Data Strategy & Security

The Debevoise Data Strategy & Security (DSS) practice is global and interdisciplinary—combining our cybersecurity, privacy, artificial intelligence, business continuity, M&A diligence and data governance practices into one fully integrated and coordinated group.

Together, we advise leading companies on responding to ransomware and other cybersecurity events, including regulatory inquiries and civil litigation. We also advise our clients on their overall data strategy, including how to manage, protect, and optimize their data, including through the use of artificial intelligence. Our strategic advice includes both legal and technical assistance with the data issues that arise in M&A diligence, licensing and vendor contracting. In addition, we help our clients determine what data they should delete or not collect because of cybersecurity, privacy or other risks.

Our integrated strategic advice on data includes:

  • Helping clients across the globe prepare for, and respond to, significant data breaches and related investigations and litigation. In addition to our U.S. offices, we serve clients from offices strategically located in the United Kingdom, France, Germany, Russia, China, and Hong Kong. We also regularly work on matters that involve a wide range of other non-U.S. jurisdictions, including the EU and EEA, Japan, Singapore, Brazil, Canada, Colombia and Argentina, to name a few.
  • Identifying existing and proposed laws and standards in the United States and around the world that will impact our clients’ use of data, including regulations and guidance relating to cybersecurity, privacy, AI, data minimization, records retention, document discovery and data governance.

Because we are constantly leading responses to significant cyber, privacy and AI incidents, we are able to channel that deep experience into helping our clients improve their preparations and resilience. Based on our incident work, we regularly assess our clients’ Incident Response Plans, policies, processes, training and resources, and make suggestions to allow them to more effectively respond to the latest cybersecurity, privacy and AI challenges that they face.