Carl A. Anderson is founder and managing partner of Rock Spring Law Group PLLC. Carl is nationally recognized for his expertise in complex cybersecurity, data breach and privacy issues especially in regard to regulatory compliance. Carl is an innovative leader in developing blended legal, technical, and governance strategies to prepare companies with timely and comprehensive responses to rapidly evolving data protection and cybersecurity risks.

Prior to founding Rock Spring Law Group, Carl served as the Chief Legal Officer and SVP of Government Affairs for a leading international data protection standards and certification organization where he was instrumental in the development of effective security programs for health care and life sciences companies. He led an in-house legal team providing guidance on global legal strategies including human resources, real estate, antitrust and global compliance as well as key business transactions and venture opportunities. In this role, Carl was a key industry source on the privacy and security issues facing Fortune 1000 companies. Carl was also a founding Board Member of the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) where he helped develop its operating procedures and business plan.

Earlier, Carl was a Vice President at a leading government relations firm in Washington, D.C. Although one of the youngest members of the firm, he was a leader in their crisis management team. He was repeatedly called upon to navigate Fortune 1000 clients’ complex regulatory and legislative scenarios. Carl’s strategic advice to companies continues to focus on developing business relations with the federal government including regulatory enforcement, high-profile investigations, compliance review as well as identifying contract opportunities.

Carl’s government service includes counsel with the House Energy and Commerce Committee where he prepared many high-profile industry investigations and hearings. At the United States Department of Justice, he served as a senior attorney where he specialized in white-collar litigation, regulatory enforcement and federal contract compliance. He was named a member of the prestigious Attorney General’s Honors Program and appointed a Special Assistant U.S. Attorney for the District of Columbia.

Carl obtained his J.D. from The Catholic University of America and B.A. from Virginia Tech. He is a member of the District of Columbia Bar Association.

Steven J. Bonafonte maintains active practice in Connecticut and Washington, D.C.

In addition to serving as the outside general counsel to several entities, Steve provides special counsel regarding privacy and cybersecurity issues; public policy and government relations advocacy; advice on information technology contracts, policies and joint-ventures; counsel regarding ethics, compliance and corporate governance; and conducts complex anti-fraud and corporate internal investigations (several of which have involved matters of public trust and have been covered in the press). He speaks nationally on these issues and regularly interacts with federal and state law enforcement officials and other government entities on cybersecurity and public policy related matters.

Steve is a Certified Fraud Examiner (CFE) and a Certified Information Privacy Professional (CIPP/US). He has served as the General Counsel to both the Connecticut Chapter of the Association of Certified Fraud Examiners (ACFE) and to the Connecticut Chapter of the Society of Information Management (SIM).  He was an original member of the Connecticut State Cybersecurity Committee, the only private sector member of the Connecticut Election Cybersecurity Task Force (2018) and has actively participated in the drafting of Connecticut’s Cybersecurity Action Plan.

Previously, Steve served as a partner and co-chair of the Privacy, Cybersecurity and Infrastructure Protection practice group of a large Connecticut law firm and prior to that as managing corporate counsel and the enterprise privacy and corporate compliance officer at a Fortune 100 financial services company.

In prior legal roles, Steve served as the principal anti-fraud counsel to a major insurance company, developing legal anti-fraud protocols and directing major case investigations and filing of affirmative civil anti-fraud RICO litigation against suspected fraudulent medical providers and other organized ring activity. As in-house counsel, he supervised both internal and outside counsel and has provided general legal counsel to several diverse internal business groups including Information Technology (internal compliance, vendor contracts), Marketing and Communications (legal review and compliance) and Global Sourcing (cross-border data transfer, business continuity). Prior to serving as legal counsel, Steve spent eight years in the Internal Investigations division of a large financial services company conducting global financial crime and other investigations and supervising (prior law enforcement) investigative staff.

Steve was appointed by the Chief Justice of the Connecticut Supreme Court as a representative member on the State of Connecticut’s Commission on the Death Penalty, serving from 2001-2003. He also served as Chairman of the Hartford Redevelopment Agency, Chairman of the Hartford Parking Authority, a Commissioner of the Metropolitan District as well as numerous other non-profit and government boards and commissions.  Steve also currently serves as an adjunct law professor (National Security Law) at Quinnipiac University School of Law.

Steve received his B.A. from Gettysburg College and J.D. with honors from Quinnipiac University School of Law.   He is admitted to practice in Connecticut and the District of Columbia.