Martha Hirst is an associate in the firm’s Data Strategy & Security practice, and the White Collar & Regulatory Defense Group. She advises companies on a wide range of cybersecurity, artificial intelligence, operational resilience, and data privacy risks, including related incident response, internal investigation and regulatory defence work.
Ms. Hirst has supported clients through a number of high-profile multijurisdictional cybersecurity incidents involving nation-state and advanced persistent threat groups. Her recent matters include managing responses to ransomware and extortion incidents, corporate data breaches, fraudulent remote IT worker schemes, and other cybersecurity and operational resiliency issues. She has experience advising international financial institutions, technology corporations, pharmaceutical multinationals and law firms.
Ms. Hirst has extensive experience advising corporates on AI governance and adoption, and on navigating a broad range of AI-related operational, regulatory and reputational risks. This includes advising on EU AI Act and UK AI regulatory considerations.
Ms. Hirst regularly writes for the Debevoise Data Blog, and has hosted panels at conferences including the IAPP Global Summit. She is also a co-author of “The Second Wave of EU AI Act Requirements are In Force: Five Things Business Should Know,” Competition Policy International (August, 2025); “The EU AI Act Countdown Is Over: First Wave of Requirements Now in Force,” NYU Compliance & Enforcement (February, 2025); “Recently Enacted AI Law in Colorado: Yet Another Reason to Implement an AI Governance Program,” NYU Compliance & Enforcement (June, 2024); “Debevoise & Plimpton Discusses the EU Artificial Intelligence Act,” CLS Blue Sky Blog (December, 2023); “The EU AI Act – Navigating the EU’s Legislative Labyrinth,” NYU Compliance & Enforcement (December, 2023); “Eight GDPR Questions when Adopting Generative AI,” NYU Compliance & Enforcement (October, 2023); “Legal Risks of Using AI Voice Analytics for Customer Service,” NYU Compliance & Enforcement (January, 2023); “Debevoise Discusses What the GDPR Can Tell Us About State Privacy Laws,” CLS Blue Sky Blog (December, 2022); “California’s Age-Appropriate Design Code Act Expands Businesses’ Privacy Obligations Regarding Minors,” NYU Compliance & Enforcement (September, 2022); and “Data, cyber security and AI compliance: managing the evolving landscape,” The Drawdown(August, 2022).
Ms. Hirst joined Debevoise as a trainee solicitor in 2017. She graduated from Peterhouse, University of Cambridge in 2016 with a B.A. (Hons) and subsequently completed the LPC at BPP University Law School.
Ms. Hirst was admitted as a Solicitor of the Senior Courts of England & Wales in 2019, and qualified as a Solicitor-Advocate, with rights of audience (civil), in 2022.