Joshua Mooney

• District of Columbia
• Pennsylvania
• US Court of Appeals for the Third Circuit
• US District Court for the District of Columbia
• US District Court for the Eastern District of Pennsylvania

• Georgetown University Law Center, JD, magna cum laude, Order of the Coif, 2000
• University of Cambridge, Girton College, MPhil, 1994
• Loyola University Maryland, BA, cum laude, 1993

Josh is a partner in the Philadelphia office. He advises companies, including members of the insurance and insurtech industries, on a wide array of data privacy and security compliance issues under such laws as CCPA/CPRA, HIPAA, New York’s DFS Cyber Regulations and the SHIELD Act, BIPA, and GDPR. He also advises clients on emerging threat and risk vectors, development and implementation of privacy and security programs, big data licensing, and data transfers. He also assists companies with national and international cybersecurity incident response matters.

In addition, Josh advises insurance carriers on media and cyber liability coverage at trial and appellate levels throughout the country, including winning two cases involving matters of first impression before the Third Circuit, and litigating one of the first cyber coverage matters in the Commonwealth of Pennsylvania. His matters involve all manners of complex risk involving cyberattacks, data breaches, ransomware, and business email compromises (BECs), as well as media and privacy claims and litigation on behalf of media entities, film productions, Top 40 music, reality television programming, newspaper liability, software and gaming developers, banks, and casinos.

He regularly writes and lectures on cybersecurity and data privacy and coverage issues. He has guest-lectured on cyber law and insurance at Temple University Fox School of Business and Rutgers Law School, and has been quoted in The Wall Street Journal, Law360, Business Insurance, and Compliance Week. He also served as an editor for a working group of X9, an ANSI-accredited standards developing organization, to develop a universal standard for data protection and data breach notification in the financial services industry.

Currently, Josh is a Vice Chair of the ABA TIPS Cybersecurity and Data Privacy Committee, and is the founding Chair of the Cybersecurity and Data Privacy Committee for the Pennsylvania Bar Association. He is also a founding member of The Oxford & Cambridge Society of Philadelphia, and has been selected by Cambridge in America and the University of Cambridge as an official alumnus contact for the Commonwealth of Pennsylvania.

Market recognition

  • Recognized by Pennsylvania Super Lawyers (2020-2021)

Work highlights


  • Assisted web-app developers with negotiating data hosting and white-labeled mobile app licenses
  • Assisted clients with drafting and implementing information security programs in compliance with such data protection laws as SHIELD Act, CCPA, and GDPR, including for cloud data hosting organization, third-party claims handling organization, investment fund, and organizations in the insurance industry
  • Advised insurance industry clients with compliance under New York DFS cyber regulations 23 NYCRR 500, including certification and implementation of cybersecurity programs
  • Advised corporate clients on data transfers between US and EEA
  • Advised insurance industry clients with compliance under NAIC Model Law on Insurance Data Security, as promulgated by applicable jurisdiction
  • Drafted/negotiated InsurTech and start-up licensing and service agreements, resolving issues regarding data ownership, use, security and privacy of data
  • Coordinated incident response to various national and international data breaches and other cybersecurity events


  • Advised cyber insurers in various underlying cybersecurity attacks, including data breaches, ransomware and double-exploitations matters, business email compromise and social engineering matters, MSP attacks;
  • Successfully represented media insurer in connection with underlying defamation lawsuit filed against bankrupt online media periodical, winning narrow construction of direct-action statute and first impression decision that policy was rejected by the bankruptcy estate as an executory contract, Riley v. Mutual Ins. Co. Ltd., 2019 U.S. Dist. LEXIS 121123 (E.D. Pa. Jan. 9, 2019), aff’d, 805 Fed. App’x 143 (3d Cir. 2020)
  • Successfully represented insurer in coverage litigation involving alleged unlawful collection of personal information, OneBeacon Am. Ins. Co. v. Urban Outfitters, Inc., 21 F. Supp. 3d 426 (E.D. Pa. 2014), aff’d, 625 Fed. App’x 117 (3d Cir. 2015)
  • Successfully represented media insurer in connection with underlying class action against national university reporting false statistics to ranking publications to bolster rankings and profile of academic programs
  • Successfully represented insurer in coverage litigation involving underlying class action alleging false advertising, Cincinnati Ins. Co. v. KT Health Holdings, LLC, 2017 U.S. Dist. LEXIS 44432 (D. Mass. March 27, 2017)
  • Successful defense of school district in coverage litigation over high-profile class action lawsuit accusing district of using webcams in school-issued laptops to spy on students at home
  • Successfully represented media in matter involving criminal action pending in the Tribunal de Grande Instance (Paris) in connection with film production of a fictionalized account of French politician’s visit to New York
  • Defense of insurer in coverage litigation brought by national retailer involving underlying intellectual property infringement and violation of Indian Arts and Crafts Act
  • Advised insurance carriers on various coverage matters involving reality television programming

