Jonathan Direnfeld


Washington, D.C.

Read full biography at

Jon Direnfeld is a litigation partner in the Washington, D.C., office focused on defending tech and data-driven companies against regulatory enforcement and litigation actions involving critical online and offline data management and sales & marketing activities.

Jon’s enforcement work regularly involves navigating the patchwork of federal and state “consumer protection” rules, including statutes and regulations enforced by the Federal Trade Commission (FTC), Consumer Finance Protection Bureau (CFPB), U.S. Department of Justice (DOJ), State Attorneys General (AGs), and local District Attorneys. These matters cover a broad spectrum of B2C and B2B issues, including data privacy, cybersecurity, and so-called “unfair and deceptive” practices with a focus on representation of e-commerce platforms, marketplaces, social media and fintech companies.

Jon has substantial experience in crisis management, helping clients devise and implement coordinated regulatory, legislative, and media responses to high stakes incidents.  In addition, he has an active complex commercial litigation practice in federal and state courts across the country.

Posts by: Jonathan Direnfeld

FinCEN to Financial Institutions: Include Cyber Data in Suspicious Activity Reports (SARs)

cyber data

As new legislation aimed at facilitating greater cybersecurity information sharing between private industry and government takes effect (i.e., Cybersecurity Information Sharing Act), FinCEN Director Jennifer Shasky Calvery recently called for “financial institutions to include cyber-derived information (such as IP addresses on bitcoin wallet addresses) in suspicious activity reports.”  Director Shasky Calvery’s statement dovetails with the Federal Financial Institutions Examination Council (FFIEC)  Cybersecurity Assessment Tool (CAT) launched last year that we discussed previously, which lists “threat intelligence and collaboration” through information-sharing forums as one of five key “domains” for assessing cybersecurity preparedness.  Regulated entities should take stock of this shifting risk management and compliance landscape, and evaluate the need for changes (and investments) to existing cybersecurity tools necessary for information collection, analysis and sharing.