Mary T. Costigan

Of Counsel
Berkeley Heights

P 908-795-5135 F 908-464-2614


Mary T. Costigan


Mary T. Costigan is of counsel in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. She holds a Certified Information Privacy Professional/US designation from the International Association of Privacy Professionals (iapp).

Mary advises multinational, national, and regional companies on emerging privacy and cybersecurity issues, including the broad and growing array of mandates, best practices, and preventive safeguards. In particular, she focuses on advising and assisting clients in matters relating to compliance with the General Data Protection Regulation (GDPR) and U.S. privacy and data security standards such as HIPAA/HITECH. She also assists clients with data breach preparation and response, biometric data collection policies, vendor security assessments, and data security agreements, including business associate agreements.

Mary started her career as a litigation associate in private practice and worked as a senior litigator and advisor to the Massachusetts Department of Revenue in its Boston and New York City offices. Prior to joining Jackson Lewis, she was a global privacy manager at KPMG where she advised internal stakeholders and project teams on global data protection and privacy matters, with a concentration on software applications.

Professional Associations and Activities

  • International Association of Privacy Professionals
  • American Bar Association
  • New Jersey Bar Association

Published Works

  • "New Jersey - Data Protection Overview," OneTrust DataGuidance (January 2020) [Author]


  • "The New Digital Landscape: How to Control Security Issues and Protect Trade Secrets as More People are Working from Home and on Their Own Devices," NJ ACC (August 2020) (speaker)
  • “CCPA,” Truyo Privacy Leaders Circle (June 2020) (speaker)
  • "Mitigating Risk by Managing Your Sensitive Data,” ARMA/iapp (May 2020 ) (speaker)
  • “COVID-19 Daily Briefing: Communications,” Jackson Lewis PC (May 2020) (speaker)
  • "Trends in Data Security,” NJ SHRM (Hasbrouck Heights, NJ,  February 2020) (speaker)
  • "Crawling Your Network to Auto-Classify Sensitive Data Subject to Regulatory Control,” ITLA 2019 LegalSEC Summit (Washington, D.C, November 2019) (speaker)
  • “Recent News and Current Concerns for Government Contractors, Data Privacy and Security,” Jackson Lewis PC Government Contractor Symposium (Reston, VA,  November 2019) (speaker)
  • “Privacy and Cybersecurity for In-House Counsel,” Jackson Lewis PC (Berkeley Heights, NJ, October 2019, CLE) (speaker)
  • “Digital Ethics,” New Jersey ACC (South Orange, NJ, May 2019, CLE) (speaker)
  • “Navigating the Patchwork: Complying With Your Legal Obligations to Safeguard Data - Impact of the GDPR on US-Based Organizations,” New York State Bar Association (webinar, October 2018) (speaker)
  • “The EU General Data Protection Regulation,” Carolinas Credit Union League Compliance Legal Update (Winston-Salem, NC, August 2018) (speaker)
  • “How to Comply with GDPR Requirements: What Every U.S. Company Needs to Know,” EVERFI Webinar (May 2018) (speaker)