Cybersecurity & Data Protection

Cybersecurity &
Data Protection

View Full List of Contacts

Amid urgent national security, cybersecurity and data privacy threats, companies require experienced counsel to advise on an ever-changing privacy and cybersecurity compliance landscape and respond to potentially crippling data incidents so they can get back to business. Led by some of the world’s leading legal advisors on national security and data-related regulatory matters, we help boards and top executives safely navigate high-impact breaches and related cyber incidents, and offer specialized regulatory advice in the transactional and compliance contexts.

Our Cybersecurity & Data Protection team provides tactical, real-time advice to the world’s leading companies and boards on complex, high-stakes cyber incidents, national security, and data privacy and protection matters, whether in the regulatory, litigation or transactional context.

The global team includes one of the most respected national security lawyers and an architect of the modern U.S. cybersecurity regime; a former U.S. Secretary of Homeland Security; a former Treasury Department deputy general counsel with responsibility for data protection and cybersecurity matters affecting the financial sector; a former Assistant U.S. Attorney in the Southern District of New York who served as chief of the Complex Frauds and Cybercrime Unit; a former in-house privacy counsel at IBM; and several former Federal Trade Commission officials, among others.

Complementing our U.S. practice, our dedicated teams in London and Brussels also advise on a broad range of UK and European privacy, data and data security laws and matters, including guidance on General Data Protection Regulation (GDPR). We also maintain a robust global network of data privacy and cybersecurity counsel in other key jurisdictions.

Companies processing sensitive or personal data, experiencing breaches impacting national security laws or accused of misuse of consumer data need comprehensive advice. Recognized by Chambers and Global Data Review, the Paul, Weiss team is a global legal authority on data privacy and security, guiding clients through the entire compliance and threat landscape. Our full-service approach helps clients safely navigate the entire spectrum of challenges that may be triggered by a breach, including media scrutiny and reputational damage, potential business impacts, government investigations and enforcement actions, congressional investigations and complex litigation, including class actions and derivative suits targeting boards. We provide both real-time guidance in the immediate aftermath of an incident and longer-term advice on responding to litigation and regulatory fallout.

We also focus on stemming problems before they arise. In a compliance context, we can help in:

  • understanding fast-changing regulations, regulatory expectations, disclosure obligations and industry standards related to cyber- and national security and data privacy;
  • developing “best in class” but yet pragmatic compliance frameworks to identify and address data collection, sharing, use and retention practices that may give rise to national security, privacy, consumer protection or other regulatory risks;
  • analyzing the viability, legality and risk of proposed products, practices and business models in connection with national security laws or privacy regulations;
  • crafting national security, cybersecurity and privacy policies and procedures tailored to both external and internal risks; and
  • reviewing and implementing crisis management and disaster recovery plans.

In the transactional context, we have advised private equity investors and public companies on national security, privacy and cybersecurity risks and potential mitigations concerning hundreds of transactions in recent years, including those involving technology, adtech, fintech, healthcare, consumer marketing and other businesses. We also help clients understand how to monetize and leverage data in a manner that complies with relevant privacy laws while achieving their business outcomes.

arrow down

Read More Expand

“Paul, Weiss is the one of the most elite firms capable of responding to global incidents.”

- Legal 500

Awards

View More Awards

Recent
Experience

Mergers & Acquisitions

October 21, 2024

Cybersecurity Leader Secureworks to Be Acquired by Sophos

Pro Bono

May 29, 2024

Crypto Companies Launch Nonprofit to Share Unbiased Information and Advance Security Initiatives

Cybersecurity & Data Protection

February 02, 2024

Paul, Weiss Files Amicus Brief on Behalf of Over 20 Former Senior Government Officials in Landmark SEC Enforcement Action Over Cybersecurity Disclosures

Finance

December 12, 2024

Pango Group Merges With Total Security

Recognition

Global Data Review: Top 100 Firm

  • Legal 500 US: recognized as a leading Cyber law firm, noting “they provide practice advice and have excellent judgement” and “have handled hundreds of incidents”
  • Named by U.S. News as a top tier firm in Privacy and Data Security Law in New York
  • Cybersecurity Docket ranks John Carlin and Jeannie Rhee to their 2024 “Incident Response 50” list which celebrated the best data breach response lawyers in the business

Recent Engagements

  • OpenAI in enhancing the company’s security and AI safety programs by providing cybersecurity advice and developing recommendations for its newly established Safety and Security Committee;
  • a telecommunications company in relation to one of the largest cybersecurity incidents ever, including coordinating with senior U.S. government officials and high-profile law enforcement engagement;
  • a Fortune 10 Company in matters involving long-running regulatory attention on core components of the company’s business and data privacy practices and in its response to a regulatory inquiry stemming from a complex data security incident involving a third-party service provider;
  • health insurance company in responding to a cyberattack on a healthcare technology company—one of the largest breaches in the healthcare industry;
  • Ruby Life Inc. (Ashley Madison) in connection with multidistrict class action lawsuits stemming from a highly publicized intrusion and data breach.
  • Teladoc Health, Inc. a New York-based telemedicine and virtual healthcare company, in its proposed $18.5 billion acquisition of Livongo Health, Inc., a California-based Applied Health Signals company, including extensive diligence of Livongo’s data privacy policies and procedures.
  • General Atlantic, Brighton Park Capital, Roark, Oakhill Capital, Apollo, Golden Gate, Kohlberg and other private equity investors in connection with privacy and cybersecurity advice concerning hundreds of acquisitions and sales transactions, including transactions involving fintech, health care, cryptocurrency, consumer marketing, and national security-related businesses, and many other areas.
  • global financial institution regarding a legal tabletop exercise and various cybersecurity matters;
  • professional sports league in connection with advice on their response to a number of cyber intrusions, including the hacking of a social media feed.
  • A publicly traded company in an SEC investigation concerning the use of cyberattacks to facilitate insider trading activity.
arrow down

Read More