Blog

On this episode of The Jeffrey Gross Show on WWDB 860, host Jeff Gross and co-host Joe Dougherty welcomed Rebecca Rakoski, managing partner of XPan Law Partners, for an eye-opening discussion on cybersecurity, data privacy, and the evolving risks businesses and individuals face.

From Workers’ Compensation to Cybersecurity

Gross reminded listeners of his role—representing injured workers in Pennsylvania and New Jersey—before handing the mic to Rakoski. She explained how her firm focuses exclusively on data privacy and cybersecurity law, working with clients ranging from small startups to multinational corporations. Her expertise spans regulatory compliance, litigation response, and advising organizations on how to protect sensitive data in an era of constant cyber threats.

The Scope of Cybersecurity Law

Rakoski highlighted that cyber law is both civil and criminal, depending on the breach. Hackers face federal prosecution, but companies that suffer attacks often find themselves defendants in civil suits—even though they are the victims of the crime. She described how her team works closely with federal agencies like the FBI and Secret Service when investigating major breaches.

Jurisdiction plays a huge role: data privacy laws follow the person whose data is compromised, not just where the company operates. That means a business collecting information nationwide—or globally—must comply with 50 different state laws and even international regulations when a breach occurs.

How Breaches Happen—and Why They Matter

Most incidents are caused by external hackers, though insider mistakes also play a role. Common attacks include ransomware, where systems are encrypted until a ransom is paid. Rakoski acts as a “quarterback” during such crises, coordinating forensic experts, operations teams, and legal responses. She noted the tension between legal compliance, business survival, and client trust, as disclosure laws require notifying affected individuals and regulators quickly.

Gross drew parallels to workers’ compensation, emphasizing how data breaches can expose sensitive medical records that injured workers share with attorneys and insurers. Both agreed the stakes are high, especially for unions, healthcare providers, and organizations that handle member or employee data.

The Role of Artificial Intelligence

Both attorneys reflected on how AI is reshaping law and cybersecurity. Gross described how AI is being tested in workers’ comp for research and settlement modeling, while Rakoski warned that hackers now use AI to craft highly convincing phishing emails tailored with local slang and cultural cues. What once looked like a scam now appears legitimate—raising the risks for individuals and companies alike.

Takeaways for Listeners

Cybersecurity is everyone’s issue. From law firms to manufacturers, every business has sensitive data worth protecting.

Victims can become defendants. Even companies hacked by criminals may face lawsuits from clients or members whose data was exposed.

Disclosure matters. Failure to notify quickly after a breach can lead to penalties and stronger lawsuits.

AI is a double-edged sword. It can streamline legal work but also empowers cybercriminals.