Cookie/Privacy Notice


We make the connected world the protected world – rapidly, discretely.

Practice Group Leader: Timothy J. Pastore


For centuries, protecting real estate assets meant little more than providing for adequate physical security.  Lock your doors, put up a fence (or a moat), shine some lights (or a torch), hire a guard (or an army).

Things are a little more complicated today. 

In an increasingly connected and data driven universe, cybersecurity now poses equal, if not greater, risk to real estate assets than does physically securing real property. 

  • Building management systems - lighting, access control, heating and air-conditioning systems - are now all subject to cyberattack.

  • Real estate closings – historically done in person – are now generally done by email and subject to phishing scams.

  • Record keeping of sensitive personal and corporate data – previously done on paper – is now predominantly done electronically and subject to breach.

  • The movement of money – previously by check or cash – is now ubiquitously done by wire transfer or even cryptocurrency, and subject to diversion or fraud.

In a changing world, one thing remains constant.  Criminals do bad things.

Property managers, institutional investors, funds, lenders, borrowers, developers, brokers/agents, appraisers, multiservice real estate firms and others hold significant amounts of confidential third-party information in vast, tangled electronic communications systems and networks.  This may include personally identifiable information (social security numbers, addresses, etc.)  and/or confidential corporate information (tenant lists, financial models, appraisals, banking records, etc.) - all the type of information cybercriminals target.

Hackers are diverting funds with stolen wiring instructions, gathering and trading on information about pending real estate transactions, seizing electronic building controls, and duping untrained and unsuspecting employees to gain access to highly sensitive financial and personal data used in sophisticated real estate transactions.

Any real estate player saving confidential information about employees, customers, clients, or third-parties must assure confidentiality and security.  Real estate companies that use, collect, process or store identifiable information face potential liability from emerging privacy laws in the US and abroad.  In addition to common law principles, there is an increasingly complex and varied array of state, federal and international privacy laws which must be navigated and understood.

As the Pure Play in Real Estate Law®, Duval & Stachenfeld LLP is uniquely positioned to provide our commercial real estate clients with innovative structures, processes, and policies to enable them to comply with these increasingly complex (and often conflicting) regulatory environments. 

This where D&S’s Real Estate Cybersecurity Practice Group can help. 

Led by partner Timothy J. Pastore (a/k/a, Captain Tim) – along with our 50+ attorney real estate practice group  – and our Chief Technology Officer, Maria Aksentyan – the Real Estate Cybersecurity Practice Group is here to advise and protect our real estate clients against the perils of the cyberworld.

Captain Tim is a former U.S. Air Force JAG and federal prosecutor – and a perennial Super Lawyer. 

Notably, he represents some of the largest companies in the world on various security matters, including Comcast, Charter, Time Warner Cable, Cox, Altice, Mediacom, Brighthouse, Protection One and others.  He also represents developers, institutional investors, special servicers and others in the commercial real estate world.  This blend of experience uniquely positions Tim to help our commercial real estate clients in this complicated, confusing and scary area.

Among other topics, Tim has lectured on:

  • The Evolving Cyber Threat for Connected Devices and Cloud-based Services
  • The Evolving Cybersecurity Legal Landscape  
  • Department of Homeland Security’s Framework and Principles for IoT Devices

Since cybersecurity has particular concerns for the real estate world, Tim has teamed himself with our 50+ attorney real estate group to handle these real estate cybersecurity matters.

And of course no cybersecurity team would be complete without a star-quality “techie”.  Our Chief Technology Officer, Maria Aksentyan, has protected us from many years for all manner of worms, bugs, viruses and other invaders.  Among other programs, Maria routinely drills her troops – i.e. our law firm – with tricks and traps to catch us falling for scams of all nature.  Nothing is more embarrassing than being caught by Maria’s trickery and, as a result, we are all on consistent high alert.   

The services offered by the Real Estate Cybersecurity Practice Group include:
  • Managing communications with appropriate regulatory authorities

  • Preparation and development of and guidance on privacy policies, data retention protocols, data protection memoranda, and privacy impact assessments.

  • Ongoing GDPR compliance.

  • Advising on cybercrime and data breach insurance policies and claims.

  • Cybercrime incident preparedness, response, breach notifications, and related internal and external investigations.

  • Reviewing and analyzing customer and vendor agreements.

  • International data protection compliance programs and audits, and responses to government compliance reviews.

  • Disclosure of data to law enforcement authorities.

  • On site staff training and application of internal security protocols.

  • Managing and defending litigation stemming from data breaches, including class actions, shareholder derivative actions, securities fraud cases and regulatory enforcement actions.

At D&S, we know the real estate world, we know the connected world, and we know how to protect both.


Neither the content on this web site nor any transmissions between you and Duval & Stachenfeld LLP through this web site are intended to provide legal or other advice or to create an attorney-client relationship.In communicating with us through this web site, you should not provide any confidential information to us concerning any potential or actual legal matter you may have. Before providing any such information to us, you must obtain approval to do so from one of our lawyers.

By clicking "ACCEPT" below (and thereby choosing to communicate with us without such prior approval), you understand and agree that Duval & Stachenfeld LLP will have no duty to keep confidential any information you provide.