Amber C. Thomson

Amber Thomson counsels a wide range of clients, including private equity firms, financial institutions, and retailers, on complex and cutting-edge issues related to cybersecurity and privacy. She also works to help clients assess and implement compliance and remediation efforts to comply with international and domestic regulations, including US state comprehensive privacy laws, CPRA, HIPAA, TCPA, PCI DSS, CAN SPAM, and GDPR.

US Privacy Counseling

• Guided a private equity firm and its portfolio companies in compliance with US state comprehensive data privacy laws.
• Counseled several clients in CCPA/CPRA compliance, including retailers, a major financial institution, healthcare companies, technology companies, and manufacturers.
• Advised several clients on privacy due diligence, including a major car manufacturer, food packaging manufacturer, international clothing manufacturer, and private equity firms.
• Facilitated training for legal teams on data protection agreements, biometric law compliance, and US state comprehensive data privacy laws.
• Represented an IT governance professional organization in developing policies and procedures to comply with GDPR.*
• Counseled private equity firms and retailers on TCPA and CAN-SPAM compliance.
• Assisting numerous companies with updating their privacy policies to comply with US state comprehensive data privacy laws.
• Advising companies on, and preparing, data protection agreements.

Cybersecurity Incident Response Engagements

• Guided a major fast food restaurant chain through a nationwide data breach involving credit and debit cards. Over the course of several months, Amber helped the company contain, remediate, and recover from the incident. She also oversaw the company's individual and regulator notifications, including follow-up inquiries from the latter.*
• For a major wire and cable manufacturer, led incident response efforts during a major double-extortion ransomware attack, including vendor engagement, threat actor negotiations, executive briefings, law enforcement engagement, and notification analysis.
• Led a breach investigation for a multinational aviation company. During the course of the engagement, Amber regularly briefed the board and C-suite and advised key stakeholders on the company's internal and external notification obligations, implications of ransom payments, and post-incident recovery.
• Guided a major mutual benefit corporation and health plan on its incident response efforts in the aftermath of one of the company's third-party vendor's notifications of a breach connected with the MOVEit data breach in 2023. Consulted key stakeholders on the forensic investigation, data review process, and notification requirements.

Cybersecurity Preparedness Counseling

• Led dozens of cybersecurity tabletop exercises for companies across a wide range of industries. Scenarios have included double- and triple-extortion ransomware attacks, business email compromises, insider threats, dawn raids, deepfakes, and black hat intrusions.
• Led data security and cybersecurity preparedness legal assessments for several private equity companies and their portfolio companies.
• Prepared and helped to socialize incident response plans, playbooks, and information security programs for companies in the retail, healthcare, manufacturing, financial services, and real estate sectors.

Litigation

• Represented one of the largest US credit unions in class action data breach litigation cases stemming from a third-party data breach.
• Represented a multinational technology company in several state court cases.
• Represented a large manufacturing company in litigating against hackers responsible for launching a ransomware attack against the company.

*Prior firm experience

• Howard University School of Law, JD, cum laude
• Old Dominion University, BS

• District of Columbia
• Maryland

• Certified AI Governance Professional (AIGP) through the International Association of Privacy Professionals (IAPP)
• Co-chair of Mayer Brown's Black Lawyers Affinity Group
• Member of Mayer Brown's Recruiting Committee
• Member of Mayer Brown's AI Task Force
• Former Board of Directors of Ms. JD
• Former Board of Directors of The Associates' Committee
• Founder of Lesbian Lawyers of Color
• Member of Alliance of Black Women Attorneys of Maryland
• Member of the National LGBTQ+ Bar
• Member of National Association of Women Lawyers
• Leadership Council on Legal Diversity's Pathfinder Program (2020)
• Past Secretary for the LCLD Alumni Executive Council