Data privacy and cybersecurity have never been more important to today’s businesses. As legal regimes governing data expand and risks to data intensify, our Data Privacy and Cybersecurity Practice provides holistic, proactive, and practical advice to clients.
Whether it is by assessing cybersecurity and data privacy risk, building privacy programs, helping clients navigate evolving regulatory frameworks, or aggressively litigating on behalf of our clients, we help organizations develop and defend secure and practical legal frameworks for the data they collect, use, analyze, and share. We offer a steady hand to companies preparing for, investigating, and responding to cybersecurity threats. In the event of an incident, we are sought-after crisis managers throughout the lifecycle of a response.
Experience
- Counsel and represent an international company in all aspects of its response to a cyber incident that was reported to have involved over 500 million customer records. This incident has been of considerable legal, business, and regulatory importance to the organization, and the company brought in Jenner & Block to serve as lead coordinating counsel in managing the response.
- Represent a facial recognition and data company in numerous class actions challenging its technology. The plaintiffs’ lawsuits raise a variety of claims, including alleged violations of the Illinois Biometric Information Privacy Act. We also advise the client with respect to inquiries from international data protection authorities in Europe and elsewhere.
- Counsel and represent a hospitality company with respect to a data-related property system incident. The company brought in Jenner & Block to serve as lead coordinating counsel in managing the incident and regulatory response. We also handled the resulting civil litigation and obtained a pretrial dismissal of the plaintiffs’ suits.
- Counseled and represented a financial institution in response to a ransomware attack, including managing the forensic response team in investigating the incident and remediating and hardening systems, negotiating response to regulators, coordinating communications strategy, and meeting disclosure obligations.
- Represented a major university in a putative class action in which the plaintiff alleged that, through its use of “remote test proctoring” software for student exams, the university allegedly collected scans of facial geometry in violation of BIPA. We won a motion to dismiss with prejudice based upon our development and aggressive pursuit of the argument that the university is a “financial institution” exempt from BIPA under Section 25(c) of the statute.
- Counseled and represented a manufacturing company in response to a cyber attack, including managing the forensic response team in investigating the incident and remediating and hardening systems, negotiating response to regulators, coordinating communications strategy, and meeting disclosure obligations.
- Counseled a law firm to perform a post-incident security assessment in order to remediate and harden systems in the wake of compromise attempts by a persistent threat actor.
- Providing an aerospace and defense company with cybersecurity preparedness and compliance advice.
- Counsel and represent a financial institution in response to a cyber attack on a software vendor involving a compromise of the client’s data, including coordinating with the forensic response team investigating the incident, negotiating response to regulators, coordinating communications strategy, and meeting disclosure obligations.
- Represent an artificial intelligence company in putative class actions involving the collection, storage, and use of voiceprints in violation of BIPA.
- Represented hospitality company in two separate putative class action suits arising from property system incident and won dismissal with prejudice in both cases.
- Representing major private university in multidistrict litigation arising from data incident involving a university vendor.
- Representing health care industry client in putative class action arising from data incident involving a third-party vendor.