People

Leah Schloss

Senior Associate

Schloss, Leah

Leah Schloss advises clients on cybersecurity, government contracts, and export control investigative, regulatory, and compliance issues.

Ms. Schloss has extensive experience coordinating data breach investigations for clients in the retail, professional services, government contracts and technology industries. Her experience includes overseeing third-party forensic investigators; synthesizing forensic fact development for briefings to client management, officers, boards and third parties; interfacing with various third parties, including Payment Card Industry Forensic Investigators, payment card brands, law enforcement and regulators, as well as breached entities' customers, insurance providers, auditors and vendors; assessing obligations under state and federal data breach notification laws; and drafting breach notification letters, media statements and securities disclosures. 

Ms. Schloss counsels clients ranging from financial services companies to clients in the healthcare, government contracts and defense sectors on cybersecurity legislative, compliance and governance matters, including legislative and regulatory developments, regulator investigations, state and federal data security guidelines and requirements (including sector-specific guidance such as the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act), and risk and governance assessments. 

Her experience also includes conducting internal investigations for defense contractors, counseling clients on export control and surveillance law matters, and bringing and defending bid protests and Small Business Administration size challenges, including successfully defending a small business against a size challenge involving the client's largest award in company history. 

Past Experience

Prior to joining the firm, Ms. Schloss served as a law clerk at the Senate Judiciary Committee for Senator Leahy, where she conducted research on issues arising out of the reauthorization of the USA PATRIOT Act, as well as judicial and executive nominations. As a member of Georgetown's Federal Legislation and Administrative Law Clinic, Ms. Schloss researched a variety of legal issues related to cybersecurity, including evaluating various proposed cybersecurity information-sharing and liability protection bills. 

Ms. Schloss was also an intern in the Office of the Assistant General Counsel for General Law of the US Department of Energy and a research assistant for Professor David Cole at the Georgetown University Law Center.

Publications & News

View

May 12, 2017

President Trump Issues Cybersecurity Executive Order

February 21, 2017

New York Finalizes Cybersecurity Regulations for Financial Institutions

On February 16, the New York State Department of Financial Services (NYDFS) issued cybersecurity regulations for banks, insurance companies and other financial institutions subject to NYDFS jurisdiction.

November 1, 2016

Department of Defense Issues Final Version of Key Cybersecurity Rule

On October 21, 2016, the Department of Defense (DoD) issued its final rule on Network Penetration Reporting and Contracting for Cloud Services, amending an interim version issued on August 26, 2015, and revised on December 30, 2015. This WilmerHale Client Alert was also published by Bloomberg BNA's Privacy and Security Law Report on December 19, 2016.

October 20, 2016

Banking Regulators Release Advanced Notice of Proposed Rulemaking on Enhanced Cyber Risk Management Standards

The agencies are considering establishing two tiers of enhanced standards—basic enhanced standards for all covered firms and even more stringent enhanced standards for systems that are "sector-critical."

June 16, 2016

The CFPB And Data Security Enforcement

In this article published in BNA's Banking Report, Michael Gordon, Leah Schloss and former Counsel Elijah Alper examine the Consumer Financial Protection Bureau's foray into data security enforcement by assessing how the bureau's data security authority compares with that of other federal regulators.

May 17, 2016

Final Government Contractor Basic Data Security Rule Issued

On May 16, the Federal Acquisition Regulations (FAR) Council published the final FAR rule on Basic Safeguarding of Contractor Information Systems. The rule is intended to prescribe “the most basic level” of safeguards, “reflective of actions a prudent business person would employ.”

April 14, 2016

Department of Defense Revises Landmark Cybersecurity Rule, Extends Deadline for Some Compliance Requirements

An article by Benjamin A. Powell, Barry J. Hurewitz, Jonathan G. Cedarbaum, Jason C. Chipman and Leah Schloss, published in the May 2016 issue of Privacy & Cybersecurity Law Report, explores the new, amended Department of Defense interim cybersecurity rule that prescribes cybersecurity requirements, including mandatory cybersecurity-related contract clauses in all DoD contracts subject to the Defense Federal Acquisition Regulations Supplement.

January 31, 2016

Getting the Deal Through: Cybersecurity 2016

Benjamin A. Powell and Jason C. Chipman were contributing editors for Getting the Deal Through: Cybersecurity 2016 (published in January 2016). Powell and Chipman also co-authored the chapter “Global Overview” (p. 5) with Marik String, and “United States” (pp. 72-77) with Leah Schloss. Reproduced with permission from Law Business Research Ltd. For further information please visit www.gettingthedealthrough.com.

January 8, 2016

Department of Defense Revises Landmark Cybersecurity Rule, Extends Deadline for Some Compliance Requirements

On December 30, 2015, the Department of Defense (DoD) issued a second interim rule on Network Penetration Reporting and Contracting for Cloud Services, amending an earlier version issued on August 26, 2015.2 The new, amended DoD interim rule prescribes cybersecurity requirements, including mandatory cybersecurity-related contract clauses in all DoD contracts subject to the Defense Federal Acquisition Regulations Supplement.

January 7, 2016

Congress Enacts Major Cybersecurity Legislation

On December 18, 2015, Congress passed, and the President signed, the Cybersecurity Act of 2015, which provides authorization and liability protection for cybersecurity monitoring and information-sharing and authorization for cyber defensive measures. The Act, which comes after four years of efforts to enact federal cybersecurity legislation, also creates a new regime to encourage federal agencies to share cyber intelligence with the private sector more rapidly.

Practices

Skip Navigation Links.

Education

JD, magna cum laude, Georgetown University Law Center, 2012, Notes Editor, Georgetown Journal of International Law, Order of the Coif

BA, International Affairs and Political Science, magna cum laude, The George Washington University, 2009, Phi Beta Kappa

Bar Admissions

District of Columbia

Maryland

Skip Navigation Links.