Michelle Schaap, Esq
Member, Privacy & Data Security and Corporate & Securities Groups

Courses: 1

Michelle regularly advises on cybersecurity preparedness, counsels when data security incidents arise and trains companies on best practices for security procedures addressing both their business operations and their customers’ concerns. Michelle assesses risk management practices and security incident preparedness in developing proactive security incident response and recovery plans. Additionally, she works with clients in contract review, drafting and negotiation in critical areas of privacy and security.
Michelle counsels clients on incident and breach response – often serving as quarterback to the incident response team, working closely with her client’s senior executives, forensics, law enforcement and other critical members of the team.
She is a Certified Information Privacy Professional, awarded from the International Association of Privacy Professionals, with a concentration on U.S. private-sector law (CIPP/US).


  • Counsel clients on incident and breach response
  • Counsel clients on cybersecurity policies and procedures
  • Training clients on cyber-mindfulness
  • Non-technical risk assessments
  • Represents clients to develop incident response plans and conducts tabletop exercises
  • Contract audits for clients regarding cybersecurity and related undertakings
  • Website terms and conditions and privacy policies
  • Negotiation of the sale of an independent website to a major publishing house ($3 million)
  • Sale of a software developer to a major technology rollup entity ($60 million)
  • Licensing agreements
  • Draft and negotiate website development and hosting agreements
  • Negotiation of non-disclosure and non-circumvention agreements

Prior to joining the firm, Michelle served as in-house counsel to Toys “R” Us, Inc. from 1991 to 1996. She also worked in Japan for several years as a foreign associate with the Tokyo-based firm of Hamada & Matsumoto (now Mori, Hamada & Matsumoto).


