Battle-tested expertise, unrivaled regulatory insight
The way companies gather, use and protect personal data is under intense scrutiny from regulators across the world.
Organisations are expected to demonstrate increasing levels of data governance and operational resilience. At the same time, the threat of cyber attacks is rising as criminals, state-sponsored agents, hacktivists and business rivals deploy sophisticated techniques to pierce corporate defences.
Companies that suffer cyber and data breach incidents now face the challenge of dealing with enforcement agencies in multiple jurisdictions, coupled with the threat of massive fines and class action litigation.
We help leading businesses reduce their exposure – both by advising on how to structure operations today and the way to respond to a cyber incident. There have been only a handful of global data crises since the advent of GDPR, and we have advised on some of the biggest and most complex. Our on-the-ground experience is second to none.
This track record gives us unique insight into how data protection authorities and other regulators think – what they look for in their investigations, how they set fines and what remediation measures they expect. We know how to respond in a way that manages our clients’ exposure, positions them to defend follow-on litigation and ensures that they can quickly rebuild consumer and stakeholder trust.
Our team tracks data privacy developments globally, including the strength of different authorities’ statutory powers, their likelihood of taking action and the associated class action risk. This means that when businesses suffer a global data breach, we can immediately pinpoint where they should focus their energy.
Advising on a global response to a data breach
Advising Marriott, the US hotel chain, on the global coordination of its response to its Starwood database security incident.
Protecting vulnerable products from attack
We helped a global manufacturer respond after information was published online that would have enabled hackers to take control of its products remotely. Our advice covered the company’s disclosure obligations under the EU’s General Data Protection Regulation, product recalls and the documentation and implementation of technical solutions. We also managed the company’s relationships with its suppliers, helping ensure any new parts and software fixes were themselves GDPR compliant.
Helping a financial institution get ‘cyber ready’
We advised a major financial institution on the design and implementation of a global data breach response strategy. The system helps the business respond appropriately to all types of data breach across more than 100 subsidiaries in 60 jurisdictions. It ensures the right stakeholders are notified and that the company takes a proportionate approach to disclosure that prioritises the key regulatory authorities around the world.
Responding to a phishing attack
We helped a global consumer company manage a series of data breaches including a largescale phishing attack. We helped to quickly isolate the affected email accounts and understand what data had been lost. We managed the company’s regulatory notifications around the world, handled customer complaints and helped mitigate the risk of fines and litigation. We also designed and implemented additional security measures to help closed the gaps in its coverage.
Shoring up a healthcare app
We advised the developer of a health-monitoring app after it discovered a technical flaw that put the sensitive data of its users – including children – at risk. The issue required notifications to regulators in more than 50 jurisdictions as well as the affected individuals. The thoroughness of our investigation – and the strength of the technical and operational fixes put in place – reassured all stakeholders to the point where no investigations or litigation materialised. The documentation we developed to prepare the business for GDPR proved pivotal in minimising its liabilities.
Bringing a paralysed business back online
When a manufacturing company was paralysed by a cyber attack, we helped bring it back online. Our teams managed engagement with law enforcement and privacy regulators across the world and launched an investigation to discover the source of the problem. We handled lawsuits filed by suppliers and customers, designed a new security framework and mapped potential vulnerabilities across the company’s supply chain. As well as our legal work, the collaboration platform we implemented while the company’s systems were down has proved avital communications channel that helped reconnect the business.