Cybersecurity & Data Privacy

Experience

    • The Home Depot in an internal investigation following a data breach that exposed the personal information of tens of millions of individuals.
    • Viacom in securing dismissal of a nationwide privacy lawsuit that alleged it illegally shared data regarding the Internet activity of children who visited Nickelodeon websites.
    • A leading private equity firm in responding to an incident in which a fraudster created a website that was a near duplicate of the firm's as part of a scheme to defraud individuals.
    • Several private equity firms in cybersecurity reviews in connection with technical forensic vendors.
    • A major financial institution in conducting incident response planning.
    • Several financial, media and entertainment companies in creating incident response plans and tabletop exercises.
    • Several media and technology companies in responding to ransomware attacks.
    • Several publicly traded companies regarding cybersecurity disclosures in regulatory filings.
    • A major mining company in responding to a data breach that exposed confidential internal documents and the personal identification information of employees.
    • A major insurance company in responding to a data security incident that exposed customers’ data.
    • Sony BMG Music Entertainment in consumer class actions and government investigations alleging that software distributed by the company created security vulnerabilities in violation of state and federal consumer fraud laws and a state anti-spyware law.
    • A prominent Internet service provider in regulatory investigations regarding online child safety, and an investigation regarding its delivery of marketing messages to its users.
    • ABC, ESPN, Hulu, MTV Networks, MySpace and NBC Universal in a consumer fraud and electronic privacy putative class action relating to the use of Adobe Flash “zombie cookies” by the co-defendant, a web analytics company.
    • A major U.S banking organization in a U.S. regulatory inquiry as to its cross-border data safeguarding practices and its customer privacy notices.
    • JSTOR, the leading database of scholarly materials, in the criminal case, U.S. v. Swartz, 11 CR 10260 (D. Mass.) and in related civil matters arising out of the unauthorized downloading by Aaron Swartz of most of the JSTOR database.
    • A major multinational bank in data privacy and use issues arising out of its sale of certain businesses to another firm.
    • A major electronic gaming company in all aspects of its response to a remote hacking incident that exposed certain personal information of consumers, triggering data breach disclosure obligations under state laws.
    • A major U.S.-based bank in its internal investigation relating to its loss of back-up tapes containing the non-public personal information of millions of consumers.
    • A major sports league in privacy issues relating to the collection, transfer and use of personal data, as well as protection of data about children.
    • Multiple publicly traded companies in their cybersecurity risk disclosures in SEC filings.
    • A major consumer electronics company with respect to allegations that its external storage devices created security risks on personal computers.
    • An investment trade association regarding its data privacy agreement and policy.
    • A risk management company with respect to Fair Credit Reporting Act matters.
    • In connection with several internal investigations of major global companies such as Siemens AG, Ferrostaal AG (both headquartered in Germany) and several U.S. domiciled enterprises, we established methodologies that permitted sharing of results from the investigations with public authorities in several countries, including the U.S., in compliance with data protection laws of EU member states including Austria, France, the United Kingdom and Italy.
    • Numerous financial services and media companies and other clients with respect to their privacy policies and website terms of service, particularly regarding their right to merge, mine and transfer data and to market products and services to their consumers using data collected online.
    • Two UK-based video game developers in a consumer fraud class-action lawsuit arising out of their use of copy-protection software on their game DVDs.
    • Two major professional sports leagues in inquiries by the Children’s Advertising Review Unit of the Council of Better Business Bureaus concerning children’s online privacy.
    • MySpace in an electronic privacy putative class action concerning its response to out-of-state search warrants.
    • Metacafe, in an electronic privacy putative class action concerning its use of Flash cookies and other aspects of its stated privacy policies.
    • A leading Russian bank on the personal data protection and banking secrecy issues related to the transfer of the credit portfolio and integration of IT systems.
    • A software company in consumer class actions alleging that malicious third parties could obtain personally identifiable information from computers without consultation and that the defendant violated state and federal consumer fraud and anti-spyware laws.
    • A consulting firm that experienced a series of data breaches due to deficiencies in its web-based interface and technology.