  • ConstructionDIVE: The Dotted Line: 4 ways to interpret construction contracts amid coronavirus
  • COVID-19 Scams, Frauds and Misinformation: Do Not Let Fear and Isolation Allow You to be Phished
  • Privacy Laws, Duty to Warn and Communication Considerations Concerning COVID-19
  • Practical considerations for employers as their workforce goes remote amid COVID-19 outbreak
  • American Bar Association's Fidelity & Surety Law Committee's 2020 Midwinter Conference
  • ConstructionDIVE: Skanska selects third-party cybersecurity firm
  • NJCPA Technology and Cybersecurity Update
  • SheLeads Tech Event
  • Not in California? Here's Why the CCPA Should Still Be on Your Radar
  • The Long Reach of New York's Shield Act
  • The Pros and Cons of Online Meeting Platforms
  • GSBA Intellectual Property Law Forum
  • COMMERCE Magazine: Cyberspace: Protecting Data is Serious Business
  • ConstructionDIVE: How can and should data from construction wearables be collected?
  • Cybersecurity Panel - What Should Keep You Up at Night?
  • NJSBA Real Property Trust and Estate Law Section Newsletter: Cybersecurity Considerations in Real Estate Transactions
  • States Across U.S. Rush to Implement Data Privacy Regulations
  • Amendment to Breach Statute
  • NJBIZ: An evolving threat - even small businesses have to worry about cybersecurity
  • Wipro Breach: What to do now
  • Responding to, and managing the risk of, the inevitable data breach
  • Popular Science: How to keep your 'vintage' tech alive
  • Cybersecurity and Career Paths for Women in the Profession
  • Cyber Security and Opportunity Zone Investing
  • Biometrics: A Data Analytics Treasure Trove or a Lawsuit in the Making?
  • Cybersecurity for Small Businesses
  • Business Information Workshop Why Cybersecurity Matters
  • Cybersecurity Best Practices
  • Law360: What Construction Attorneys Must Know About Virtual Reality
  • Understanding New Tech for Corporate and Business Lawyers
  • Ten Cybersecurity Tips for Safer Travels
  • ConstructionDIVE: The Dotted Line: Mitigating the risks of technology
  • Pennsylvania Supreme Court Ruling Opens Floodgates on Cybersecurity Lawsuits
  • Wise Women@ Work Podcast: Michelle Schaap from CSG Talks About Her Career in Law and Cyber Security
  • Data breaches are a foreseeable risk and companies owe a common law duty of care when they "create" the risks
  • Whether offering Cyber Monday discounts, soliciting year-end charitable donations or marketing your business online, your website policies and terms matter!
  • Ten tips for cyber mindfulness and data security (even on a limited budget)
  • Protecting Your Trade Secrets from Cyber Threats
  • Law360: A Construction Attorney's Road Map For Automated Vehicles
  • Law360: What Construction Attorneys Must Know To Avoid Software Pitfalls
  • Ask First!
  • From victim to accomplice: When liability shifts in cases involving corporate data breaches
  • Facebook Breach and Immediate next steps
  • Quick Cash = Quick Breach
  • Credit Freezes
  • Making the Case for Continuous Employee Cybersecurity Training
  • Why You Shouldn't Post Milestone Dates on Social Media
  • Resources for optimizing your social media privacy and data security settings
  • Emotet Malware: Proving the Importance of Verification
  • California's New Data Privacy Law, Explained
  • Hazardous Waste and Customer Information - Anything but Perfect Together!
  • Webinar | Cybersecurity Considerations in M&A Transactions
  • ConstructionDIVE: Survey: Small Construction Companies Lukewarm on Tech Investment
  • NJBIZ: Retailers Take 'Omnichannel' Approach
  • Proposed New York Legislation: Cybersecurity Is Not Just an Issue for Financial Services and Insurance Companies
  • Equipment Leasing Newsletter: Cybersecurity in Commercial Equipment Leases
  • Journal of Equipment Lease Financing: Cybersecurity - The Increasing Obligations and Exposure in the Age of State Regulation
  • IAMCP NJ Meeting - Cyber Crime Defense
  • Affirmative Data Security Obligations for Business
  • New Jersey Adopts Personal Information and Privacy Protection Act Restricting Retailers' Right to Request and Retain Customer Information
  • Patch Early, Patch Often: If You Hit "Remind Me Later", It May Be Too Late
  • Anatomy of a Breach Response
  • Ransomware: To Pay or Not to Pay, That is the Question...
  • WannaCry Explained
  • NJBIZ: Badge of Honor - Cybersecurity Company Comodo is Proud to Have Frustrated the CIA into a Rude Remark
  • NJBIZ: Computer Viruses Can Cost Organizations. But Ransomware Can Cost Them in More Than One Way. Running a Successful Solo or Small Firm
  • Cybersecurity Summit
  • New Jersey Business: Cybersecurity for Small Businesses
  • Connected Medical Devices loT - Impact to Patient Safety
  • Cybersecurity Concerns for Businesses
  • New York State Cybersecurity Regulations Regarding Cyber and Data Privacy Obligations Applicable to Banking, Insurance and Financial Services
  • NJBIZ: Triple Play Cybersecurity Tips
  • Controversial New York Cybersecurity Regulations Revised
  • New York Cybersecurity Regulations Delayed
  • Beyond Yahoo!...Safety Tips
  • You Check the Date on Your Milk Carton...But When Did You Last Check the Date on Your Website Policies
  • Employers Breakfast Briefing: The Five Critical Issues in Cybersecurity and Privacy
  • Learn How to Prepare for Cyber Attacks
  • What Do the New FCC Privacy and Security Rules Mean for Internet Service Providers and Their Subscribers?
  • Pending NY State Proposed Cybersecurity Requirements for "Covered Entities"
  • Cyber Security and Sustainability Panel
  • Real Estate Forum: Big Data is a Big Deal for Real Estate
  • com: How Should the Industry Approach Cybersecurity?
  • com: Cybersecurity's Role in Commercial Real Estate
  • ConstructionDIVE: A Future 'Hot Target' for Attackers: How Construction Companies Can Improve Cybersecurity
  • Cyber Attacks / Cyber Security, An Ounce of Prevention Minimizes the Impact of the Inevitable Attack
  • Repercussions of the EU Safe Harbor Ruling EU Safe Harbor for Protection of Personal Data Received from the EU Under Fire
  • Do IT Contractors Really Need to Carry Insurance?


  • CIANJ, Best Practices Award (2019)
  • The Best Lawyers in America®, Privacy & Data Security Law (2020)
  • New Jersey Law Journal’s 2018 Top Women in the Law (2018)
  • Leading Women Entrepreneurs & Corporate Leaders of New Jersey Honoree (2017)
  • Corporate Insider Excellence in Technology Law Award - New Jersey (2017)
  • Professional Lawyer of the Year Award – New Jersey Commission on Professionalism in the Law (2017)
  • Best 50 Women in Business, NJBIZ (2011)
  • Martindale-Hubbell AV® Preeminent™ Rating


  • American Bar Association
  • Essex County Bar Association
  • The Fellows of the American Bar Foundation
  • International Association of Privacy Professionals
  • New Jersey Business and Industry Association, Information Technology Committee (2016-2017)
  • New Jersey State Bar Association
  • New Jersey Women Lawyers Association (President, 2018-2019; President Elect, 2017 - 2018; Vice President, 2016 - 2017; Chief Financial Officer, 2015 - 2016; Former Co-Chief Operating Officer, 2013 - 2015)
  • Women Presidents Organization
  • NJ LEEP, Mentor


  • International Association of Privacy Professionals (Certified Information Privacy Professional, 2019)
  • Mitchell Hamline School of Law (Cybersecurity and Privacy Law Certificate, 2016)
  • New Jersey Institute of Technology (Certificate in Construction Management, 2009)
  • Rutgers University School of Law - Newark (J.D., 1987)
  • Cornell University (B.A., cum laude, 1984)


  • New Jersey

Courses by Michelle Schaap