Razvan E. Miutescu

Partner
blank image Razvan E. Miutescu

Razvan E. Miutescu

Partner
Baltimore T: 410.347.8744 F: 410.223.3725
download bio
download vcard
Razvan E. Miutescu

Razvan E. Miutescu

PARTNER
rmiutescu@whitefordlaw.com
BALTIMORE
T: 410.347.8744
F: 410.223.3725
Biography
BIOGRAPHY

Mr. Miutescu co-chairs the firm’s Cyber Security, Data Management & Privacy practice. His practice focuses on incident response, domestic and global data protection compliance, emerging technologies, and artificial intelligence.
 
Mr. Miutescu assists clients with various types of cybersecurity incidents, including ransomware, business email compromise, network intrusions, lost or stolen devices, insider threats and rogue employees, fraudulent wire transfers, and “pig butchering” or other cryptocurrency scams. These incidents often affect regulated industries such as financial services and healthcare.
 
Mr. Miutescu regularly advises US and foreign clients on matters involving multi-jurisdiction privacy and data protection requirements, including establishing information security and privacy programs under broad regulatory regimes (e.g., GDPR and GDPR-inspired international or US state laws) and industry-specific laws (e.g., GLBA, NCUA Regulations, NYDFS Part 500, and HIPAA); adopting measures and safeguards for international transfers of personal data or threat intelligence information; developing or using emerging technologies, including blockchain-based platforms; and using artificial intelligence tools for automated decision making, behavioral monitoring, profiling, or processing biometric information.
 
He is passionate about and has significant experience with wholesale and retail financing of recreational luxury yachts.
 
He speaks fluent Romanian and conversational German.

Recognitions

  • The Best Lawyers in America®, Privacy and Data Security Law (2021-Present)
  • Maryland Super Lawyers®, Technology Transactions and Intellectual Property "Rising Stars" (2013–2019)
 

Memberships & Activities

  • Cybersecurity Association
    • Board of Directors , 2024 - present
  • Romanian American Chamber of Commerce, Washington DC, 2020 - present
    • Board of Directors
    • Co-founder, DC Cyber Task Force
  • Maryland State Bar Association
    • Vice-Chair, Committee on Data Privacy, Cyber Security & Technology, 2015 - present
  • Bar Association of Baltimore City
    • Chair, Business Law Committee, 2015 - 2017
  • Maryland Volunteer Lawyers for the Arts
    • Board of Director and Vice-President, 2007 - 2017
  • Associations of Commercial Finance Attorneys
    • Member

Privacy & Data Security

  • Global and domestic data protection compliance programs for businesses and non-profit organizations, including external and internal policies and procedures, particularly involving GDPR, UK GDPR, Canadian PIPEDA, and Swiss FADP
  • International data transfers, including subject to the Data Privacy Framework, Binding Corporate Rules, and Standard Contractual Clauses
  • Data protection impact assessments, transfer impact assessments, and legitimate interest assessments
  • US federal privacy and data security compliance, including as to GLBA, NCUA Regulations, Section 5 of FTC Act, FCRA, HIPAA/HITECH, TCPA, as well as applicable regulations and agency-issued guidelines
  • US state comprehensive privacy laws compliance, including data protection laws (e.g. CCPA/CPRA) and cybersecurity laws (e.g., NYDFS Part 500)
  • Incident responses involving domestic and foreign jurisdictions, and managing local counsel relationships
  • Investigations involving “pig butchering” scams and related cryptocurrency investigations
  • Data breach investigations or informal inquiries by state (OAGs) and federal (e.g., OCR, OCC) regulators
  • Information security policies and procedures, including as related to mapping to various frameworks or standards, such as NIST Cybersecurity Framework, ISO 27001, AICPA SOC 2 or PCI-DSS
  • Vendor due diligence and contractual/flow-down safeguards
  • Wiretap and other electronic monitoring and surveillance laws
  • Emerging technologies, such as AI and blockchain/DLT, as impacted by data protection laws, including those pertaining to automated decision making, behavioral monitoring, profiling, biometrics, and data retention and accessibility
 

Technology and IP

  • Software ownership and licensing – development, end-user, enterprise, distribution, reseller agreements
  • Cloud services – software-as-a service (SaaS), platform-as-a-service (PaaS), infrastructure-as-a-service (Iaas), hosting, and subscription agreements
  • Data broker services –  direct marketing (data append, marketing lists), online marketing (registration targeting, collaborative targeting, onboarding), marketing analytics, and risk mitigation (identity verification, fraud detection) agreements
  • IT professional services – web and mobile app development, website development, system integration, tech support, software maintenance, technology consulting, CIO outsourcing, IT department outsourcing agreements
  • Electronic commerce and online platforms – terms of use, privacy policies, DMCA notices, electronic payment agreements
  • IT hardware agreements -- purchases, financing, and leasing agreements
 

