Mary T. Costigan

Mary T. Costigan is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. She holds Certified Information Privacy Professional/US and EU designations from the International Association of Privacy Professionals (iapp).

Mary’s practice focuses on data privacy and cybersecurity. She counsels a wide range of regional, national and multinational clients on data privacy and cybersecurity laws, compliance, and best practices.

Mary regularly advises on issues related to Human Resources and employee data, privacy programs and  information management, website privacy policies, monitoring, biometric data collection, artificial intelligence, consumer data and state consumer data protection laws including the California Consumer Privacy Act (CCPA), data incident response preparation, vendor management and data processing agreements, privacy and security under HIPAA/HITECH, the U.K. and EU General Data Protection Regulations, and cross-border transfers.

Mary has extensive experience assisting clients across various industries on data incident response and related regulatory inquiries.

Honors and Recognitions

• The Best Lawyers in America©, “Employment Law – Management” (2024-present) and “Privacy and Data Security Law” (2025)

Published Works

• “New Jersey – Data Protection Overview,” OneTrust DataGuidance (January 2020) [Author]

Speeches

• “The New Digital Landscape: How to Control Security Issues and Protect Trade Secrets as More People are Working from Home and on Their Own Devices,” NJ ACC (August 2020) (speaker)
• “CCPA,” Truyo Privacy Leaders Circle (June 2020) (speaker)
• “Mitigating Risk by Managing Your Sensitive Data,” ARMA/iapp (May 2020 ) (speaker)
• “COVID-19 Daily Briefing: Communications,” Jackson Lewis PC (May 2020) (speaker)
• “Trends in Data Security,” NJ SHRM (Hasbrouck Heights, NJ, February 2020) (speaker)
• “Crawling Your Network to Auto-Classify Sensitive Data Subject to Regulatory Control,” ITLA 2019 LegalSEC Summit (Washington, D.C, November 2019) (speaker)
• “Recent News and Current Concerns for Government Contractors, Data Privacy and Security,” Jackson Lewis PC Government Contractor Symposium (Reston, VA, November 2019) (speaker)
• “Privacy and Cybersecurity for In-House Counsel,” Jackson Lewis PC (Berkeley Heights, NJ, October 2019, CLE) (speaker)
• “Digital Ethics,” New Jersey ACC (South Orange, NJ, May 2019, CLE) (speaker)
• “Navigating the Patchwork: Complying With Your Legal Obligations to Safeguard Data – Impact of the GDPR on US-Based Organizations,” New York State Bar Association (webinar, October 2018) (speaker)
• “The EU General Data Protection Regulation,” Carolinas Credit Union League Compliance Legal Update (Winston-Salem, NC, August 2018) (speaker)
• “How to Comply with GDPR Requirements: What Every U.S. Company Needs to Know,” EVERFI Webinar (May 2018) (speaker)