Background - Privacy & Cybersecurity

Privacy and Cybersecurity Investigations


Data thefts, cyber hacking, denial-of-service attacks, ransomware, and other threats to electronically stored information are growing in both scope and sophistication. The costs associated with preventing and responding to such events—whether in lost revenues, tarnished reputations, regulatory fines, government investigations, and consumer class action lawsuits—are also increasing.

Cyber intrusions, however, do not have to mean catastrophe for a business. Planning and preparation are key.  Have a strategy including a crisis management action plan so that your outside team of lawyers and security experts can conduct a timely investigation, advise on remedial actions to limit the harm, and determine what if any government and non-government notifications are necessary.  These measures can make the difference between letting a crisis drive your response, and executing a well-planned and practiced response strategy that moves your business forward with limited reputational and financial harm.

The reality is that when a company experiences a cyber incident or data loss it is a crisis. It is imperative that any company experiencing this kind of incident move quickly to manage the crisis and limit legal liability.   And while it’s important to be prepared and manage the incident quickly, it’s never too late to bring in experts.  Our lawyers and investigators step into data and cyber crises in almost every industry and team with forensic experts to conduct privileged investigations with an eye towards remediation while simultaneously developing defenses to regulatory enforcement actions and class actions.


Any breach requires a thorough investigation.  Our Privacy and Cybersecurity Investigations lawyers hit the ground immediately upon retention and act quickly to determine the cause and scope of the incident. We then help clients determine whether—and to what degree—remediation is necessary and identify and mitigate any potential legal liability. Our services typically include:

  • Conducting a privileged investigation to determine the nature and scope of the incident, the likelihood that unauthorized entities accessed proprietary systems or devices, whether the actors are still in your systems, and what if any data has been exfiltrated.
  • Advising on legal notification requirements to federal and state regulators, and to any private parties, including the nature and extent of notifications required.
  • Drafting any required notifications to individuals and regulators. 
  • Advising on the practical and legal risks of paying a ransom demand in the case of a ransomware attack that demands money to unlock critical business data.
  • Developing a brand protection strategy to assist with crisis management, internal decision-making, and external communications to the public, Congress, and other potential stakeholders.
  • Advising on immediate measures that will minimize reputational harm and protect business networks from future incidents.


Our team is well-versed in the expectations of state and federal regulators, and many of our lawyers come from government.  Recognized by Chambers USA as among the top practices in the nation for Privacy and Cybersecurity, the team includes former senior leadership at the Department of Homeland Security (DHS) and key personnel at other U.S. government agencies including the former Federal Trade Commission Chief Privacy Officer. We have a track record of effectively responding to government inquiries and investigations, and fending off formal enforcement actions.  At the same time, when necessary we have achieved very favorable negotiated outcomes for our clients in a manner that protects the businesses we represent. 

We have existing relationships with forensic vendors and have clearly established protocols in place to maximize privileged communications and ensure the free flow of information to and from key decisionmakers. Our trial team has handled major data breach and related litigation, and federal and state actions, and has strong capabilities in addressing litigation risks and legal developments across the range of cyber and data security threats.