Business and Corporate Law

  • Joint venture agreements
  • Distribution and marketing agreements for non-U.S. companies seeking to expand operations in the United States
  • M&A due diligence with a focus on intellectual property, privacy, and data security
  • Licensing of defense articles brokers under the International Traffic in Arms Regulations (ITAR)
  • Export controls compliance for foreign employees under Export Administration Regulations (EAR)
  • Asset seizures by U.S. Customs
  • Marine financing
  
INSIGHTS

Speaker, Association of Commercial Finance Attorneys, Cybersecurity for Lawyers,  May 31, 2025

Panelist, Cybersecurity Association, Protecting CISOs From Increasing Personal Liability Risk – Civil and Criminal Insurance Considerations, April 17, 2025

Co-Presenter, Association of Commercial Finance Attorneys, Your AI Compliance Playbook,  February 27, 2025

Speaker, CyberHack Days 2024 (West University of Timisoara), Opportunities: Technical Advancements in Cybersecurity and AI, June 29, 2024

Speaker, Immigration Research Forum, Building Bridges for Societal Resilience, Fifth Annual Conference of Romanian American Professionals, December 16, 2023

Panelist, Alianta, IT Resilience in Times of War, November 30, 2023

Speaker, CyberWeek@UVT 2023, Romania – US: Opportunities for Cooperation and Education, November 17, 2023

Speaker, CyberHack@UVT 2023, Legal Considerations for Ethical Hacking, June 13, 2023

Speaker, Maryland State Bar Association, Advanced Business Law Institute, State Privacy Law Developments and Protecting Your Clients’ Data in Contracting, April 27, 2023

Speaker and mentor, Unbreakable Romania, Ethical Hacking & Pentesting, April 10, 2023

Panelist, Catholic University Journal of Law and Technology, Spring Symposium, Wearable Devices and Data Privacy Concerns, March 31, 2023

Panelist, Maryland Tech Council, Digital Transformation Summit, The Good and Bad of Digital Transformation with AI/ML, Automation, and Personalization, March 16, 2023

Presenter, Bloomberg Law, Privacy by Design: Considerations for Products, Transactions, and Vendor Management, July 19, 2022

Presenter, American Society of Appraisers (ASA), Securing Your Electronic Appraisal Report, June 28, 2022

Speaker, Institute for Credentialing Excellence, Managing Data Protection Risks for Certification Programs – Legal Aspects of Vendor Contracts and State Privacy Laws, October 26, 2021

Presenter, AssociationTRENDS, Donating and Accepting Cryptocurrencies: Legal and Practical Considerations, September 30, 2021

Guest Speaker, 9th International Workshop on Soft Computing Applications (SOFA 2020), Compliance by Design in Blockchain Platforms, November 27, 2020

Co-author, DataGuidance, Guidance Note – Data Protection in the Financial Sector (Maryland), November 2020

Presenter, American Society of Association Executives (ASAE), Law Essentials for Nonlawyers: Cybersecurity and Privacy, October 28, 2020

Co-Presenter, OneTrust DataGuidance, A Global Perspective on the NIST Privacy Framework, June 23, 2020

Presenter, American Society of Association Executives (ASAE), Law Essentials for Nonlawyers: Cybersecurity and Privacy, April 29, 2020

Speaker, Information Systems Security Association (ISSA) – Central Maryland Chapter: Risk Mitigation Strategies for Cybersecurity Service Providers, December 18, 2019

Panelist, Institute for Credentialing Excellence (ICE) Exchange: Key Steps to Data Management Preparedness by Credentialing Bodies in Quasi-Governmental Roles, November 21, 2019

Panelist, LeadingAge Annual Meeting + Expo: Protecting Privacy and Maintaining Data Security in a Connected Age, October 28, 2019

Speaker, Maryland Cyber Breakfast Club: Risk Mitigation Strategies for Cybersecurity Product and Service Providers, June 25, 2019

Author, U.S. Cybersecurity Magazine, Incident Response: Making the Most of the Attorney-Client Privilege and the Work Product Doctrine, Spring 2019 Issue

Panelist, bwtech@UMBC: European Privacy Invasion (GDPR) One Year In, California Privacy Takeover (CCPA) Six Months Out, May 21, 2019

Presenter, Association Forum & American Bar Association (Chicago), Privacy and Data Protection: The GDPR and the Rising Global Tide of New Laws, April 30, 2019

Moderator, Baltimore Development Corporation: Free Trade Zones and Opportunity Zones Roundtable, April 10, 2019

bwtech Executive Workshop for Int'l CyberSecurity Companies - What are the TOP Things a Foreign Company Should Know When Establishing a Business in the US?, April 1, 2019

