We understand the issues and concerns facing companies in the event of a security incident. Our experience includes:

Incident Response

  • Defending a Las Vegas casino and resort in data breach class action litigation.
  • Representing a multinational pharmaceutical corporation in a federal criminal investigation and litigation relating to the theft of over $1 billion in intellectual property by internal and external cyber actors located in multiple countries.
  • Representing a consumer technology company in data breach class action litigation.
  • Investigating and responding to advanced persistent cyberattacks on a global business technology company.
  • Counseling public and private companies in responding to spear-phishing attacks resulting in the weaponization of their networks and compromise of personal and other confidential information.
  • Conducting an internal investigation and leading the incident response to a malware attack on the computer networks of hotels.
  • Representing a financial institution in hacking-facilitated incidents impacting consumers in more than 30 states.
  • Representing an online retailer in a malware attack impacting consumers in every state.
  • Investigation and response to a ransomware attack on a legal services organization.
  • Representing a cleared defense contractor in criminal and national security investigations relating to persistent nation-state cyberattacks involving export-controlled intellectual property.
  • Representing a financial services company in a data breach of consumer information resulting in consumer/governmental notifications in 33 states and multiple state attorneys general investigations.
  • Advising a multinational technology company in the investigation and response to a cyber incident impacting numerous business customers and their financial services clients.
  • Representing a financial institution in the response to a data breach involving state notifications in all 50 states, Washington, D.C., and U.S. territories.
  • Representing a global financial services company in criminal litigation relating to an international hacking and securities fraud scheme resulting in more than $100 million in fraudulent gains.
  • Counseled a major university on data breach reporting obligations in connection with the posting of student information on insecure web server.
  • Advising organizations in multiple industries on business email compromises involving W-2 spoofing, tax fraud, and fraudulent wire transactions.
  • Representing an online retailer in computer fraud and intellectual property theft litigation involving former employee hacking.
  • Advising health plans and third-party administrators on incident responses relating to unauthorized access to, acquisition or disclosure of personal health and personally identifiable information.
  • Advising an IT services company on cyber incident response and resulting litigation relating to destructive attack on network.
  • Representing an online marketing organization in data breach litigation.
  • Representing a manufacturing company in civil litigation and a criminal investigation relating to hacking and cyber theft of intellectual property by a competitor.
  • Conducted an internal investigation into computer fraud and theft of confidential information at a multinational pharmaceutical company by an alleged whistleblower.
  • Assisted multiple organizations relating to technology-facilitated extortion, threats, theft and fraud targeting senior executives and employees or those connected to them.
  • Conducted an internal investigation of a public company with global operations relating to information security deficiencies and information security personnel issues.
  • Advising a leading automobile manufacturer in nationwide cyber incident response planning.
  • Represented a UK-based online marketing company in interactions with hackers relating to compromises of its online platform and related intellectual property theft.
  • Counseling financial services, employee benefits, legal services, media, manufacturing, technology, nonprofit, and higher education organizations on cybersecurity risk management, regulatory and industry standard compliance, and cyber incident response planning.

Transactional and Regulatory Compliance

  • Counseled dozens of organizations in the life sciences, manufacturing, media, hospitality, medical services, technology, financial services, higher education, and retail industries on GDPR compliance. Services include legal guidance on amending privacy notices, preparing data processing agreements, structuring cross-border transfers, data and process mapping, cookie and email consents, data breach response, data processing impact assessments, legitimate interests analysis, privacy governance, and privacy by design.
  • Advising banks and other financial services companies on compliance with NYDFS cybersecurity regulations.
  • Advising major insurance company on the development of digital safety products for its customers.
  • Assisted a global investment management firm in the privacy and data security aspects of the extension of a $40 million line of credit to a provider of retail installment sale financing to consumers. The representation included conducting privacy and data security diligence, negotiating the deal representation and warranties, and handling post-closing compliance.
  • Counseled a national bank in the preparation of an enterprise-wide consumer telephone contact policy for both bank-owned and third-party call centers, including a strategy for outbound calls. The policy creation required a full system analysis and assessment of any TCPA compliance gaps.
  • Assisted a women's clothing retailer with the development and roll-out of an "augmented reality" mobile game to be used in conjunction with special events, such as the launch of new store locations.
  • Represented a large broadcasting and telecom provider in the sourcing of hosted services related to its consumer information.
  • Assisted a major credit company in conducting a comprehensive UDAAP assessment of a card member rewards program for a leading membership-based warehouse club.
  • Reviewed the mobile app of a leading national fashion retailer and provided guidance on its privacy policy and terms of use.
  • Advised a company on privacy and cybersecurity issues in the development of an app for sports teams for player-related data.
  • Advised a multinational technology company on privacy and cybersecurity issues relating to its mobile health apps.
  • Drafted financial privacy notices and disclosures on behalf of a leading furniture retailer.
  • Counseled a consumer leasing company on GLBA compliance with respect to its use of consumer information exchanged with its retail store partners.
  • Represented a multinational financial services company in its engagement of a third-party provider handling consumer financial information.
  • Assisted a provider of Voice over Internet Protocol telephony platform with sophisticated call analytics in the negotiation of its services agreement and terms and conditions of use.
  • Drafted an information security plan for a digital publishing company and advised it on COPPA issues related to its advertising campaigns.
  • Assisted clients, including a supplier of aerospace systems and a medical device company, in the formulation and documentation of a cross-border data transfer strategy for employee information and preparation for certification under Privacy Shield.
  • Advised a leading professional development membership organization on compliance with EU Data Protection Directive and "Cookie Directive."
  • Drafted and negotiated master services agreements, EU data processing agreements, and information security policies and assisted in preparation for certification under the Privacy Shield for a company providing services for clinical trials conducted worldwide.
  • Drafted terms of use and a privacy policy for a company providing services to mobile game applications worldwide.