Privacy, Cybersecurity & Data Strategy

Our Experience

For over 20 years, our Privacy, Cybersecurity & Data Strategy attorneys have advised a diverse set of clients across a wide range of industries and at every stage of the business life cycle on managing the risks and taking advantage of the opportunities presented by the evolving commercial, technological, and regulatory landscape related to the collection and use of data.

Willkie’s notable experience includes the following representative matters:

• We advised Kaseya on its response in the wake of one of the largest and most highly publicized ransomware attacks in history. This included briefings with senior law enforcement and national security stakeholders and coordinating notifications to customers and regulators around the world.
• We advise social media platforms, consumer electronics companies, media companies, and financial companies on the strategic, commercial, and legal issues raised by cutting edge uses of data - including artificial intelligence and algorithmic decision-making technologies, biometric data, Internet of Things data, and geolocation data.
• We have advised financial industry clients in connection with investigations by the New York Department of Financial Services related to alleged violations of the Cybersecurity Regulation.
• We work closely with our corporate and tech transaction colleagues throughout the U.S. and Europe to advise on investment, M&A, and other transactions involving companies leading innovation in big data, artificial intelligence, autonomous vehicles, healthtech, insurtech, and fintech.
• We have represented numerous clients before regulators in the U.S (FTC, FCC, CPPA, State Attorneys General), the UK (ICO), and the EU with respect to rulemakings, enforcement inquiries, and other proceedings. 
• We advise major technology, media, social media, and financial services companies on critical compliance issues arising from statutory and regulatory obligations, particularly those arising from legal regimes such as GDPR and CCPA/CPRA, as well as compliance issues arising from enforcement activities and consent decrees.
• We counseled the manufacturer of widely used software in response to the discovery of a critical vulnerability in its software, including by notifying U.S. governmental authorities about the vulnerability, counseling the company on customer communications, and collaborating with technical consultants and the client development team to develop and execute remediation strategies.
• We advise a major publicly traded companies and financial institutions on compliance with SEC cybersecurity reporting obligations, with respect to annual and quarterly disclosures, as well as in the wake of major security incidents that may trigger reporting obligations.
• We advise and major insurance industry trade association on key issues related to state insurance privacy laws and related regulatory activities. This includes analyzing key regulatory developments, developing strategies to advance industry priorities, drafting key submissions, and providing compliance advice and strategies.
• We serve as breach counsel to a number of major tech and financial industry companies around the world. In that role, our team advises the client on its plans, policies, and procedures for responding to data security incidents, including by developing extensive “tabletop” exercises to test incident response policies and personnel. We are also on call 24/7 to help our clients respond to any security incident.
• Willkie has been advising a client that is a leader in the Ed Tech space, on incorporating generative AI features into its products. Willkie’s Privacy and AI teams worked with the client to identify and understand implications of key legal requirements, to draft appropriate terms for the use of such features, and to develop appropriate internal policies regarding the incorporation of such technologies into its products.