Co-author and co-reviewer, Bloomberg Law, Privacy & Data Security: State Profile – Maryland, February 2019

Panelist, Meeting Professionals International, MACE 2019: GDPR, Privacy and Events - Lessons Learned and Looking to the Future, February 22, 2019

Speaker, ASAE - DC Idea Swap, Cybersecurity 2019: Navigate through the Changing Privacy and Data Security Landscape, January 24, 2019

Speaker, UMBC Cyber Defense Lab: Legal Aspects of Privacy and Data Protection, November 9, 2018

Speaker, Institute for Credentialing Excellence (ICE) Exchange (2018): What Certification Boards Need to Know About Cybersecurity and Privacy Rules Like the GDPR, November 8, 2018

Panelist, Howard Technology Council: Cyber Security Tricks & Treats, October 30, 2018

Guest speaker, Through the Noise podcast: GDPR for Nonprofits and Other Associations, May 24, 2018

Presenter, Webinar for Private Client: GDPR Compliance – A Practical Approach, April 30, 2018

Speaker, MSBA Advanced Business Law Institute (2018): Privacy & Data Security – Before the Incident, April 19, 2018

Moderator, bwtech@UMBC Cyber Innovation Briefing: The Global Impact, Promise & Perils of Blockchain, March 20, 2018

Presenter, Webinar for a nonprofit organization with a global data footprint: What You Need To Know About GDPR Compliance, March, 2018

Guest lecturer, Stevenson University School of Design: Intellectual Property Law Considerations for Graphic Designers, November 16, 2017

Speaker, CyberMaryland Conference (2017): Risk Mitigation Strategies for Cybersecurity Product and Service Providers, October 11, 2017

Speaker, MSBA Advanced Business Law Institute (2017): Contracting for IT Services & Electronic Contracting, April 20, 2017

Speaker, MSBA Advanced Business Law Institute (2016): What Lawyers Need to Know about Cybersecurity and Data Privacy, April 14, 2016

Moderator, Bar Association of Baltimore City, Privacy and Data Security – Is Your Law Firm Prepared?, March 21, 2016

Guest blogger, The Daily Record, Keep Calm and Prepare for a Cybersecurity Breach, August 3, 2015

Co-author, Vessel Excise Taxes, Chapter 11, Maryland Taxes, 5th Edition, Maryland State Bar Association

Regular lecturer, Smart Start Program, Maryland Small Business Development Centers

ARTICLES

February 17, 2022

Whiteford Celebrates International Language Day

In celebration of International Mother Language Day, attorneys and staff from across the firm share their greetings in Cape Verdean Creole, Chinese (Mandarin & Cantonese), Dutch, Farsi, French, German, Korean, Mongolian, Russian, Serbo Croatian, Tagalog, Urdu and Romanian.
February 12, 2021

Privacy Compliance and Personal Data Processing 101 - Tips for Businesses and Nonprofit Organizations

Whiteford attorneys Razvan Miutescu and Kristen Bertch from our Intellectual Property and Technology group were interviewed by Dorothy Deng in this presentation. Over the past few years, the general public has grown to be much more aware about data privacy issues. With the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and new U.S. privacy legislations being introduced to protect personal data, we discuss observations on business trends, privacy principles, legal compliance and more. The presenters also provide action items and practical suggestions to help businesses and nonprofit organizations navigate the evolving privacy law landscape.
April 28, 2020

Client Alert: Washington DC Increases Breach Response Requirements and Focuses on Data Security

A recent amendment to the District of Columbia’s data breach notification law (the “D.C. Breach Law”) highlights the nation’s increased focus on data security standards. Generally, the changes to the D.C. Breach Law fall into three categories: (1) expanding what is considered a reportable incident; (2) expanding the notification requirements for breaches; and (3) emphasizing proactive data security measures.
April 13, 2020

Client Alert: Guidance Issued for Ed Tech Companies and Schools during the COVID-19 Crisis

The Children’s Online Privacy Protection Act (“COPPA”) generally requires that operators of commercial websites and online services take certain steps to protect online privacy and safety of children under the age of 13.  Those steps include COPPA’s requirement that companies covered by COPPA provide notice of their data collection and use practices and obtain verifiable parental consent before collecting certain data and that they maintain reasonable data security safeguards.
April 3, 2020

Client Alert: U.S. Supreme Court Holds Duty of Safe-Berth is a Warranty, Regardless of Diligence or Fault

In November 2004, the 748-foot, oil tanker ATHOS I embarked on a 1,900 mile voyage from Puerto Miranda, Venezuela to Paulsboro, New Jersey laden with heavy crude oil.  In the final 900 feet of that voyage, as she made her approach to the berth in Paulsboro on the Delaware River, the flukes of an abandoned ship anchor punctured the single-hull of ATHOS I.  Approximately 264,000 gallons of cargo spilled into the river. 
March 31, 2020

Client Alert: OCR Issues Guidance About Sharing Patient Information and Telehealth Communications during Pandemic

The Office of Civil Rights (“OCR”) recently issued bulletins with important guidance for health care providers during the COVID-19 pandemic. 

