts: Addressing Unique Risk Profiles for Your Deal." The presentation will discuss specific insurance issues to take into consideration when negotiating your next commercial contract. The speakers will cover how to draft specific provisions to protect your company or client's best interests in numerous situations that nearly all businesses routinely face.

Mary Hildebrand will speak on a panel entitled "EU GDPR and Privacy Shield" at The New EU Data Protection Regulation: Transnational Enforcement and its Effects on US Businesses Symposium. The annual Seton Hall Law Review Symposium brings together members of the judiciary, practicing lawyers, and legal scholars to explore important and timely aspects of the law and society. This is also the inaugural event of the newly established Seton Hall Institute for Privacy Protection.

In early 2018, the European Union will replace its entire privacy framework with the GDPR, which governs any organization that processes the personal data of an EU citizen regardless of geographic location. GDPR has immediate ramifications for U.S. organizations, including those that do not have any affiliates or locations in the EU. We are hosting the first installment of a two-part breakfast series on GDPR focused on the key practical issues associated with implementation and avoidance of penalties. Mary Hildebrand and Matt Oliver, CIPP/US, will speak on a panel in our AVL Center that includes Linda Rush, CIPP/US/C, CIPM, Privacy Officer and Associate General Counsel, AvisBudget Group Inc.

The EU is slated to replace its entire data protection structure in May 2018 with implementation of the General Data Protection Regulation (GDPR). GDPR has jurisdiction over any organization that collects or processes the personal data of EU citizens without regard to the organization's geographic location, so the impact of this complex legislation is worldwide. GDPR is not limited to tech companies – it applies to every private sector organization and many in the public sector.

In December 2016, the EU's Article 29 Working Party (WP29) released guidance on several key provisions of GDPR.

On Wednesday, February 1, we are hosting an update to our two-part GDPR series last fall focused on the new WP29 Guidance. Mary Hildebrand, CIPP/US/E, and Linda Rush, CIPP/US/C, CIPM, Privacy Officer and Associate General Counsel, Avis Budget Group, Inc., will discuss the impact of WP29s guidance, including what's covered and what's not, and recommend practical integration strategies. The February 1 session will be held in our New Jersey office, with similar sessions scheduled in our New York and Washington, D.C. offices.

Lowenstein and the New Jersey Chapter of the Association of Corporate Counsel (NJACC) will team up to host the 3rd Annual Cyber Day at One Lowenstein Drive. Cyber Day is a half-day program designed to help companies navigate current cybersecurity and data privacy issues, two themes that continue to generate press headlines, as well as client concern.

Lowenstein and NJ LEEP will team up to host a free CLE presentation on Blockchain Technology, Smart Contracts, and Cryptocurrency at One Lowenstein Drive from 5-7pm. The presentation will feature a one hour panel discussion moderated by Mary Hildebrand, with panelists Philip Decker, Vice President and Senior Counsel, Legal Affairs; Jason Mark Anderman, Vice President and Senior Counsel, Technology and Digital Law; and Emily Goodman Binick, Vice President and Senior Counsel, Cryptocurrency, all of American Express. The presentation will be followed by networking and refreshments.

Lowenstein and the New Jersey Chapter of the Association of Corporate Counsel (ACCNJ) will team up to host "The Deep, Dark Web – What is it – and how does it impact your business," a CLE presentation focused on the Dark Web, the local, national, and international repercussions, and how to protect your data from ending up on the deep, dark web. The program will feature a two hour discussion lead by Mary Hildebrand, CIPP/US/E, Founder and Chair, Privacy and Information Security Practice; Partner, The Tech Group; Christine Hoffman, Deputy Director, Division of Criminal Justice in NJ; and Mark Spencer, Regional Sales Manager, AccessIT Group, Inc.

For more information, email [email protected]


Please join us as our panel of specialists from Lowenstein Sandler and ACA Compliance Group lead a discussion of real-time developments related to the following:

  • Data Privacy and GDPR Concerns for Investment Managers
  • The Advertising Rule - Compliance Advice and Practical Approaches
  • Recent SEC Enforcement Actions and Trends

For more information, email 
[email protected]

Lowenstein's Zarema A. Jaramillo introduces opening keynote speaker Valerie Jarrett, former Senior Advisor to the Obama Administration, and Lynda A. Bennett and Mary J. Hildebrand are panel moderators at the Women, Influence & Power in Law conference. 

