2020’s Cyber & Privacy Problems – Lessons From 2020 and Some Predictions for 2021

Lexology

Webinar | January.14.2021 | 8am - 9am (Eastern Standard Time)

Webinar - Recording Available

Join partners from Orrick’s award-winning Cyber, Privacy & Data Innovation group for a webinar presented in collaboration with Lexology. Keily Blair, James Lloyd, Christian Schröder and Heather Egan Sussman will discuss how cybersecurity and privacy, technology, people and politics constantly drive change — creating novel legal and business problems. This presents in-house and external counsel with the opportunity (and the challenge) of finding solutions that maximize the value of personal data while limiting the risks. During this this ‘fireside chat’, they will also discuss:

  • The most challenging cyber and privacy problems they dealt with in 2020 and how they solved them
  • What they see as being the big issues for 2021
  • The approaches they will be taking to address these issues across the UK, EU and US markets

CLE Credits Available: N

Heather Egan Sussman

Practice:

  • Technology Sector
  • Finance Sector
  • Energy & Infrastructure Sector
  • Cyber, Privacy & Data Innovation
  • Global Compliance & Regulatory
  • Government Investigations and Enforcement Actions
  • Technology & Innovation
  • Fintech
  • CCPA and California Privacy Law
  • Privacy in a Box

Heather Sussman Partner Cyber, Privacy & Data Innovation, Global Compliance & Regulatory

Boston

Heather Egan Sussman is head of Orrick's global Cyber, Privacy & Data Innovation Group. She focuses on privacy, cybersecurity and information management, and is ranked by Chambers USA, Chambers Global and The Legal 500 United States as a leader in her field. Chambers explains companies turn to Heather because she “understands all the business issues and the dynamics of how to implement privacy programs [and is] extraordinarily thoughtful, very pragmatic and responsive.”

Heather routinely guides clients through the existing patchwork of laws impacting privacy and cybersecurity around the globe. In the U.S. this includes advising on federal and state laws that include:

  • California Consumer Privacy Act (CCPA)
  • Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM)
  • Electronic Communications Privacy Act (ECPA)
  • Fair Credit Reporting Act (FCRA)
  • Gramm–Leach–Bliley Act (GLBA)
  • Telephone Consumer Protection Act (TCPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • State breach notification laws
  • State data security laws
  • Self-regulatory frameworks (advertising and payment card processing)

Outside of the U.S., she manages teams of talented counsel around the world to deliver seamless advice for clients that operate across many jurisdictional lines, developing comprehensive privacy and cybersecurity programs that address competing regulatory regimes. She drafts online privacy notices for global rollout and implements data transfer mechanisms for the free flow of data worldwide.

Heather also helps clients develop and achieve their data innovation strategies, so they can leverage the incredible value of data and digital technologies in ways that not only meet compliance obligations, but also support innovation, deliver value to the business, meet security needs and solidify brand and consumer trust.

Heather devotes a significant part of her practice to helping clients reduce the risk of privacy and security incidents, and she offers a comprehensive menu of services designed to do just this. In the event of a privacy or security breach, she helps companies respond, successfully guiding them through investigation, remediation, notification and any ensuing government inquiries. Companies routinely rely on her to manage their response to catastrophes, investigations and government probes involving conduct by employees, contractors and third parties. 

Heather guides clients through comprehensive privacy and cybersecurity assessments worldwide, vets privacy and security risks in corporate transactions, conducts internal investigations stemming from data incidents, and she drafts and negotiates contracts concerning data-related vendors and arrangements. She regularly counsels businesses on how to mitigate risks associated with the collection, use, retention, disclosure, transfer and disposal of personal data.

Her clients come from diverse business sectors, including technology, financial services, retail, consumer products, energy and infrastructure, healthcare and life sciences, manufacturing, food and beverage, media, academic institutions, service industries.

Heather frequently writes on current privacy and information security issues before trade and legal organizations and has been quoted in hundreds of major news outlets, including MSNBC.com, ABCNews.com, The New York Times, The Los Angeles Times, Bloomberg BusinessWeek, The San Francisco Chronicle, Washington Times, Houston Chronicle.

Keily Blair

Practice:

  • Technology Sector
  • Cyber, Privacy & Data Innovation
  • Government Investigations and Enforcement Actions
  • Complex Litigation & Dispute Resolution
  • Internal Investigations

Keily Blair Partner Cyber, Privacy & Data Innovation, Government Investigations and Enforcement Actions

Londra

Keily Blair heads up the Cyber, Privacy & Data Innovation practice in London. Keily works with her clients as a "strategic business partner" to navigate privacy and cyber security crises to achieve better commercial, regulatory and judicial outcomes.

Keily's litigation and enforcement background provides her a different perspective on cybersecurity and data privacy issues. She has led the response to investigations by the United Kingdom’s Information Commissioner’s Office (UK ICO), the Irish Data Protection Commission, the Competition and Markets Authority, the Financial Conduct Authority (FCA), the Serious Fraud Office (SFO),  Parliamentary Select Committees and United States (U.S.) regulators, including the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) and the Securities and Exchange Commission (SEC). Keily has also acted as external legal counsel for privacy and financial service regulators.

