Matters

  • Represent clients, including a hospitality company, national bank and multiple major financial institutions, with privacy and cybersecurity matters, focusing on global data protection compliance across operations, including updating and improving information security and data privacy practices through tabletop exercises, contract reviews, incident response counseling, risk assessment, compliance and corporate needs.
  • Serve as outside privacy and cybersecurity counsel to leading private equity firms, advising on data protection issues and conducting privacy due diligence as well as providing incident response planning, guiding data protection practices and positioning the clients to rapidly respond to incidents.
  • Serve as privacy counsel for multiple international clients, including supporting the development of an intra-group data transfer agreements and development of consolidated global website and employee privacy policies.
  • Drafted and revised approximately 15 enterprise-wide internal privacy, security, access and technology use policies for a large-cap technology company.
  • Assisted major financial institutions in updating and improving information security and data privacy practices, including data breach response procedures and conducting data privacy audits to identify potential privacy and data security issues.
  • Served as breach response counsel for health care system that experienced a malware attack potentially impacting approximately four million customers and 40,000 employees.
  • Served as breach response counsel for website/e-commerce hosting services provider that sustained a malware attack impacting hundreds of third-party companies that used client’s hosting services as well as thousands of those companies’ customers.
  • Successfully settled a class action filed against DirecTV in connection with a security incident in which the personal identifiable information of 76 million Americans may have been compromised, including social security numbers.
  • Obtained dismissal of a putative class action filed against Horne LLP in connection with a cyberattack that resulted in unauthorized access to Horne’s computer network and allegedly caused unauthorized credit inquiries on credit reports.