Data, Privacy and Cybersecurity

• Served as incident response counsel for SolarWinds in a global cybersecurity incident; we led the cyber response and managed multiple cybersecurity workstreams to assist the client through that difficult time.
• Represented a global payments technology company, handling the privacy and security diligence for a USD5 billion transaction involving one of the largest fintech solutions companies, and currently providing cyber and privacy advice.
• Representing an American video game holding company and its subsidiaries as long-time outside privacy and cybersecurity counsel, advising on privacy, cybersecurity, data retention and data protection compliance matters, including compliance with GDPR, CCPA, LGPD and ePrivacy, as well as response to Schrems II and other legal developments.
• Lead expert witness on US law by the Irish Data Protection Commissioner in Schrems II. Our US practice chair, and Global Co-Chair, Andrew Serwin, was selected as the lead expert witness on US law by the Irish Data Protection Commissioner in Schrems II. His opinions on national security/surveillance, Article III standing, and the scope of US remedies, served as the basis of the US law discussion in the Commissioner’s Draft Decision, and this analysis was largely adopted by the Irish High Court in its decision and affirmed by the Irish Supreme Court, as well as by the CJEU in its decision. This decision was the highest-profile privacy case globally in 2020 and is one of the highest profile matters ever.
• Counseled the business venture of one of the world’s best known consumer leisure brands in connection with their move into the IoT space in North America and Europe, including advising on mobile application and smart device design issues, consumer location tracking requirements, regulation of websites, transfers of personal data across borders, and consumer notice and choice requirements.
• Advising a leading global supplier of manufactured products on the multi-year design and implementation of its global privacy program. We are working with the global compliance officer and privacy office on all aspects of the program, including global and regional data mapping, analysis of compliance gaps, advising on information governance structures, drafting policies and procedures, and determining group compliance requirements under new data protection laws (notably in Brazil and China). We are also assuming project management responsibility.
• Represented an internet-based company being investigated by the Federal Trade Commission (FTC) for alleged violations of FCRA and ROSCA, and currently representing the client in litigation with the FTC and Department of Justice.
• Providing ongoing cyber and privacy advice to one of the world’s largest energy utilities. This is cutting-edge work given the nature of the industry and the emerging issues regarding attacks on critical infrastructure and cybersecurity.
• Represented a managed health care company in the negotiation of a Resolution Agreement and Corrective Action Plan with the Office for Civil Rights (OCR) over alleged HIPAA violations, and represented a Fortune 5 American health retail corporation in a number of privacy and security matters, including confidential investigations and compliance work.
• Advised eBay on a security incident (including drafting notices on a global basis), on a breach allegedly involving over 140 million records.
• Representing an American-Canadian multinational drink and brewing company. We have provided advice on a range of privacy matters including a large global ransomware and incident response; global privacy policy revisions; global responses to data subject access requests; global hotline and compliance requirements; global updates to data processing addenda; global cookie and website review and update; global privacy program gap assessment; the review and negotiation of vendor agreements; and the development of an internal customer data platform.
• Representing a fintech provider to some of the world’s largest corporations, providing hundreds of different services and a wide range of products. We are advising the global Chief Privacy Officer on building out the privacy compliance program across all operations, including advising on a modernized global information governance strategy; preparing updated internal and external policies for employees and customers; revising data protection impact assessments; advising on global data transfer issues; drafting transfer terms and assessing transfer risks; advising on global marketing requirements; and advising on finance services privacy regulations.

How we can help: Governance

DLA Piper provides governance solutions to help companies optimize their data strategies, mitigate their risks, and think beyond compliance. We combine broad legal and consulting experience to offer strategically driven, risk-informed solutions that are actionable. We understand the big picture and guide companies through opportunities, risk and change beyond what’s on the immediate horizon – both proactively and reactively. Our experience enables us to help companies solve their most challenging privacy problems with fully integrated legal and business solutions.

Governance is not compliance – and being compliant does not mean that your company has governed its risk. By improving governance, however, companies can improve compliance and by governing risk, we create an opportunity for a company to understand and manage its risk profile and, in essence, stay out the red and in alignment with company strategy. Let us put our experience to work for you.