October 4, 2018

9:15 a.m.: Opening Keynote: Fireside Chat | Staying Nimble, Taking Risks, and Empowering Women to Lead With Authenticity and Confidence

  • Introduction of keynote speaker: Zarema A. Jaramillo, Partner, Lowenstein Sandler LLP
  • Keynote speaker: Valerie Jarrett, former Senior Advisor, Obama Administration

Empathy, intuition, and collaboration are the qualities people are looking for in their leaders today. In this session, hear from our keynote speaker on how she has taken risks to breakthrough gender bias with confidence, authenticity, and effectiveness in her professional journey.

11 a.m.-12 p.m.: GDPR: Assessing Your Organizational Competence and Risk in a Data-Driven World 

  • Moderator: Mary J. Hildebrand, Partner; Founder and Chair, Privacy & Cybersecurity, Lowenstein Sandler LLP
  • Panelists:
    • Li Reilly, Vice President & Deputy General Counsel, Fareportal
    • Ilona Levine, Senior Corporate Counsel, Privacy, Data Protection, Cybersecurity and Compliance, OVH US
    • Jo Ann Lengua Davaris, Chief Privacy Officer, Mercer

The implementation of GDPR–and the potential for regulatory enforcement actions, private causes of action and legal challenges from various quarters–exemplifies the uncertainty that permeates the privacy and cybersecurity world. How can you manage your legal, compliance, and business risks to achieve the best outcome for your organization? This panel will discuss the practical implications of managing against the new organizational requirements, such as accountability measures, breach notification requirements, data subject rights, and processing system assessments.

October 5, 2018

10-11 a.m.: How to Evaluate Exposure to Personal Liability Arising from Recent Enforcement Actions Against Corporate Counsel

  • Moderator: Lynda A. Bennett, Partner; Chair, Insurance Recovery Group, Lowenstein Sandler LLP
  • Panelists:
    • Patricia Barbieri, Senior Vice President, General Counsel and Secretary, Daiichi Sankyo, Inc.
    • Lynn Feldman, EVP and General Counsel, Clear Channel Outdoor
    • Shirin Saks, Assistant General Counsel, Litigation and Employment, Dun & Bradstreet

Corporate counsels are an organization's ethics watchdogs, yet they are often asked to give strategic business advice. This can put in-house lawyers in awkward positions, jeopardize attorney-client privilege, and potentially expose the company and its leaders to liability. This session will provide an ethical framework and best practices to help navigate this dual role, and focus on how to protect corporate counsel and other executives against potential liability risks through insurance coverage and other innovative risk management techniques.

Mary J. Hildebrand speaks alongside Richard Ledgett, Former Deputy Director, National Security Agency, at World Sevices Group's (WSG) 2018 Annual Meeting, scheduled for September 19-21, 2018. The conference features engaging guest speakers and panel perspectives while offering several opportunities for delegates to network among professionals across the WSG Network.

Join us for our 4th Annual Cyber Day. This half-day program features sessions led by Lowenstein lawyers and other industry leaders who will discuss how companies can navigate cybersecurity, blockchain, and data privacy issues as well as the cyber insurance market in order to operate in a post-GDPR business landscape.

Topics include:

  • Cyber Risks: Where to Find Coverage and How to Maximize Recovery for Cyber Claims 
  • A Global Perspective: Status Report on the Impact of GDPR and What You Need to Know About the Evolving U.S., Federal, and State Data Privacy Laws
  • Government Investigations: How to Prepare and What to Do
  • Beyond Bitcoin: An Introduction to Blockchain

Lowenstein speakers include: 

The program runs 7:30 a.m.-2 p.m. Program location: Lowenstein Sandler LLP, One Lowenstein Drive, Roseland, New Jersey 07068; 973.597.2500. CLE credit available.

In response to GDPR and Privacy Shield changes, Mary J. Hildebrand participates in a webinar panel regarding next steps for entities in the financial services industries that have completed initial gap analyses and modified their public-facing privacy policies.

This session will focus on what these heavily regulated industries will have to do in the next 60 days to establish and maintain a legally defensible position with respect to privacy and security of personal data — not only to comply with regulation but to be poised to do business in the 21st century.