On cybersecurity issues, Keily directs cybersecurity incidents and investigations across multiple jurisdictions and incident types from simple business email compromises, to enterprise-wide network intrusions and cyberattacks with national security implications. Keily has worked with national and international law enforcement and is called upon to act as external legal counsel to security and forensics firms when engaging with regulators.

In the civil arena, Keily has led on a number of high profile privacy litigation matters, including civil damages claims and collective actions following personal data breaches and privacy-related judicial reviews. She frequently counsels clients on the growing risk of privacy-related class actions and interventions by privacy advocates in the UK and the European Union.

Keily uses the insights from her litigation and enforcement practice to inform her advisory work, where she regularly advises stakeholders from legal, information security, privacy and the C-suite on a host of privacy and cybersecurity governance, risk mitigation and regulatory engagement strategies. This understanding of what matters to regulators and the courts is at the heart of her approach to privacy advisory and compliance work. According to clients Keily has the "subject matter expertise and ability to understand and interact with companies' culture and capabilities, recognising a one size fits all approach doesn't work".

She is ranked as a key practitioner in data protection, privacy and cybersecurity in The Legal 500 and has represented the private sector at the United Nations and the European Criminal Bar Association. Keily also sits on the Law360's 2020 Editorial Advisory Board on Cybersecurity & Privacy and leads the IAPP Cyber & Privacy Investigations, Enforcement & Litigation Affinity Group. She is committed to improving diversity and social mobility in the legal sector.  

Prior to joining Orrick, Keily led the Contentious Data Privacy, Law & Strategy practice at PwC having been a litigator at two international law firms before this.

James Lloyd

Practice:

  • Technology Sector
  • Cyber, Privacy & Data Innovation
  • Government Investigations and Enforcement Actions
  • Complex Litigation & Dispute Resolution
  • Internal Investigations
  • General Data Protection Regulation

James Lloyd Partner Cyber, Privacy & Data Innovation, Government Investigations and Enforcement Actions

Londra

James Lloyd is a partner in Orrick's “outstanding” Cyber & Data Privacy Enforcement & Litigation Practice in London. Working with clients to navigate all aspects of international data privacy and cyber security crises to achieve better commercial, regulatory and judicial outcomes.

With a background in litigation and investigations, James brings a unique approach to cybersecurity and privacy in the UK and Europe. James serves his clients in guiding their response to cyberattacks, data breaches and enforcement action by data protection regulators. Described by his clients as “extremely knowledgeable and can always be relied on to provide timely, pragmatic and commercial advice,” James helps them navigate the confusing and, at times, contradictory world of privacy with confidence, and supports them to achieve their overall business aims and objectives.

James has led the response to significant enforcement investigations by international and domestic regulators, including the UK’s Information Commissioner’s Office, law enforcement agencies and Parliamentary Select Committees and also has significant expertise in conducting internal investigations on behalf of international corporations. Backed by extensive litigation experience, he is able to defend his clients when data privacy issues lead to litigation. Understanding what matters to regulators and the courts is at the heart of his approach to privacy advisory and compliance work.

 

16512_740x360

Practice:

  • Technology Sector
  • Cyber, Privacy & Data Innovation
  • Intellectual Property
  • Technology Companies Group
  • Copyright, Trademark & False Advertising
  • White Collar
  • Corporate
  • Internet of Things
  • Automotive Technology & Mobility
  • IP Licensing and Technology Transactions

Dr. Christian Schröder Partner Cyber, Privacy & Data Innovation, Intellectual Property

Düsseldorf

Dr. Christian Schröder heads Orrick's IP/IT & Data Privacy Practice Group in Germany in Orrick’s Düsseldorf Office. Christian advises medium sized (Mittelstand) companies to large multinationals on IP, Unfair and Deceptive Trade Practices, E-Commerce, IT and Data Privacy/Data Protection.

He is listed in Germany's leading lawyer ranking magazine JUVE as frequently recommended data privacy expert and clients recommend him to JUVE for his "reliable and actionable advice". Christian and his practice are also ranked by The Legal 500 Germany and The Legal 500 EMEA as well as Germany’s business journals WiWo and Handelsblatt for being among the leading German and European IT and data privacy practices (2019 and 2020), clients referred to him and his team as "Top data privacy expert", "extremely knowledgeable", and "able to explain complex legal issues in an easily understandable way so that both legal and economic decisions can be made". Christian Schröder is recommended for his "data protection expertise and quick comprehension as well as his entrepreneurial acumen."

Christian provides IP/IT advice in M&A transactions and advises on IP focused joint ventures. He supports companies on the set-up of webshops, outsourcings, license agreements, in cases of trademark or unfair and deceptive trade practice issues as well as on hard and software license and IT project agreements.

As a core member of Orrick's global Cyber, Privacy & Data Innovation practice, Christian has a special focus on data privacy/data protection matters. In particular, Christian advises on privacy compliance programs, a risk-based approach to privacy, on implementing databases and new software applications, in particular, cloud based solutions. He advises on IT and data privacy contracts, internal data privacy policies, binding corporate rules, user agreements on BYOD, whistleblowing schemes, e-discovery, security breaches, and intra-group data sharing on a national and international basis. Christian regularly represents market leading clients in IT and data privacy contract negotiations and regularly defends companies against unfair access to their know-how by competitors and against unfair poaching of customers and employees.