With our global platform and our experienced and practical team of cybersecurity and data privacy lawyers, our firm can serve clients across a full range of domestic, international and cross-border privacy issues. The cybersecurity landscape is evolving more rapidly than ever before, and the threats to businesses’ critical information and assets—as well as to their bottom lines—are only increasing. Breaches continue to grow in scale and sophistication, regulators are crowding the field with an expanding and shifting array of requirements and de facto standards, and litigation remains perilous. Now, more than ever, businesses must think strategically about the cyber threats they face—whether to consumer or employee information, intellectual property or product safety—and take practical steps to address the associated legal, business and reputational risks.
Mayer Brown brings a comprehensive and integrated approach to cybersecurity and data privacy challenges, offering our clients strategic thinking and practical legal advice. Our practice is comprised of more than 70 lawyers worldwide from disciplines that include litigation, regulatory, corporate, government affairs and global trade, intellectual property, enforcement, employment, insurance and technology & IP transactions. We leverage our broad and deep experience in these key disciplines to build tailored teams to address the specific issues that our clients face. This approach to our Cybersecurity & Data Privacy practice distinguishes us from other firms that rely on “one size fits all” privacy and security lawyers who attempt to cover the waterfront of these ever-increasing and complex issues.
The firm’s global platform enables us to provide exceptional service to our clients across the globe. Mayer Brown and affiliated lawyers located throughout the Americas, Europe and Asia have deep knowledge and a practical understanding of the cybersecurity and data privacy statutes and regulations in their home countries and surrounding regions. This experience and global capability allows us to address a client’s most complex international cybersecurity and data privacy issues, whether they require advice on creating an enterprise-wide privacy framework, counsel on international data transfers, or assistance in responding to a data breach in multiple jurisdictions. Together, our lawyers help clients respond proactively to international developments such as the Safe Harbor decision or the release of the General Data Protection Regulation in Europe or changes to the Personal Data (Privacy) Ordinance in Hong Kong. In addition, our practice maintains an extensive network of local counsel in countries where we do not have offices and with whom our lawyers liaise as needed.
Mayer Brown’s global Cybersecurity & Data Privacy practice addresses the full range of legal, business and reputational risks posed by cyber threats and data privacy obligations. We help clients prioritize and manage these risks in a proactive and coordinated manner across their enterprises, with a focus on the following core areas.
Incident Preparation & Breach Response
- Helping clients assess the particular data they hold and the unique risks they face, including the loss of trade secrets or personal information, or threats to product safety.
- Assisting clients in the development of written information security plans and incident response plans, and evaluating those plans through tabletops and other exercises.
- Counseling clients as members of incident response teams, including by guiding investigations, liaising with law enforcement, advising on notification obligations, preserving privilege and managing crisis communications.
- Vigorously defending clients after cybersecurity incidents, including the breach of consumer or employee information, and leveraging our extensive experience in class action defense in suits brought under a broad range of state and federal laws.
- Litigating cutting-edge data privacy and cybersecurity issues in the highest courts, including with respect to Article III standing under the US Constitution, and other dispositive questions.
- Responding to investigations by federal and state agencies, negotiating with multi-state investigatory teams, and representing clients in administrative adjudications and resulting civil actions.
Strategic Counseling & Corporate Governance
- Advising corporate boards and senior management in the development of enterprise-wide cybersecurity and data privacy programs.
- Evaluating the effectiveness of existing internal cyber and privacy governance mechanisms, including through the assessment of written policies and procedures.
Vendor & Supply Chain Management, Contracting, and Data Transfers
- Counseling on the legal risks associated with third-party vendors, global supply chain contracts and customer agreements, including mitigation of risk through deal structuring, contractual protections and ongoing governance.
- Providing legal guidance on technology outsourcing and cloud computing agreements.
- Advising companies on privacy, data protection and data transfer matters, including on appropriate global data transfer arrangements in connection with third-party provider agreements.
Regulatory & Compliance
- Advising clients on their obligations under regulatory regimes around the world, including with respect to cybersecurity and privacy requirements, incident reporting and international data transfers.
- Engaging in the development of regulatory policy, both through notice and comment rulemaking and more informal means, with respect to cybersecurity and privacy issues.
- Conducting privacy audits and assisting with the preparation of global compliance programs for the various data protection regimes to which a multinational company may be subject.
Policy & Advocacy
- Helping clients engage with the US Congress, both with respect to pending legislation and in response to investigations of all kinds and degrees of formality.
- Developing thought leadership and messaging strategies to support client business objectives in policy engagement and advocacy regarding cybersecurity and digital privacy.