Cybersecurity & Data Privacy

With our global platform and our experienced and practical team of cybersecurity and data privacy lawyers, our firm can serve clients across a full range of domestic, international and cross-border privacy issues. The cybersecurity landscape is evolving more rapidly than ever before, and the threats to businesses’ critical information and assets—as well as to their bottom lines—are only increasing. Breaches continue to grow in scale and sophistication, regulators are crowding the field with an expanding and shifting array of requirements and de facto standards, and litigation remains perilous. Now, more than ever, businesses must think strategically about the cyber threats they face—whether to consumer or employee information, intellectual property or product safety—and take practical steps to address the associated legal, business and reputational risks.

Mayer Brown’s global Cybersecurity & Data Privacy practice addresses the full range of legal, business and reputational risks posed by cyber threats and data privacy obligations. We help clients prioritize and manage these risks in a proactive and coordinated manner across their enterprises, with a focus on the following core areas.

Incident Preparation & Breach Response

• Helping clients assess the particular data they hold and the unique risks they face, including the loss of trade secrets or personal information, or threats to product safety.
• Assisting clients in the development of written information security plans and incident response plans, and evaluating those plans through tabletops and other exercises.
• Counseling clients as members of incident response teams, including by guiding investigations, liaising with law enforcement, advising on notification obligations, preserving privilege and managing crisis communications.

Litigation

• Vigorously defending clients after cybersecurity incidents, including the breach of consumer or employee information, and leveraging our extensive experience in class action defense in suits brought under a broad range of state and federal laws.
• Litigating cutting-edge data privacy and cybersecurity issues in the highest courts, including with respect to Article III standing under the US Constitution, and other dispositive questions.
• Responding to investigations by federal and state agencies, negotiating with multi-state investigatory teams, and representing clients in administrative adjudications and resulting civil actions.

Strategic Counseling & Corporate Governance

• Advising corporate boards and senior management in the development of enterprise-wide cybersecurity and data privacy programs.
• Evaluating the effectiveness of existing internal cyber and privacy governance mechanisms, including through the assessment of written policies and procedures.

Vendor & Supply Chain Management, Contracting, and Data Transfers

• Counseling on the legal risks associated with third-party vendors, global supply chain contracts and customer agreements, including mitigation of risk through deal structuring, contractual protections and ongoing governance.
• Providing legal guidance on technology outsourcing and cloud computing agreements.
• Advising companies on privacy, data protection and data transfer matters, including on appropriate global data transfer arrangements in connection with third-party provider agreements.

Regulatory & Compliance

• Advising clients on their obligations under regulatory regimes around the world, including with respect to cybersecurity and privacy requirements, incident reporting and international data transfers.
• Engaging in the development of regulatory policy, both through notice and comment rulemaking and more informal means, with respect to cybersecurity and privacy issues.
• Conducting privacy audits and assisting with the preparation of global compliance programs for the various data protection regimes to which a multinational company may be subject.

Policy & Advocacy

• Helping clients engage with the US Congress, both with respect to pending legislation and in response to investigations of all kinds and degrees of formality.
• Developing thought leadership and messaging strategies to support client business objectives in policy engagement and advocacy regarding cybersecurity and digital privacy.