  • Mary J. Hildebrand, Partner; Founder and Chair, Privacy & Cybersecurity, Lowenstein Sandler LLP
  • Ray Ford, Founding Member, GDPR Institute
  • Mark Rasch, Chief Legal Counsel, Digital Risk Management Institute; former head, United States Department of Justice, Cyber and High Technology Crime Unit
  • David Morris, early pioneer in cybersecurity; Managing Partner, Morris Cybersecurity

GDPR recently commanded headlines – and commandeered corporate resources – throughout the world. Several new U.S. state and federal data protection laws create a “one-two punch” for organizations already implementing GDPR and impose new obligations on companies that are out-of-scope for GDPR. This session will discuss these developments and strategies for aligning GDPR with the evolving U.S. privacy landscape. 


  • Mary J. Hildebrand, CIPP/US/E, Partner; Founder and Chair, Privacy & Cybersecurity, Lowenstein Sandler LLP
  • Sundeep Kapur, CIPP/US, Associate, Lowenstein Sandler LLP
  • Mark Faber, Vice President, Corporate Counsel, Cyber and Privacy Law, Prudential Financial

This one-hour webinar takes place at 2 p.m. ET.

This panel discussion will address the impact of the recent U.S. Supreme Court decision, Carpenter v. United States, and its effect on privacy law and law enforcement's ability to track historical or real-time cell phone location. The panelists will also explore how other types of electronically gathered information, such as data stored by wearable technologies and location tracking applications, will be affected in the post-Carpenter era.

This program is co-sponsored by the Rutgers Law School Center for Corporate Law and Governance (cclg.rutgers.edu), the Rutgers Computer and Technology Law Journal (rctlj.org), and Rutgers Institute for Professional Education (rutgerscle.com).


  • Mary J. Hildebrand, CIPP/US/E, Partner; Founder and Chair, Privacy & Cybersecurity, Lowenstein Sandler LLP
  • Douglas S. Eakeley, Of Counsel, Lowenstein Sandler LLP
  • Ronald K. Chen, University Professor, Rutgers Law School
  • Sabrina G. Comizzoli, Assistant U.S. Attorney, U.S. Attorney’s Office, District of New Jersey  
  • Todd Schulman, Associate General Counsel, Verizon

Time: 4-6 p.m.; a networking reception follows the presentation.

Location: Rutgers Law School, Baker Trial Courtroom (Room 125), Center for Law and Justice, 123 Washington Street, Newark, NJ 07102

NJ CLE information: This program has been approved by the Board on Continuing Legal Education of the Supreme Court of New Jersey for 2.4 hours of total CLE credit.

Professional Associations

The International Association of Privacy Professionals (IAPP)
Liberty Science Center, Founder and Member of Board of Directors of the Women’s Leadership CouncilLicensing Executives Society, New Jersey Metro Chapter
  • Co-chair
American Bar AssociationNew Jersey State Bar AssociationExecutive Association of New Jersey
  • Past President and Chair of the Board of Trustees

Professional Activities and Experience

  • Chambers USA (2009-2019) - Mary Hildebrand
  • The Best Lawyers in America - Mary Hildebrand


Capital Markets Litigation
Lowenstein Sandler LLP 

Litigation News for the Global Financial Community


Top Cyber-Risk Issues -- Takeaways from the National Center of Cybersecurity Excellence Speaker Series
Lowenstein Sandler LLP, May 2017

I recently had the good fortune of participating in an excellent Speaker Series sponsored by the National Center of Cybersecurity Excellence (NCCoE)*. Our program, which included representatives from industry, the technology sector and trade associations, focused on Cyber-Risk in the Hospitality Industry...

Is Cybersecurity at the Top of Your List for 2017? If So, You're on the Right Track.
Lowenstein Sandler LLP, January 2017

When Yahoo recently disclosed that information on over a billion user accounts had been stolen back in 2013, the news capped off a year of big, bad data breaches. Security and privacy issues have been so front-and-center, in fact, that the Yahoo incident wasn’t the most newsworthy cybersecurity story by a long shot — despite its being the biggest data breach in history. Hacks of presidential campaigns and subsequent data leaks underscored just how pivotal a breach can be...

