• Joseph W. Swanson
  • 813.229.4335
  • Share Share this page
Joseph W. Swanson

Joseph W. Swanson



Joe Swanson is a former federal prosecutor who advises clients on a variety of issues related to cybersecurity and privacy. He routinely investigates and responds to data breaches, ransomware attacks, phishing attacks, business email compromises, wire diversion schemes, and similar cyber incidents. These engagements frequently involve coordination with cyber insurance carriers. Joe also represents clients in litigation, including class actions, and regulatory inquiries stemming from those cyber incidents. In addition, Joe advises on best practices for interacting with law enforcement, regulators, contract parties, and other constituencies in the event of a cyber incident. Joe also assists clients with drafting incident response guides and related cyber policies and procedures, as well as complying with privacy laws and regulations, such as the EU General Data Protection Regulation, HIPAA, the California Consumer Privacy Act, and other state statutes. Joe also advises clients on cybersecurity and privacy issues in connection with due diligence related to investments and other corporate transactions.

In addition to Joe's privacy and cybersecurity practice, he represents companies and individuals in government and criminal investigations and conducts internal investigations. His experience in this area has encompassed a range of issues, including cybercrime, government contracting, theft of government property, pharmaceutical marketing, health care, gambling, securities, public company accounting, and compliance with professional standards of conduct. The internal investigations have been prompted by government enforcement proceedings, as well as company-initiated investigations based on suspected wrongdoing by employees, competitors, and other third parties. Joe has experience referring the findings of those investigations to federal prosecutors.

Joe also defends companies, executives, and directors in shareholder litigation and high-stakes commercial litigation, including class actions, in federal and state court. These matters have included securities claims, trade secret disputes, claims for breach of fiduciary duty, and claims for fraud and unfair and deceptive trade practices.

Before joining the firm, Joe served as an assistant U.S. attorney in the Criminal Division of the U.S. Attorney’s Office for the Middle District of Florida. This experience provides the foundation for his practice. As an AUSA, Joe investigated and prosecuted a broad range of offenses, including computer/privacy crimes, obstruction of justice, tax fraud, mortgage fraud, and money laundering. He tried seven cases to verdict and handled hundreds of hearings and other proceedings on behalf of the government. He also served as the Computer Hacking and Intellectual Property (CHIP) Coordinator in Tampa, where he advised other prosecutors on investigative techniques involving internet and email providers, computers, websites, and other electronic evidence.

In 2017–2018, Joe was appointed by the U.S. District Court for the Middle District of Florida to chair three merit selection panels that recommended appointments for federal magistrate judge positions. He leads the firm’s Cybersecurity and Privacy Practice.

Featured Insights


Cybersecurity and Privacy

  • Represented settlement administrator in investigating and responding to business email compromise and wire diversion scheme.
  • Defended health care provider in putative class action and federal regulatory investigation stemming from ransomware attack.
  • Represented automotive supplier in investigating and responding to ransomware attack.
  • Defended public entity against putative class action stemming from phishing attack.
  • Represented publicly traded construction company in investigating and responding to data breaches, which included notifications to individuals and regulators.
  • Represented construction company in investigating and responding to wire diversion scheme and business email compromise.
  • Represented electronics supplier in investigating and responding to ransomware attack, data breach, and fraudulent wire transfer scheme. Engagements included advising on contractual obligations with customers, coordinating with law enforcement, and notifying affected individuals and regulators.
  • Represented financial institution in investigating and responding to data breach, which included notifications to consumers and regulators, as well as post-mortem review and analysis.
  • Represented life insurance company in investigating and responding to phishing attack and business email compromise. Representation included notification to law enforcement and regulators.
  • Represented international retailer in investigating and responding to data breach suffered by third-party service provider.
  • Represented public entity in investigating and responding to data breach. Engagement included coordinating with law enforcement and notifying affected individuals.
  • Represented public entity in investigating and responding to cyber threat. Engagement included vendor contract review and notifying affected individuals.
  • Conducted internal investigation for public company related to insider threat to corporate data.
  • Represented title insurance company in responding to computer-based fraud scheme. Representation included developing best practices for client to reduce threat.
  • Advised insurance company regarding OFAC compliance in connection with ransomware attack and claim.
  • Drafted and revised incident response guide and related policies and procedures for clients in various industries, including telecommunications, life insurance, financial services, and retail.
  • Advised clients on compliance with privacy laws and regulations, including conducting data mapping, drafting privacy policies and related documentation, drafting and negotiating vendor contracts, and overseeing mock audits.
  • Advised private equity firm and other clients on cybersecurity and privacy due diligence in connection with investments and other corporate transactions.

