Privacy & Cybersecurity

Incident Preparedness & Risk Management

Meet the team

Our Privacy & Cybersecurity Group includes an Incident Response Team that regularly responds to data security situations locally, across the United States and globally. This team is on call to assist clients in responding to actual and suspected data security incidents. We are staffed to respond immediately to both large, complicated breaches and efficiently to more limited, routine compromises of data security. We are frequently retained by organizations that have or believe they may have sustained credit card, Social Security number, health information or other personal information breaches.

We advise clients on a variety of online and other data security related situations, including some of the major breaches in the United States. Our lawyers have handled hundreds of data security incidents and related matters, including data breaches requiring notice in virtually all 50 states and in numerous other countries. Our team has assisted clients in incident investigations; determinations of whether, how and when a breach occurred; analysis of breach notification requirements; preparation of notifications in compliance with applicable requirements; interaction with state attorneys general and other governmental agencies, including law enforcement, in follow-up investigations; and preparation for defense of individual and class claims.

Our experiences range in scope and complexity from system hacks exposing personal information of millions of affected individuals in scores of countries to lost devices containing data of as few as one affected individual. This breadth of experience positions our team to deploy appropriate resources with sensitivity to the client’s particular needs. We work closely with our clients’ internal and external incident response teams, forensic investigators and remediation service providers, to provide immediate, efficient and pragmatic solutions. As appropriate, our Incident Response Team involves our colleagues in our various offices with industry-specific experience, including healthcare, financial services, energy, telecommunications and technology.

Our Incident Response Team also advises clients on pre-breach matters, including incident preparedness and cybersecurity compliance. We have advised clients in many industries in the development of policies and procedures related to privacy and data security, in employee training efforts, and in the design and implementation of tabletop exercises.

We are regularly invited to speak at client and industry programs as well as on panels at cyber risk conferences, discussing cyber and privacy liability issues, data breach management, latest response strategies and related risk reduction. Team members have written extensively on data breach law and notification strategy, including in major publications and texts.

Locke Lord is included on various insurer panels for breach response and related litigation defense; the Firm is also on preferred provider lists and regularly recommended to insureds by various insurers to advise on incident response and pre-incident preparedness. We also overlap and coordinate with our Privacy & Cybersecurity Group colleagues involved with our Cyber Insurance Team for insurance related issues, and our Privacy & Cyber Litigation and Enforcement Team for defense of such matters.