Debevoise & Plimpton LLP announced today that Johanna Skrzypczyk (pronounced “Scrip-zik”) has returned to the firm’s New York office as counsel in its Data Strategy and Security practice. Ms. Skrzypczyk, who rejoins the firm after serving as Assistant Attorney General in the Bureau of Internet and Technology at the New York Attorney General’s Office, complements the practice’s existing capacity to assist clients facing increased regulatory scrutiny around cybersecurity events. Ms. Skrzypczyk will also advise clients on AI matters and privacy-oriented work, particularly related to the California Consumer Privacy Act.

Ms. Skrzypczyk brings to the firm a wide range of cybersecurity and litigation enforcement insight and experience from the NYAG’s office. Among her achievements there, Ms. Skrzypczyk helped draft the amendments to New York’s data breach law (known as the SHIELD Act), investigated, litigated, and negotiated the landmark settlement of an action against a national corporation regarding credential stuffing, one of the very few regulatory actions to address this widespread type of cyberattack, and co-led an initiative involving potential discriminatory impacts of AI. Ms. Skrzypczyk also worked on matters involving consumer privacy, data security and virtual markets. 

“During the pandemic the frequency of cyber-related incidents has increased, along with scrutiny from state and federal regulators as to how AI and ‘big data’ may lead to discriminatory practices,” said Luke Dembosky, Co-Chair of the firm’s Data Strategy and Security practice said. “Johanna’s experience on the prosecutorial side will help us further expand the services we provide to our clients, while bolstering our ability to advise on issues related to data privacy and consumer fairness,” added Mr. Dembosky.

Prior to her role at the NYAG’s office, Ms. Skrzypczyk was a Debevoise litigation associate from 2010 until 2017. She received her B.A. from Boston College in 2006 and her J.D. from Columbia Law School in 2010.

The Debevoise Data Strategy and Security (DSS) practice is global and interdisciplinary, combining cybersecurity, privacy, business continuity, artificial intelligence, M&A diligence and data governance practices into one fully integrated group. Together, the group advises leading companies on responding to cybersecurity events, including regulatory inquiries and civil litigation. Because the group leads responses to cyber incidents of all sizes and types globally on a continuous basis, Debevoise’s DSS practice is able to channel this deep experience into helping all clients improve their preparations, including assessing their plans, processes, resources, and ability to respond quickly and effectively to a major cyber breach, operational disruption or other significant data or technology event.