White Collar Crime and Government Investigations

  • Provided cybersecurity advice to client accused of computer crimes. Engagement included leading the depositions of government’s computer expert.
  • Represented business owner in responding to federal criminal tax investigation.
  • Represented durable medical equipment suppliers in multidistrict federal investigation involving alleged false claims and kickbacks.
  • Represented electronic health record company in responding to and resolving federal False Claims Act investigation. Engagement ended with resolution on favorable terms for the client.
  • Represented construction company in responding to federal contracting investigation. Engagement resulted in investigation being closed with no charges filed.
  • Represented national financial institution in conducting investigation related to grand jury subpoena.
  • Represented educational institution in responding to grand jury subpoena.
  • Defended pharmaceutical company and its executives in FDA investigation.
  • Defended individual against federal charges stemming from theft of government property.
  • Defended individual in SEC proceeding related to federal criminal conviction.

Securities, Derivative, and Commercial Litigation

  • Represented electronic health record company in multiple putative class actions in federal court stemming from federal DOJ investigation.
  • Represented former pharmaceutical executive in federal litigation involving allegations of federal and state securities violations.
  • Represented former officers and directors of retail company in responding to threatened claims of breach of fiduciary duty.
  • Represented publicly held insurance company in litigation that included claims of theft of trade secrets, breach of fiduciary duty, and breach of contract.
  • Defended former directors and officers of nonprofit organization against claims of breach of fiduciary duty associated with bankruptcy proceeding.
  • Defended six former officers of public company against claims asserted in federal and state court involving securities fraud, breaches of fiduciary duty, and other claims totaling hundreds of millions of dollars.
  • Represented the special litigation committee of a public company investigating claims involving federal securities violations, breaches of fiduciary duty, insider trading, and an accounting restatement.
  • Represented major insurance company in monitoring and analyzing securities litigation and insider trading investigation involving insureds.
  • Represented executive and corporate entities in garnishment proceedings in the U.S. District Court for the Middle District of Florida.
  • Represented pharmaceutical company in federal and state litigation, including multidistrict litigation, that involved allegations by state attorneys general and other plaintiffs regarding drug pricing.

All Insights



All News



  • Recognized as a top author in data privacy by the 2021 JD Supra Readers' Choice Awards
  • BTI Client Service All-Stars (2020)
  • The Best Lawyers in America, Commercial Litigation (2021–2023)
  • "Up & Comers,"Tampa Bay Business Journal (2017)

Professional & Community Involvement

  • The Sedona Conference
    • Data Security and Privacy Liability Working Group
  • U.S. District Court for the Middle District of Florida
    • Magistrate Judge Merit Selection Panel (2017–2018)
  • American Bar Association
  • Clemency Project 2014
    • Screening Committee
  • Federal Bar Association
  • FBI InfraGard, Tampa Chapter
  • Herbert G. Goldburg-Ronald K. Cacciatore Criminal Law American Inn of Court
  • Tampa Bay Electronic Crimes Task Force
  • Hillsborough County Bar Association

