Keily Blair



Keily Blair heads up the Cyber, Privacy & Data Innovation Group in London. Keily works with her clients as a "strategic business partner" to navigate privacy and cyber security crises to achieve better commercial, regulatory and judicial outcomes.

Keily's litigation and enforcement background provides her a different perspective on cybersecurity and data privacy issues. She has led the response to investigations by the United Kingdom’s Information Commissioner’s Office (UK ICO), the Irish Data Protection Commission, the Competition and Markets Authority (CMA), the Financial Conduct Authority (FCA), the Serious Fraud Office (SFO),  Parliamentary Select Committees and United States (U.S.) regulators, including the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) and the Securities and Exchange Commission (SEC). Keily has also acted as external legal counsel for privacy and financial service regulators.

On cybersecurity issues, Keily directs cybersecurity incidents and investigations across multiple jurisdictions and incident types from simple business email compromises, to enterprise-wide network intrusions and cyberattacks with national security implications. Keily has worked with national and international law enforcement and is called upon to act as external legal counsel to security and forensics firms when engaging with regulators.

In the civil arena, Keily has led on a number of high profile privacy litigation matters, including civil damages claims and collective actions following personal data breaches and privacy-related judicial reviews. She frequently counsels clients on the growing risk of privacy-related class actions and interventions by privacy advocates in the UK and the European Union.

Keily uses the insights from her litigation and enforcement practice to inform her advisory work, where she regularly advises stakeholders from legal, information security, privacy and the C-suite on a host of privacy and cybersecurity governance, risk mitigation and regulatory engagement strategies. This understanding of what matters to regulators and the courts is at the heart of her approach to privacy advisory and compliance work. According to clients Keily has the "subject matter expertise and ability to understand and interact with companies' culture and capabilities, recognising a one size fits all approach doesn't work".

She is ranked as a key practitioner in data protection, privacy and cybersecurity in The Legal 500 and has represented the private sector at the United Nations and the European Criminal Bar Association. Keily also sits on the Law360's 2020 Editorial Advisory Board on Cybersecurity & Privacy and leads the IAPP Cyber & Privacy Investigations, Enforcement & Litigation Affinity Group. She is committed to improving diversity and social mobility in the legal sector.  

Prior to joining Orrick, Keily led the Contentious Data Privacy, Law & Strategy practice at PwC having been a litigator at two international law firms before this.

  • Cybersecurity & Privacy Investigations & Enforcement
    • Represented travel and leisure company in ransomware attack affecting records of individuals worldwide, and ensuing investigations in Europe and the US.
    • Represented identity verification company in assessment notice (data protection audit) process and subsequent monitorship.
    • Represented application services and networking company in data breach affecting numerous systems worldwide, including ensuing claims by customers.
    • Represented phone manufacturer based in China in internal investigation into data protection practices and potential ICO investigation.
    • Represented social media monetisation platform in cyberattack involving theft of hundreds of thousands of records, including ensuing notifications to regulators and individuals in Europe, Asia and Africa.
    • Represented major university in ransomware attack that compromised records worldwide
    • Represented information security professionals in litigation and investigations in connection with large data breaches.
    • Represented financial institution in security breach affecting thousands of records in Europe, including ensuing notification to regulator.
    • Represented identity verification company in security breach at third party supplier that affected thousands of sensitive records.

    Privacy Advisory
    • Represented identity verification company to advise on privacy issues in connection with acquisition.
    • Represented global merchant and food processor to advise on cybersecurity reporting obligations.
    • Represented industrial products company to advise on GDPR considerations connected with employee monitoring.
    • Represented mobile phone manufacturer in China in connection with development of privacy policy.
    • Represented technology products company in connection with EU cybersecurity and privacy counselling.

    Privacy Litigation
    • Represented online dating company in defending claims brought by individuals affected by cybersecurity breach.
    • Represented technology company in pursuing a claim against cyber attackers that led to the misappropriation of funds.