The OCR has recognized that, during the COVID-19 national emergency, health care providers may seek to communicate with patients, and provide so-called “telehealth” services, through remote communications technologies.  Some of these technologies, and the manner in which they are used by HIPAA-covered healthcare providers, may not fully comply with the requirements of the HIPAA Rules.  However, in light of the national emergency, the OCR said that it will not impose penalties against covered health care providers for the lack of a HIPAA business associate agreement (“BAA”) with video communication vendors, or any other noncompliance with the HIPAA Rules that relates to the good faith provision of telehealth services during the COVID-19 nationwide public health crisis.
March 25, 2020

Client Alert: COVID-19 Cyber Scams: Protect Your Organization

With everyone’s attentions devoted to the COVID-19 crisis and the disruptions it has caused to the normal rhythms of business and personal affairs, it should come as no surprise that criminals and scammers are seeking to take advantage of the situation.
December 21, 2018

Client Alert: Guidelines on the Territorial Scope of the GDPR: 5 Takeaways For U.S. Based Associations and Nonprofit Organizations

On November 23, 2018, the European Data Protection Board (the “EDPB”) published the Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) (adopted on November 16), which are open to public comments until January 18, 2019. As the EDPB announced in its news release, the purpose of the Guidelines is to help provide a common interpretation of the territorial scope of the GDPR and clarify the GDPR’s application in various situations, in particular where the data controller or processor is established outside of the EU.
February 26, 2018

GDPR Compliance Quick Guide for U.S. Nonprofit Organizations and Associations

The General Data Protection Regulation (GDPR) is a privacy regulation of the European Union designed to give individuals control over their personal data. The GDPR protects the privacy of individuals regardless of their nationality when their data is collected when they are located in the European Union, Iceland, Liechtenstein or Norway (EEA). For example, the personal data of an organization’s employee, independent contractor, or volunteer located in the EEA may be protected by the GDPR even if that individual is a U.S. citizen and resident. 

August 17, 2023 - Honors & Awards

A Record 87 Whiteford Attorneys Listed in Best Lawyers in America 2024, Ten Selected as “Ones to Watch”

87 lawyers from Whiteford, Taylor & Preston have been selected by their peers for inclusion in The Best Lawyers in America® 2024 (copyright 2023 by Woodward/White, Inc., of Aiken S.C.). New practice areas of recognition include CleanTech Law and Entertainment and Sports Law. The lawyers selected are based in the firm’s Delaware, Maryland, Pennsylvania, Virginia and Washington offices. Client comments are posted on the Best Lawyers website, at bestlawfirms.com.
August 18, 2022 - Honors & Awards

73 Whiteford Attorneys Listed in Best Lawyers in America 2023, Six Selected as “Lawyer of the Year”

73 lawyers from Whiteford, Taylor & Preston have been selected by their peers for inclusion in The Best Lawyers in America® 2023 (copyright 2022 by Woodward/White, Inc., of Aiken S.C.). The lawyers selected are based in the firm’s Delaware, Maryland, Pennsylvania, Virginia and Washington, D.C. offices. Client comments are posted on the U.S. News & Best Lawyers web site, at bestlawfirms.com.
August 19, 2021 - Honors & Awards

75 Whiteford Attorneys Listed in Best Lawyers in America 2022, Eight Named “Ones to Watch”

A record 75 lawyers from Whiteford, Taylor & Preston have been selected by their peers for inclusion in The Best Lawyers in America® 2022 (copyright 2021 by Woodward/White, Inc., of Aiken S.C.). The lawyers selected are based in the firm’s Delaware, Maryland, Pennsylvania, Virginia and Washington offices. Client comments are posted on the U.S. News & Best Lawyers web site, at bestlawfirms.com.
January 4, 2021 - News

New 2021 Partners Elected at Whiteford, Taylor & Preston

Whiteford, Taylor & Preston is pleased to announce that Craig Booth Heron, Razvan E. Miutescu, Roberto M. Montesinos, Daniel R. Schimizzi and Ryan J. Stoker have been named Partners of the firm, effective January 1, 2021. 
March/April 2018 - News

Countdown to GDPR

Whiteford attorneys quoted in ASAE's Associations Now article.