Speaking Engagements

  • "Website Tech Fueling Privacy Litigation: How to Reduce Your Risk," Carlton Fields (April 17, 2023)
  • "Internal Investigations and the Attorney Client Privilege," Client Presentation (March 7, 2023)
  • "Breach Response Lifecycle," 10th Annual Gasparilla Cybersecurity Summit, Tampa, FL (January 27, 2023)
  • "Cybersecurity and Data Privacy and Rights Management," ALI CLE Life Insurance Company Products 2022, Washington, DC (November 3, 2022)
  • "Incident Response Guide, Second Edition," Sedona Conference Working Group 11 Midyear Meeting, Cleveland, OH (November 2, 2022)
  • "Managing Data Breach Liability and Exposure," International Association of Privacy Professionals (October 26, 2022)
  • "Don’t Go Up in Smoke: Best Practices for Managing the Latest Cybersecurity and Privacy Risks," Association of Corporate Counsel, Tampa Bay Chapter, Tampa, FL (May 19, 2022)
  • "Batten Down the Hatches: Cybersecurity Case Studies and Tips for Risk Mitigation and Effective Response," 45th Annual Local Government Law in Florida, The Florida Bar, Naples, FL (May 6, 2022)
  • "Board Oversight of Privacy and Cybersecurity Risks," Private Directors Association, Tampa Bay Chapter, Clearwater, FL (April 27, 2022)
  • "Privacy Class Actions and Other Litigation: Latest Developments and Trends to Watch," Carlton Fields Client Presentation (December 8, 2021)
  • "Ransomware: The Latest Threats and Claims," Carlton Fields Client Presentation (November 17, 2021)
  • "Ransomware: The Latest Threats and Efforts to Stem the Tide," Carlton Fields Client Presentation (September 27, 2021)
  • “Cyber Claim Trends and Related Developments,” Carlton Fields Client Presentation (August 17, 2021)
  • “Ransomware: The Latest Threats and Efforts to Stem the Tide,” Carlton Fields Client Presentation (August 16, 2021)
  • "Leaders Forum: Cybersecurity Panel Discussion,” Carlton Fields Client Presentation (July 20, 2021)
  • "Charting Your Board Service Journey," Tampa Bay Private Directors Association Webinar (June 22, 2021)
  • "An Insider’s Look at Cybersecurity Cases," Webinar for The Fund (October 20, 2020)
  • "Cybersecurity and Privacy Update," ACLI Annual Conference (October 13, 2020)
  • "Cybersecurity for Growth-Stage Private Companies in the COVID-19 Era," Carlton Fields Client Webinar (September 23, 2020)
  • "The California Consumer Privacy Act: Are You Ready?," Carlton Fields (August 25, 2020)
  • "CFO Forum – Cybersecurity," Carlton Fields Client Presentation (June 4, 2020)
  • "The California Consumer Privacy Act: Getting Up to Speed with the Looming Enforcement Deadline," Carlton Fields (May 21, 2020)
  • "Cybersecurity and Privacy Litigation and Enforcement in the COVID-19 Era," Carlton Fields (May 20, 2020)
  • "Privacy Litigation and Enforcement, Incident Response, and COVID-19," Carlton Fields (May 19, 2020)
  • "Panel: Lessons Learned from Cybersecurity Incident Response and Investigations" and "Cybersecurity and Privacy Legal Trivia," Digital Hands’ Annual Client and Partner Event, Tampa, FL (January 24, 2020)
  • "Data Breaches and Security Incidents: Latest Threats and Strategies for Preparation and Response," Carlton Fields Client Presentation, Palm Beach County, FL (January 23, 2020)
  • "Latest Cybersecurity and Privacy Developments," Independent Community Bankers of America (December 5, 2019)
  • "An Update Regarding Data Breach Litigation & Regulations for Financial Services Companies," Carlton Fields Client Presentation, Tampa, FL (November 6, 2019)
  • “Cybersecurity Overview and Best Practices for the Commercial Real Estate Industry,” Carlton Fields Client Presentation, Atlanta, GA (November 19, 2019)
  • “U.S. Department of Justice’s View on Best Practices in Cybersecurity,” NetDiligence Cyber Risk Summit, Philadelphia, PA (June 14, 2017)
  • "Cybersecurity & Privacy Pub Trivia," Carlton Fields In-House Counsel Forum, Orlando, FL (April 5, 2019)
  • "Aviation Cyber Security: Threats, Best Practices to Mitigate Risks, and Hot Topics," Tampa Bay Aviation Association Inc., Tampa, FL (March 21, 2019)
  • "Cybersecurity and Data Safeguarding for Broker-Dealers and Investment Advisers," ABA Second Annual Current Issues in FINRA Arbitration and Enforcement, Tampa, FL (February 22, 2019)
  • "Burglars Don’t Pick Open Locks: Legal Overview and Practical Advice for Managing Data Breach Investigations, Litigation, and Claims,” Carlton Fields client presentation, New York, NY (October 11, 2018)
  • Burglars Don’t Pick Open Locks: Legal Overview and Practical Advice for Managing Data Breach Investigations and Litigation,” Carlton Fields client presentation, New York, NY (June 21, 2018)
  • "Cybersecurity: Don’t Be the Next Target," ABA Forum on Construction Law, Fort Myers, FL (January 19, 2018).
  • "Through the Looking Glass: Tips for Business Litigators Handling D&O Claims in Bankruptcy Court," ABA Sound Advice Podcast, membership required (October 12, 2017)
