James Lloyd



James Lloyd is a partner in Orrick's “outstanding” Cyber & Data Privacy Enforcement & Litigation Practice in London. Working with clients to navigate all aspects of international data privacy and cyber security crises to achieve better commercial, regulatory and judicial outcomes.

With a background in litigation and investigations, James brings a unique approach to cybersecurity and privacy in the UK and Europe. James serves his clients in guiding their response to cyberattacks, data breaches and enforcement action by data protection regulators. Described by his clients as “extremely knowledgeable and can always be relied on to provide timely, pragmatic and commercial advice,” James helps them navigate the confusing and, at times, contradictory world of privacy with confidence, and supports them to achieve their overall business aims and objectives.

James has led the response to significant enforcement investigations by international and domestic regulators, including the UK’s Information Commissioner’s Office, law enforcement agencies and Parliamentary Select Committees and also has significant expertise in conducting internal investigations on behalf of international corporations. Backed by extensive litigation experience, he is able to defend his clients when data privacy issues lead to litigation. Understanding what matters to regulators and the courts is at the heart of his approach to privacy advisory and compliance work.


  • Cybersecurity & Privacy Investigations & Enforcement

    • Represented medical equipment manufacturer in ransomware attack affecting records of individuals in Europe.
    • Represented major consumer goods company in network intrusion affecting records of individuals in Europe, Africa, and the Middle East.
    • Represented identity verification company in assessment notice (data protection audit) process and subsequent monitorship.
    • Represented phone manufacturer based in China in internal investigation into data protection practices and potential ICO investigation.
    • Represented social media monetisation platform in cyberattack involving theft of hundreds of thousands of records, including ensuing notifications to regulators and individuals in Europe, Asia and Africa.
    • Represented major university in ransomware attack that compromised records worldwide.
    • Represented financial institution in security breach affecting thousands of records in Europe, including ensuing notification to regulator.
    • Represented IT service management company in security breach brought about by 'white hat' hacker affecting thousands of records in Europe.
    • Represented identity verification company in security breach at third party supplier that affected thousands of sensitive records.
    • Represented management software vendor in security breach affecting North America and Europe.

    Privacy Advisory

    • Represented identity verification company to advise on privacy issues in connection with acquisition.
    • Represented global merchant and food processor to advise on cybersecurity reporting obligations.
    • Represented mobile phone manufacturer in China in connection with development of privacy policy.

    Privacy Litigation

    • Represented online dating company in defending claims brought by individuals affected by cybersecurity breach.
    • Represented technology company in pursuing a claim against cyber attackers that led to the misappropriation of funds.
    • Represented individuals in pursuing a claim arising out of a campaign of harassment.
    • Represented identity verification company in dispute with supplier over breach of licensing terms.
    • Represented property investment company in defending a claim brought by a client in connection with a personal data breach.