Beyond HTML5 and Java: What Developers and Publishers Need to Know When Creating Mobile Health Apps
Lowenstein Sandler LLP, November 2016

Mobile app usage has penetrated nearly every industry and facet of our lives, from banking and dating to transportation and dining. This is especially true in the health and wellness sector. In 2014, the number of U.S. consumers using mobile health apps was only 16 percent. Two years later, this percentage doubled to 33 percent 1 and continues to grow rapidly...

Additional Articles

It’s easy for philosophical differences between the United States and Europe to seem like intellectual abstractions -- right up until the moment they entail immense financial loss. The European embrace of a right to privacy, a capital “R” Right akin to any that we have enshrined in the Bill of Rights, might not appear to be of consequence to most Americans. However, given pending EU legislation, you could violate this right and incur huge fines without ever setting foot on the continent. Depending on the final shape of a new regulation currently working its way through the European Union, simply advertising online to Europeans in a manner that utilizes their purchasing history could incur a fine equivalent to two percent of your annual global revenues. While this concept may seem far-fetched, if you’re about to conduct any commerce in Europe, you should make it your business to monitor and understand the new regulation.

A recap from Lowenstein Sandler and ACC New Jersey’s 4th Annual Cyber Day Conference.

On October 10, I was delighted to welcome an overflow crowd of in-house counsel for lively discussions on navigating this increasingly complex regulatory and business landscape. As Chair of Privacy & Cybersecurity at Lowenstein, I see first-hand how new U.S. state and federal data protection laws have created a “one-two punch” for companies implementing GDPR (which became effective on May 25 of this year), and imposed new obligations on companies that are out-of-scope for GDPR. Aryeh Friedman, VP, Associate GC and CPO of Dun & Bradstreet, and I addressed these key takeaways on our panel.

GDPR Compliance is a Work in Progress: Surveys show that about 12% of US entities and 27% of EU entities surveyed believe they are ‘fully compliant’ with GDPR. Putting aside for the moment that there’s no consensus on exactly what ‘fully compliant’ means for GDPR, many US-based entities are still in process, and others are just coming to the realization that they are in-scope.

New California Law is a Game-Changer: It’s not a “mini-GDPR,” but the California Consumer Privacy Act (“CCPA”) reflects similar principles and grants broad control to California residents over their personal information. Entities that comply with GDPR need a gap analysis to determine what’s required of them under CCPA, and non-GDPR entities must evaluate their data practices in light of CCPA. With substantial fines and a private cause of action for data breach, CCPA challenges the status quo. US states are acting to fill the void created by the absence of comprehensive federal data protection laws (25% of the states recently adopted new or amended statutes). At this pace, state data protection statutes could go the way of data breach laws – 50 different laws across the country.

Get Ready For More Disruption: A year from now the data protection landscape is likely to be vastly different. Among other things –

  • GDPR started a global trend, with Brazil and India already falling in line and there’s more to come.
  • The Privacy Shield’s second annual review is happening now, and its future is not assured. Just shy of 4,000 companies currently depend on Privacy Shield to transfer data from Europe to the US. If the Privacy Shield is invalidated there are very few other options especially for B2C businesses. At the same time, standard contractual clauses (a/k/a, Model Contracts) are the subject of a hotly contested legal challenge by Max Schrems (of Safe Harbor fame) against Facebook.
  • Brexit is targeted for March 2019, and the EU is unlikely to issue an adequacy decision (regarding the protection of personal data) for the UK until Brexit is a reality. While other treaties may mitigate the impact, without an adequacy determination the UK (and UK affiliates of US companies) will be required to rely on model contracts, consent or other approved data transfer mechanisms as we do in the US.
  • Finally, foreign entities or individuals seeking to invest in US companies now have another hurdle -- The US Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) expands the jurisdiction of the Committee on Foreign Investment in the United States (CFIUS) to include non-passive investments in any company that deals with “sensitive personal data of US citizens that may be exploited in a manner that threatens national security.” We are still awaiting regulations, but indications are that “sensitive personal data” will be broadly interpreted resulting in many more transactions being subject to these rigorous reviews.

WSG's members are independent firms and are not affiliated in the joint practice of professional services. Each member exercises its own individual judgments on all client matters.

HOME | SITE MAP | GLANCE | PRIVACY POLICY | DISCLAIMER |  © World Services Group, 2019