Data Strategy & Security

An All-Around Excellent Cross-Border, Interdisciplinary Team


Debevoise’s Data Strategy & Security practice provides a collaborative approach to help clients navigate their business-critical privacy, data protection and data security issues.

The Debevoise Data Strategy & Security (DSS) practice is global and interdisciplinary combining our cybersecurity, privacy, business continuity, artificial intelligence, M&A diligence and data governance practices into one fully integrated and coordinated group.

Together, we advise leading companies on responding to cybersecurity events, including regulatory inquiries and civil litigation. We also advise our clients on their overall data strategy, including how to protect and optimize the data that they maintain on premises, with vendors and in the cloud. Our strategic advice includes both legal and technical assistance with the data issues that arise in M&A diligence, licensing and vendor contracting. In addition, we help our clients determine what data they should delete or not collect because of cybersecurity, privacy or other risks.

Because we lead responses to cyber incidents of all sizes and types globally, and on a continuous basis, we are able to channel that deep experience into helping all of our clients improve their preparations, including by assessing their plans, processes, resources, and ability to respond quickly and effectively to a major cyber breach, operational disruption or other significant data or technology event.

We are able to leverage our worldwide network of law enforcement contacts in the event of an incident. Our team includes several former federal cybercrime prosecutors, including the former leader of the Justice Department’s Criminal Division, the former leader of the Department’s response to national security cyber threats, and two former Assistant U.S. Attorneys who brought landmark cyber cases in the country’s federal courts.

Our services are based on experience in the trenches of many of the country’s landmark cyber and privacy incidents (including many non-public incidents). Our lawyers have deep technical knowledge that allows them to translate complex technical findings into legal and business decision points. This has enabled us to provide a pragmatic approach to identifying and coordinating the key elements of effective incident response and overall data strategy.