1. Home
  2. People
  3. Santiesteban, Joseph C

Joseph C Santiesteban

Partner

シアトル

Joe is a trusted cybersecurity lawyer and strategic advisor, who regularly steers clients through data breaches as a partner in crisis management.

He brings significant experience advising companies – from one of the largest telecommunications providers to leading entertainment companies to startups on the cutting-edge of AI and more – on the full cycle of an incident. He also advises clients regarding regulatory investigations, class actions, and contract disputes that frequently flow from privacy and cybersecurity incidents.

His goal is to help clients respond quickly and with integrity to protect their brand, build trust and mitigate legal risk. He is highly adept at directing incident investigations, analyzing potential claims and defenses, examining potential notification obligations and advising on communications strategies that build trust and engagement.

Joe is committed to using these experiences to finding creative and engaging strategies to help companies proactively prepare for an incident and mitigate cybersecurity legal risk. This includes helping to build and improve incident response programs through incident response plans, simulated incidents, threat workshops, and training.  It also includes assisting clients to practically evaluate legal risk of security decisions in a variety of transactions and across the product lifecycle. He is driven by a desire to evolve what it means to be a cybersecurity lawyer in the face of rapidly evolving technologies and laws. As a leader, he strives to create spaces where people are valued and solve problems creatively and collaboratively.

He also provides strategic advice to cybersecurity companies, including those looking to push technological and defense boundaries in cyber defense, incident response, and threat intelligence. This includes helping companies maximize their security offerings by navigating the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and the Federal Wiretap Act, as well as state law analogs.

Joe serves on the Orrick’s Finance and Audit Committee and Pro Bono Committee. A leader and advocate for diversity and inclusion initiatives, Joseph is the co-head of the Latinx affinity group at Orrick and served as a fellow for the Leadership Counsel on Legal Diversity. He is also a member of the Washington Latino Bar Association and the Hispanic National Bar Association.

  • Incident Response

    • Advised cybersecurity company with all aspects of a complex network intrusion with product security implications.
    • Represented multinational telecommunications company regarding sophisticated attack leveraging zero-day vulnerabilities in cloud infrastructure. 
    • Advised multiple companies in cybersecurity, consumer goods, and telecommunications regarding incidents with potential nation-state implications. 
    • Advised online media company regarding a potential security involving more than 200 million records. 
    • Represented travel and leisure company in response to ransomware event with global implications.
    • Advised solar and wind farm operator regarding system-wide ransomware attack with IT and OT implications.  
    • Advised media company regarding forensic investigation of cyber breach and potential international implications.
    • Advised technology company regarding potential notification obligations and third-party claims stemming theft of millions of dollars during cyber incident.

    Counseling and Transactions

    • Advised multiple large sophisticated software and hardware developers regarding the response to identified zero-day vulnerabilities. 
    • Regularly assists clients to efficiently develop incident response programs with clear roles and responsibilities, efficient escalations and decision-making, and a risk-tailored response.
    • Regularly conducts incident response assessments, often in conjunction with forensic teams, to streamline incident response and reduce legal risk. 
    • Regularly advises regarding cybersecurity risks in financings, mergers, and securities transactions.
    • Directed cybersecurity assessment and enhancement planning for international retailer.
    • Performed privacy, security and digital needs assessment for consumer products company with operations in more than 100 countries around the globe.
    • Managed a team providing advice to a U.S.-based technology company on privacy and security compliance relevant to planned expansion in Europe, Middle East, Africa and Asia.
    • Developed a global privacy program for a major food products company operating in more than 40 countries around the globe.
    Strategic Cyber Advice:
    • Advised multiple security hardware and software developers regarding legal implications of offensive defense tactics and threat intelligence gathering. 
    • Advised credential verification service regarding credential gathering and sales strategy. 
    • Advised security risk assessment firm regarding CFAA and state analog implications

    Litigation and Enforcement

    • LabMD. Represented LabMD in its successful petition to the U.S. Court of Appeals resulting in the first-ever court decision overturning an FTC cybersecurity action.
    • Hilton Worldwide. Represented Hilton in first-of-its kind trial in claim against payment card processor and acquirer stemming from data security incident. 
    • Supervalu Inc. Prevailed on data breach class action in district court and Eighth Circuit.  Target. Advised Target Corp. in responding to card brand inquiries and defending card issuer litigation stemming from the data security breach that Target announced in December 2013.
    • Landry's. Advised Landry's regarding its claims against two major card brands arising out of their allegedly unlawful conduct in imposing substantial assessments related to a data security breach suffered by Landry's.
    • Arby’s Restaurant Group. Advised Arby's regarding defense against all third-party claims arising from a payment card incident announced in February 2017.
    • Genesco. Advised Genesco on how to address its various legal obligations and exposures resulting from a substantial data security breach that Genesco discovered in late 2010.