Privacy Liability: The Rising Threat of Increased Cyber Exposure

Lloyd’s Market Association

Webinar | June.21.2021 | 10am - 11am (Eastern Daylight Time)

Online Webinar

Keily Blair, James Lloyd, Doug Meal and Heather Egan Sussman, partners in Orrick’s Cyber, Privacy & Data Innovation and Complex Litigation & Dispute Resolution Groups, will discuss the rising threat of increased cybersecurity exposure. They will also explore collective actions arising from data breach and allegations of wrongful collection, privacy liability and statutory damages and what’s next for privacy and cyber civil claims from both a United States (U.S.) and United Kingdom (UK) perspective.

Orrick is joined by fellow speakers from Hiscox and CFC Underwriting, Ltd. The program is hosted by Lloyd’s Market Association, an organization dedicated to identifying and resolving issues which are of particular interest to the underwriting community and to partner with the Corporation of Lloyd’s and other organizations to influence the course of future market initiatives.

CLE Credits Available: N

Keily Blair

Practice:

  • Technology & Innovation Sector
  • Cyber, Privacy & Data Innovation
  • Government Investigations and Enforcement Actions
  • Complex Litigation & Dispute Resolution
  • Internal Investigations

Keily Blair Partner Cyber, Privacy & Data Innovation, Government Investigations and Enforcement Actions

London

Keily Blair heads up the Cyber, Privacy & Data Innovation Group in London. Keily works with her clients as a "strategic business partner" to navigate privacy and cyber security crises to achieve better commercial, regulatory and judicial outcomes.

Keily's litigation and enforcement background provides her a different perspective on cybersecurity and data privacy issues. She has led the response to investigations by the United Kingdom’s Information Commissioner’s Office (UK ICO), the Irish Data Protection Commission, the Competition and Markets Authority (CMA), the Financial Conduct Authority (FCA), the Serious Fraud Office (SFO),  Parliamentary Select Committees and United States (U.S.) regulators, including the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) and the Securities and Exchange Commission (SEC). Keily has also acted as external legal counsel for privacy and financial service regulators.

On cybersecurity issues, Keily directs cybersecurity incidents and investigations across multiple jurisdictions and incident types from simple business email compromises, to enterprise-wide network intrusions and cyberattacks with national security implications. Keily has worked with national and international law enforcement and is called upon to act as external legal counsel to security and forensics firms when engaging with regulators.

In the civil arena, Keily has led on a number of high profile privacy litigation matters, including civil damages claims and collective actions following personal data breaches and privacy-related judicial reviews. She frequently counsels clients on the growing risk of privacy-related class actions and interventions by privacy advocates in the UK and the European Union.

Keily uses the insights from her litigation and enforcement practice to inform her advisory work, where she regularly advises stakeholders from legal, information security, privacy and the C-suite on a host of privacy and cybersecurity governance, risk mitigation and regulatory engagement strategies. This understanding of what matters to regulators and the courts is at the heart of her approach to privacy advisory and compliance work. According to clients Keily has the "subject matter expertise and ability to understand and interact with companies' culture and capabilities, recognising a one size fits all approach doesn't work".

She is ranked as a key practitioner in data protection, privacy and cybersecurity in The Legal 500 and has represented the private sector at the United Nations and the European Criminal Bar Association. Keily also sits on the Law360's 2020 Editorial Advisory Board on Cybersecurity & Privacy and leads the IAPP Cyber & Privacy Investigations, Enforcement & Litigation Affinity Group. She is committed to improving diversity and social mobility in the legal sector.  

Prior to joining Orrick, Keily led the Contentious Data Privacy, Law & Strategy practice at PwC having been a litigator at two international law firms before this.

James Lloyd

Practice:

  • Technology & Innovation Sector
  • Cyber, Privacy & Data Innovation
  • Government Investigations and Enforcement Actions
  • Complex Litigation & Dispute Resolution
  • Internal Investigations
  • General Data Protection Regulation

James Lloyd Partner Cyber, Privacy & Data Innovation, Government Investigations and Enforcement Actions

London

James Lloyd is a partner in Orrick's “outstanding” Cyber & Data Privacy Enforcement & Litigation Practice in London. Working with clients to navigate all aspects of international data privacy and cyber security crises to achieve better commercial, regulatory and judicial outcomes.

With a background in litigation and investigations, James brings a unique approach to cybersecurity and privacy in the UK and Europe. James serves his clients in guiding their response to cyberattacks, data breaches and enforcement action by data protection regulators. Described by his clients as “extremely knowledgeable and can always be relied on to provide timely, pragmatic and commercial advice,” James helps them navigate the confusing and, at times, contradictory world of privacy with confidence, and supports them to achieve their overall business aims and objectives.

James has led the response to significant enforcement investigations by international and domestic regulators, including the UK’s Information Commissioner’s Office, law enforcement agencies and Parliamentary Select Committees and also has significant expertise in conducting internal investigations on behalf of international corporations. Backed by extensive litigation experience, he is able to defend his clients when data privacy issues lead to litigation. Understanding what matters to regulators and the courts is at the heart of his approach to privacy advisory and compliance work.

