Cybersecurity and Data Privacy Attorney Guiding Clients Through Complex State, Federal, and Global Compliance
Carly Rothstein is an Associate at Mandelbaum Barrett PC, with a practice spanning cybersecurity and data privacy, healthcare law, and litigation. She counsels healthcare providers and business entities on the full spectrum of privacy and security matters, including compliance with the GDPR, CCPA, HIPAA, the New York SHIELD Act, and other state and federal privacy laws. She has experience guiding clients through all phases of data security incidents—from initial investigation and notifications to regulatory compliance and litigation risk management—and brings a practical, solutions‑oriented approach to highly time‑sensitive matters.
Carly also represents clients in a range of disputes, including commercial litigation, healthcare litigation, and privacy litigation. She is actively involved in all phases of litigation, including pleadings, motion practice, and discovery, and supports case strategy through detailed legal research and analysis.
Carly earned her J.D. from the Benjamin N. Cardozo School of Law, where she served as Editor in Chief of the Cardozo Arts and Entertainment Law Journal. During law school, she worked with the Filmmakers Legal Clinic, advising independent, social‑justice‑oriented filmmakers on transactional, intellectual property, and First Amendment matters. She received her B.A., summa cum laude, in History and Psychology from the University of Alabama. She is admitted to practice in New York and is a member of the New York City Bar Association’s Technology, Cyber, and Privacy Law Committee.
- Member, New York City Bar Association
- Member, New York State Bar Association
New York
- J.D. from the Benjamin N. Cardozo School of Law
- B.A. from the University of Alabama
Navigating State Workplace Violence Laws: What Healthcare Employers Should Know
April 28, 2026
If you run a hospital or health system, workplace violence prevention just moved to the top of your compliance checklist. Healthcare workers face elevated risks from patients, visitors, and external actors and account for roughly 73% of all nonfatal workplace injuries caused by violence. With no comprehensive federal OSHA standard in sight, states are stepping […]When the Breach Hits the Docket: How Law Firms Should Respond When Client Files Leak to the Dark Web
October 10, 2025
When a law firm experiences a data breach, which includes both unauthorized data access as well as disclosure, the consequences extend far beyond reputational harm. Increasingly, attackers exfiltrate entire client files—including documents filed under seal or protected by attorney–client privilege—and post them on the dark web. Once that happens, courts can’t “unring the bell,” and firms must navigate a complex mix of ethical duties, procedural obligations, and legal protections.Carly Rothstein Joins the New York City Bar Association’s Technology, Cyber, and Privacy Law Committee
August 6, 2025
We’re proud to share that Carly Rothstein, Associate in our Cybersecurity & Data Privacy Practice Group, has been selected to join the New York City Bar Association’s Technology, Cyber, and Privacy Law Committee.Strengthening HIPAA Security: Key Updates to Protect Healthcare Data from Steven Teppler and Carly Rothstein
March 14, 2025
Now’s the time to get ahead—understanding these updates will help you stay compliant and protect against growing cyber threats.