合伙人

Amber C. Thomson

网络安全及数据隐私, 诉讼及争议解决

华盛顿 +1 202 263 3456

athomson@mayerbrown.com

概览

Amber Thomson counsels a wide range of clients, including private equity firms, financial institutions, and retailers, on complex and cutting-edge issues related to cybersecurity and privacy. She also helps clients assess and implement compliance and remediation efforts to comply with international and domestic regulations, including US state comprehensive privacy laws, CPRA, COPPA, HIPAA, TCPA, PCI DSS, CAN SPAM, and GDPR.

Amber's cybersecurity incident experiences range from deepfakes to double- and triple-extortion ransomware attacks. Carrying out these efforts, she advises clients through the incident response life cycle, including remediation, investigation, and notification. Amber also represents clients in class-action data breach litigation cases and helps clients respond to federal and state regulatory inquiries that result from these incidents.

Amber also regularly collaborates on privacy and data security due diligence and facilitates executive and board training on incident response, privacy legal compliance, and the US cybersecurity and privacy law landscape. Clients trust and rely on Amber's experience as well as her practical, business-centric approach to client management.

Amber is recognized as a Certified AI Governance Professional (AIGP) by the International Association of Privacy Professionals (IAPP).

执业经验

US Privacy Counseling

Guided a private equity firm and its portfolio companies in compliance with US state comprehensive data privacy laws.
Counseled several clients in CCPA/CPRA compliance, including retailers, a major financial institution, healthcare companies, technology companies, and manufacturers.
Advised several clients on privacy due diligence, including a major car manufacturer, food packaging manufacturer, international clothing manufacturer, and private equity firms.
Facilitated training for legal teams on data protection agreements, biometric law compliance, and US state comprehensive data privacy laws.
Represented an IT governance professional organization in developing policies and procedures to comply with GDPR.*
Counseled private equity firms and retailers on TCPA and CAN-SPAM compliance.
Assisting numerous companies with updating their privacy policies to comply with US state comprehensive data privacy laws.
Advising companies on, and preparing, data protection agreements.

Cybersecurity Incident Response Engagements

Guided a major fast food restaurant chain through a nationwide data breach involving credit and debit cards. Over the course of several months, Amber helped the company contain, remediate, and recover from the incident. She also oversaw the company's individual and regulator notifications, including follow-up inquiries from the latter.*
For a major wire and cable manufacturer, led incident response efforts during a major double-extortion ransomware attack, including vendor engagement, threat actor negotiations, executive briefings, law enforcement engagement, and notification analysis.
Led a breach investigation for a multinational aviation company. During the course of the engagement, Amber regularly briefed the board and C-suite and advised key stakeholders on the company's internal and external notification obligations, implications of ransom payments, and post-incident recovery.
Guided a major mutual benefit corporation and health plan on its incident response efforts in the aftermath of one of the company's third-party vendor's notifications of a breach connected with the MOVEit data breach in 2023. Consulted key stakeholders on the forensic investigation, data review process, and notification requirements.

Cybersecurity Preparedness Counseling

Led dozens of cybersecurity tabletop exercises for companies across a wide range of industries. Scenarios have included double- and triple-extortion ransomware attacks, business email compromises, insider threats, dawn raids, deepfakes, and black hat intrusions.
Led data security and cybersecurity preparedness legal assessments for several private equity companies and their portfolio companies.
Prepared and helped to socialize incident response plans, playbooks, and information security programs for companies in the retail, healthcare, manufacturing, financial services, and real estate sectors.

Litigation

Represented one of the largest US credit unions in class action data breach litigation cases stemming from a third-party data breach.
Represented a multinational technology company in several state court cases.
Represented a large manufacturing company in litigating against hackers responsible for launching a ransomware attack against the company.

*Prior firm experience

教育背景

Howard University School of Law, 法律博士, 优等成绩
Old Dominion University, BS

执业资格

华盛顿哥伦比亚特区
马里兰州

专业及社区参与

Certified AI Governance Professional (AIGP) through the International Association of Privacy Professionals (IAPP)
Co-chair of Mayer Brown's Black Lawyers Affinity Group
Member of Mayer Brown's Recruiting Committee
Member of Mayer Brown's AI Task Force
Former Board of Directors of Ms. JD
Former Board of Directors of The Associates' Committee
Founder of Lesbian Lawyers of Color
Member of Alliance of Black Women Attorneys of Maryland
Member of the National LGBTQ+ Bar
Member of National Association of Women Lawyers
Leadership Council on Legal Diversity's Pathfinder Program (2020)
Past Secretary for the LCLD Alumni Executive Council