 

Douglas H. Meal

Practice:

  • Technology & Innovation Sector
  • Finance Sector
  • Cyber, Privacy & Data Innovation
  • Government Investigations and Enforcement Actions
  • Trials
  • Class Action Defense
  • Litigation & IP
  • Complex Litigation & Dispute Resolution

Douglas H. Meal Partner Cyber, Privacy & Data Innovation, Government Investigations and Enforcement Actions

Boston

Seasoned trial lawyer Doug Meal defends clients targeted by litigation and government investigations stemming from major privacy and cybersecurity incidents. According to Chambers USA, clients select Doug because “[h]e is the premier expert in this field and knows how to run a breach response process from A to Z”; is “extremely experienced [and] can give immediate advice off the top of his head”; “has been in court through trials and negotiations, all aspects of the litigation, and is highly effective in all of them”; and “is good to work with, personable and very authoritative.” Based on client assessments like these, Chambers USA has named Doug as the first and only “Band 1” litigator in the Privacy and Data Security category, describing him as the “market leader,” being “regarded by market sources as the leading privacy litigator in the USA.”

As the lead outside lawyer handling claims stemming from the data security breaches suffered by Target, Neiman Marcus, The Home Depot, Hilton Worldwide, Landry’s, Arby’s, Supervalu, Sally Beauty, Sony, Heartland Payment Systems, TJ Maxx, Hannaford Brothers, Aldo, Genesco, and Wyndham Hotels—some of the most highly publicized data security breaches in recent years—Doug has become the national leader in defending companies that suffer significant cybersecurity breaches involving consumer information against the ensuing claims and regulatory investigations. Doug’s recent successes include leading the team that prevailed in the closely-watched LabMD v. FTC, convincing the U.S. Court of Appeals for the Eleventh Circuit to become the first court ever to overturn a cybersecurity enforcement action by the Federal Trade Commission.

Heather Egan Sussman

Practice:

  • Technology & Innovation Sector
  • Finance Sector
  • Energy & Infrastructure Sector
  • Cyber, Privacy & Data Innovation
  • Global Compliance & Regulatory
  • Government Investigations and Enforcement Actions
  • Technology & Innovation
  • Fintech
  • CCPA and California Privacy Law
  • Privacy in a Box
  • Environmental, Social & Corporate Governance (ESG)

Heather Sussman Partner Cyber, Privacy & Data Innovation, Global Compliance & Regulatory

Boston

Heather Egan Sussman is head of Orrick's global Cyber, Privacy & Data Innovation Group. She focuses on privacy, cybersecurity and information management, and is ranked by Chambers USA, Chambers Global and The Legal 500 United States as a leader in her field. Chambers explains companies turn to Heather because she “understands all the business issues and the dynamics of how to implement privacy programs [and is] extraordinarily thoughtful, very pragmatic and responsive.”

Heather routinely guides clients through the existing patchwork of laws impacting privacy and cybersecurity around the globe. In the U.S. this includes advising on federal and state laws that include:

  • California Consumer Privacy Act (CCPA)
  • Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM)
  • Electronic Communications Privacy Act (ECPA)
  • Fair Credit Reporting Act (FCRA)
  • Gramm–Leach–Bliley Act (GLBA)
  • Telephone Consumer Protection Act (TCPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • State breach notification laws
  • State data security laws
  • Self-regulatory frameworks (advertising and payment card processing)

Outside of the U.S., she manages teams of talented counsel around the world to deliver seamless advice for clients that operate across many jurisdictional lines, developing comprehensive privacy and cybersecurity programs that address competing regulatory regimes. She drafts online privacy notices for global rollout and implements data transfer mechanisms for the free flow of data worldwide.

Heather also helps clients develop and achieve their data innovation strategies, so they can leverage the incredible value of data and digital technologies in ways that not only meet compliance obligations, but also support innovation, deliver value to the business, meet security needs and solidify brand and consumer trust.

Heather devotes a significant part of her practice to helping clients reduce the risk of privacy and security incidents, and she offers a comprehensive menu of services designed to do just this. In the event of a privacy or security breach, she helps companies respond, successfully guiding them through investigation, remediation, notification and any ensuing government inquiries. Companies routinely rely on her to manage their response to catastrophes, investigations and government probes involving conduct by employees, contractors and third parties. 

Heather guides clients through comprehensive privacy and cybersecurity assessments worldwide, vets privacy and security risks in corporate transactions, conducts internal investigations stemming from data incidents, and she drafts and negotiates contracts concerning data-related vendors and arrangements. She regularly counsels businesses on how to mitigate risks associated with the collection, use, retention, disclosure, transfer and disposal of personal data.

Her clients come from diverse business sectors, including technology, financial services, retail, consumer products, energy and infrastructure, healthcare and life sciences, manufacturing, food and beverage, media, academic institutions, service industries.

Heather frequently writes on current privacy and information security issues before trade and legal organizations and has been quoted in hundreds of major news outlets, including MSNBC.com, ABCNews.com, The New York Times, The Los Angeles Times, Bloomberg BusinessWeek, The San Francisco Chronicle, Washington Times, Houston Chronicle.