Publications and presentations

  • "In Case of Emergency, Break Glass: Responding to a Ransomware Attack" presented for the Pennsylvania Bar Institute (May 2021)
  • “Ransomware: Where Do We Go From Here?” presented for the American Bar Association (February 2021)
  • “Cybersecurity in the Post-Pandemic World: Not Another Dystopian Tale?” presented for CLM (December 2020)
  • Co- Author, “Between a Rock and a Hard Place: Advisories Target Ransomware Victims, Insurers” published for the Legal Intelligencer (November 2020)
  • “Attorney's Guide to Effectively Advising the Board in the Event of a Data Breach” presented October 2020
  • “Best Practices for Placing Cutting Edge "Cyber" Insurance: Policyholder, Insurer and Broker Perspectives” presented for the Potomac Law Group (September 2020)
  • Author, “With Anticipated Cyberattacks, Protecting Data Breach Reports From Discovery” published for The Legal Intelligencer (August 2020)
  • “Best Practices for Placing Cutting-Edge "Cyber" Insurance: Policyholder, Insurer and Broker Perspectives” presented for ABA (August 2020)
  • “Creating a Data Privacy Compliance Program on a Limited Budget” presented for Arthur J. Gallagher’s Cyber Insight Series (July 2020)
  • “Building A Compliance Program Without Breaking the Bank” presented for the NetDiligence Cyber Risk Virtual Summit (July 2020)
  • “Cyber and Operational Risk From a Remote Workforce” published for the Legalist (June 2020)
  • Co-Author, “Despite COVID-19, Here Are 4 Easy Steps for Data Privacy, Security Compliance” published for The Legal Intelligencer (May 2020)
  • “It Was Tricky Before COVID-19 - How Do You Build a Data Privacy and Security Resiliency Program Now?” presented for the ABA (May 2020)
  • “The Expanding Universe of Biometric Data: Embrace, Curtail, or Regulate?” presented for the Privacy + Security Forum (May 2020)
  • Co-Author, “Financial Services Firms Face New Cybersecurity Regulation”, published for Risk Management (May 2020)
  • Author, “Phishing Scam Does Not Implicate Forgery Coverage, Court Requests Further Briefing for Computer Fraud Coverage” published for Pratt's Privacy and Cybersecurity Law Report (May 2020)
  • “COVID-19: Working Remotely - What Attorneys Need to Know to Avoid Cyberthreats and Privacy Risks” presented for ABA TIPS Cybersecurity (March 2020)
  • Author, “Policyholders' Biometric Suit Coverage Buoyed by Ill. Ruling” published for Law360 (March 2020)
  • “Transitioning to a Remote Workforce: Addressing Cybersecurity and Data Privacy Concerns in the Legal World” presented for PBI (March 2020)
  • “Steps To Take to Prepare Your Workplace During COVID-19” presented for PBI (March 2020)
  • Co- Author, “Cyber update: Personal Certification by Corporate executives on the Rise” published for The Legal Intelligencer (March 2020)
  • “Mastering Ethical Issues in the Cybersecurity Space” presented for ABA TIPS Cybersecurity Conference (March 2020)
  • Author, “E-Mail Phishing Scam: Coverage For "Social Engineering" published for Coverage Opinions (February 2020)
  • Author, “Ransomware Victims Get New Path To Coverage In Md. Ruling” published for Law360 (January 2020)
  • “CCPA: How Do You Prepare?” presented (December 2019)
  • “The Limits of Cyber Insurance” presented for The Wall Street Journal Cybersecurity Executive Forum (December 2019)
  • “Arthur Hall Insurance: Data Protection Seminar” presented for the Wilmington Country Club (October 2019)
  • “New Ideas to Strengthen Your Firm Against Relentless Cyber Criminals” presented for the 19th Annual IA Compliance Master Emerging Challenges (September 2019)
  • “Cyber Liability: Preventing, Responding & Resolving” presented for PBI (June 2019)
  • “Various Types of Cyber Coverages: How They Interact with Other Types of Insurance, Including Property, General Liability and E&O Policies” presented for Perrin Conference for Insurance Coverage & Allocation Issues (May 2019)
  • “Data Protection and Privacy Compliance: Steps to Safeguard Your Data and Minimize Liability” presented for Philly Tech Week 2019 (May 2019)
  • “Emerging Issues in Civil Litigation” presented for PBA Civil Litigation Section Retreat (May 2019)
  • Co-Author, “Why GDPR Should Not Stifle Information Sharing” published for The Risk Management Society (April 2019)
  • Co- Author, “What Types of Insurance for Startups? Consider Your Risks and Liabilities” published for JD Supra Corporate Law Report (March 2019)
  • Co- Author, “Threat Information Sharing Under GDPR” published for The SciTech Lawyer, (March 2019)
  • Author, “Elections Aside, Pennsylvania and Ohio Provide Insight for National Duties of Care in Cybersecurity” published for the American Bar Association Tort Trial and Insurance Practice (Winter 2019)
  • Co- Author, “How a Misunderstanding of GDPR Could Heighten Cyber Exposure” published for Business Insurance (February 2019)
  • “Cybersecurity and Technology: Ethical Considerations for Lawyers” presented at the
  • Pennsylvania Bar Association 2019 Midyear Meeting (February 2019)
  • “How to Mediate a Cyber Dispute” presented at the CLM Insurance Conference (December 2018)
  • Co-Author, “Threat Information Sharing and GDPR: A Lawful Activity that Protects Personal Data” (Fall 2018)
  • “Law Firms and Cybersecurity: Are You Ready for a Cyberattack?” presented for the Northampton County Bar Association Bench Bar Conference (October 2018)
  • Author, “Medidata and American Tooling Courts Misunderstood Tech” published for Law360 (September 2018)
  • “GDPR’s Effect on Incident Response Here in the U.S.” presented for the Business Resiliency Committee for the Financial Services Information Sharing & Analysis Center (June 2018)
  • Author, “Internet of Medical Things Resilience Partnership Act of 2017” published for The ALI Advisor (October 2017)
  • Co- Author, “5 Things Insurers' GCs and Their Boards Must Know for Cybersecurity” published for The Legal Intelligencer (August 2017)
  • “Cyber Insurance - Assessment of the Risk and Analysis of Available Coverages” presented for the Perrin Conference for Emerging Insurance Coverage & Allocation Issues (May 2017)