  • "Cyber Security Legal Considerations," Florida Institute of CPAs, Tampa, FL (September 26, 2017)
  • “Responding to an Information Security Incident: Lessons From Private Legal Practice,” Tampa Bay Electronic Crimes Task Force, Tampa, FL (August 10, 2017)
  • "Is Ransomware the New Normal?," Annual Florida RIMS Educational Conference, Naples, FL (July 27, 2017)
  • "The Four People to Call When Breached: Practical Techniques to Limit and Shift Cyber Risk," client event with Allied World, Aon, and the FBI, Atlanta, GA (April 6, 2017)
  • "Breached! Incident Response Executive Management Wargame," Carlton Fields In-House Counsel Forum, Orlando, FL (March 3, 2017)
  • "Cyber Security, Wire Transfers and Insurance," The Regulatory Fundamentals Group (February 28, 2017)
  • "A Red Grenade in the Apple Orchard: Using Insurance to Mitigate Cyber Risk," Digital Hands’ Annual Client and Partner Event, Tampa, FL (January 27, 2017)
  • "An Interactive Data Breach Exercise," The Sedona Conference Working Group on Data Security and Privacy Liability Annual Meeting, St. Petersburg, FL (January 16, 2017)
  • "Strategic Cyber Defense for Companies: Practical Advice for Living With Cyber Risk," with GulfShore Bank, Digital Hands, and Prida Guida & Co., Tampa, FL (November 10, 2016)
  • "Stepping Up: Taking Your Compliance Program to the Next Level in an Era of Heightened Government Scrutiny," ACC Annual Corporate Counsel Summer Symposium, Longboat Key, FL (August 12, 2016)
  • "Incident Response Guide," The Sedona Conference Working Group on Data Security and Privacy Liability Midyear Meeting, Redmond, WA (August 10, 2016).
  • "Run Across the Rope Bridge: Data Security for Growth-Stage Companies," GrowFL, Tampa, FL (August 2, 2016)
  • "Enforcement and Litigation Update," IRI Cybersecurity Forum, Washington, D.C. (July 19, 2016)
  • "An Introduction to Internal Investigations for Non-Investigators," CPE and CLE presentation at Protiviti’s CPE Conference, “Guidance Through Powerful Insights,” Tampa, FL (June 10, 2016)
  • "Lost Laptops & Tempting Links II: Preparing for Data Breaches & Remaining Vigilant in the Modern Construction Environment," Construction Financial Management Association breakfast meeting with U.S. Secret Service and Ben Osbrach of Skoda Minotti, Tampa, FL (March 24, 2016)
  • "Developments in Cybersecurity," Carlton Fields In-House Counsel Forum, Orlando, FL (March 18, 2016)
  • "Legal Fallout of a Breach – Interacting With Law Enforcement, Class Action Litigation, and Fiduciary Duties and Derivative Litigation," Carlton Fields Client Focus Forum, Minneapolis, MN (February 4, 2016)
  • "Data Breach Response Guide," The Sedona Conference Working Group on Data Security and Privacy Liability Annual Meeting, Scottsdale, AZ (December 2, 2015)
  • "Cybersecurity Today: Threats, Preparedness, and Response," Carlton Fields Third Annual Appellate Forum for Trial Lawyers, Miami, FL (October 23, 2015)
  • "Legal Fallout of a Breach – Class Actions, Shareholder Derivative Actions, and Law Enforcement Issues," Carlton Fields Client Focus Forum, Denver, CO (October 19, 2015)
  • "Lost Laptops and Tempting Links: Preparing for Data Breaches in the Modern Construction Environment," Construction Financial Management Association breakfast meeting with U.S. Secret Service and Ben Osbrach of Skoda Minotti, Tampa, FL (July 23, 2015)
  • "IRI Cyber Security Forum," IRI Government, Legal & Regulatory Conference, Washington, D.C. (July 1, 2015)
  • "Sharks in the Swimming Pool: Current Topics in Cybersecurity," Carlton Fields client presentation with John E. Clabby, U.S. Secret Service, and Ben Osbrach of Skoda Minotti, Tampa, FL (June 23, 2015)
  • "Strategies for Data Breach Prevention and Defending Data Breach Class Actions in the Financial Services Industry," Insured Retirement Institute (March 4, 2015).
  • "Use of Technology in Multidistrict Criminal Investigations," Florida Cybercrime Forum, St. Petersburg College Center for Public Safety Innovation, St. Petersburg, FL (December 5, 2014)


  • Georgetown University Law Center (J.D., magna cum laude, 2006)
    • Order of the Coif
    • Georgetown Journal of Legal Ethics
  • Georgetown University (B.A., magna cum laude, 2001)
    • Phi Beta Kappa
Bar Admissions
  • District of Columbia
  • Florida
Court Admissions
  • U.S. Court of Appeals, Fourth Circuit
  • District of Columbia Courts
  • U.S. District Court, Middle District of Florida
  • U.S. District Court, Southern District of Florida
  • Florida State Courts
  • Hon. J. Frederick Motz, U.S. District Court, District of Maryland


  • Assistant U.S. Attorney, Criminal Division, U.S. Attorney’s Office for the Middle District of Florida, Tampa, FL (2012–2015)
  • Associate, Arnold & Porter LLP, Washington, D.C. (2007–2011)
  • Law Clerk to the Honorable J. Frederick Motz, U.S. District Court for the District of Maryland (2006–2007)
  • Analyst, Goldman Sachs & Co., New York, NY (2001–2003)


The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.