Data Strategy & Security

The Debevoise Data Strategy & Security (DSS) practice is global and interdisciplinary—combining our cyber incident response, data privacy, artificial intelligence, regulatory counseling and defense, business continuity, M&A diligence, national security and data governance practices into one fully integrated and coordinated group.

We advise leading companies on responding to ransomware and other cybersecurity events, including regulatory inquiries and civil litigation. Because we are constantly leading responses to significant cyber, privacy and AI incidents, we are able to channel that deep experience into helping our clients to improve their regulatory compliance, preparations and resilience. We regularly advise boards of the world’s largest companies on their cybersecurity and AI oversight obligations. Based on our incident response work, we regularly assess our clients’ cyber incident preparation, as well as advise on privacy and AI policies, processes, training and resources, to equip our clients to more effectively respond to the latest challenges in these rapidly evolving areas. We also routinely work with clients on proactive cyber, privacy and AI regulatory compliance in the U.S. and abroad, and defend clients in matters involving these issues before the U.S. DOJ, SEC, FINRA, NYDFS, U.S. state attorneys general and data protection and financial regulatory authorities around the world.

We also advise our clients on their overall data strategy, such as how to manage, protect and optimize their data, including through the use of artificial intelligence. Our integrated strategic advice on data includes both legal and technical assistance with the data issues that arise in M&A diligence, licensing and vendor contracting. We work with clients across the globe to prepare for, and respond to, significant data breaches and related investigations and litigation. In addition to our U.S. offices, we serve clients on these issues from offices strategically located in the United Kingdom, France, Germany, China, and Hong Kong. We regularly work on data advisory matters that involve a wide range of other non-U.S. jurisdictions, including the EU and EEA, Japan, Singapore, Brazil, Canada, Colombia and Argentina, among many others. We also identify existing and proposed laws and standards in the U.S. and around the world that will impact our clients’ use of data, including regulations and guidance relating to cybersecurity, privacy, AI, data minimization, records retention, document discovery and data governance.