Keily Blair Partner, Cyber, Privacy & Data Innovation, Government Investigations and Enforcement Actions
Lloyd’s Market Association
Webinar | June.21.2021 | 10am - 11am (Eastern Daylight Time)Online Webinar
Keily Blair, James Lloyd, Doug Meal and Heather Egan Sussman, partners in Orrick’s Cyber, Privacy & Data Innovation and Complex Litigation & Dispute Resolution Groups, will discuss the rising threat of increased cybersecurity exposure. They will also explore collective actions arising from data breach and allegations of wrongful collection, privacy liability and statutory damages and what’s next for privacy and cyber civil claims from both a United States (U.S.) and United Kingdom (UK) perspective.
Orrick is joined by fellow speakers from Hiscox and CFC Underwriting, Ltd. The program is hosted by Lloyd’s Market Association, an organization dedicated to identifying and resolving issues which are of particular interest to the underwriting community and to partner with the Corporation of Lloyd’s and other organizations to influence the course of future market initiatives.
Keily Blair heads up the Cyber, Privacy & Data Innovation Group in London. Keily works with her clients as a "strategic business partner" to navigate privacy and cyber security crises to achieve better commercial, regulatory and judicial outcomes.
Keily's litigation and enforcement background provides her a different perspective on cybersecurity and data privacy issues. She has led the response to investigations by the United Kingdom’s Information Commissioner’s Office (UK ICO), the Irish Data Protection Commission, the Competition and Markets Authority (CMA), the Financial Conduct Authority (FCA), the Serious Fraud Office (SFO), Parliamentary Select Committees and United States (U.S.) regulators, including the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) and the Securities and Exchange Commission (SEC). Keily has also acted as external legal counsel for privacy and financial service regulators.
On cybersecurity issues, Keily directs cybersecurity incidents and investigations across multiple jurisdictions and incident types from simple business email compromises, to enterprise-wide network intrusions and cyberattacks with national security implications. Keily has worked with national and international law enforcement and is called upon to act as external legal counsel to security and forensics firms when engaging with regulators.
In the civil arena, Keily has led on a number of high profile privacy litigation matters, including civil damages claims and collective actions following personal data breaches and privacy-related judicial reviews. She frequently counsels clients on the growing risk of privacy-related class actions and interventions by privacy advocates in the UK and the European Union.
Keily uses the insights from her litigation and enforcement practice to inform her advisory work, where she regularly advises stakeholders from legal, information security, privacy and the C-suite on a host of privacy and cybersecurity governance, risk mitigation and regulatory engagement strategies. This understanding of what matters to regulators and the courts is at the heart of her approach to privacy advisory and compliance work. According to clients Keily has the "subject matter expertise and ability to understand and interact with companies' culture and capabilities, recognising a one size fits all approach doesn't work".
She is ranked as a key practitioner in data protection, privacy and cybersecurity in The Legal 500 and has represented the private sector at the United Nations and the European Criminal Bar Association. Keily also sits on the Law360's 2020 Editorial Advisory Board on Cybersecurity & Privacy and leads the IAPP Cyber & Privacy Investigations, Enforcement & Litigation Affinity Group. She is committed to improving diversity and social mobility in the legal sector.
Prior to joining Orrick, Keily led the Contentious Data Privacy, Law & Strategy practice at PwC having been a litigator at two international law firms before this.
Seasoned trial lawyer Doug Meal defends clients targeted by litigation and government investigations stemming from major privacy and cybersecurity incidents. According to Chambers USA, clients select Doug because "[h]e is the premier expert in this field and knows how to run a breach response process from A to Z”; is “extremely experienced [and] can give immediate advice off the top of his head"; "has been in court through trials and negotiations, all aspects of the litigation, and is highly effective in all of them"; and "is good to work with, personable and very authoritative." This year, clients said, "I would trust him with my life if I ran into a litigation"; "Doug is extremely calm and has a way of presenting and explaining problems which makes you feel empowered to do your job"; and "He has great experience in this field and is a solid rock in litigation." Based on client assessments like these, Chambers USA has named Doug as the first and only “Band 1” litigator in the Privacy and Data Security category, describing him as the “market leader,” being “regarded by market sources as the leading privacy litigator in the USA” and “the dean of the data breach litigation Bar."
As the lead outside lawyer handling claims and/or regulatory investigations stemming from the data security breaches suffered by Target, Neiman Marcus, The Home Depot, Hilton Worldwide, Landry’s, Arby’s, Shopify, Chegg, Supervalu, Sally Beauty, Sony, Heartland Payment Systems, TJ Maxx, Hannaford Brothers, Aldo, Genesco, and Wyndham Hotels—some of the most highly publicized breaches in recent years—Doug has become the national leader in defending companies that suffer breaches involving consumer information against the ensuing claims and regulatory investigations. Doug’s recent successes include leading the team that prevailed in the closely watched LabMD v. FTC litigation, convincing the U.S. Court of Appeals for the Eleventh Circuit to become the first court ever to overturn a cybersecurity enforcement action by the FTC.
Doug has been recognized four times as one of The Cybersecurity Docket’s Incident Response 40—a list of the top 40 incident response lawyers in the United States. He is also a five-time Law360 Privacy MVP.
Heather Egan Sussman is head of Orrick's global Cyber, Privacy & Data Innovation Group. She focuses on privacy, cybersecurity and information management, and is ranked by Chambers USA, Chambers Global and The Legal 500 United States as a leader in her field. Chambers explains companies turn to Heather because she “understands all the business issues and the dynamics of how to implement privacy programs [and is] extraordinarily thoughtful, very pragmatic and responsive.”
Heather routinely guides clients through the existing patchwork of laws impacting privacy and cybersecurity around the globe. In the U.S. this includes advising on federal and state laws that include:
Outside of the U.S., she manages teams of talented counsel around the world to deliver seamless advice for clients that operate across many jurisdictional lines, developing comprehensive privacy and cybersecurity programs that address competing regulatory regimes. She drafts online privacy notices for global rollout and implements data transfer mechanisms for the free flow of data worldwide.
Heather also helps clients develop and achieve their data innovation strategies, so they can leverage the incredible value of data and digital technologies in ways that not only meet compliance obligations, but also support innovation, deliver value to the business, meet security needs and solidify brand and consumer trust.
Heather devotes a significant part of her practice to helping clients reduce the risk of privacy and security incidents, and she offers a comprehensive menu of services designed to do just this. In the event of a privacy or security breach, she helps companies respond, successfully guiding them through investigation, remediation, notification and any ensuing government inquiries. Companies routinely rely on her to manage their response to catastrophes, investigations and government probes involving conduct by employees, contractors and third parties.
Heather guides clients through comprehensive privacy and cybersecurity assessments worldwide, vets privacy and security risks in corporate transactions, conducts internal investigations stemming from data incidents, and she drafts and negotiates contracts concerning data-related vendors and arrangements. She regularly counsels businesses on how to mitigate risks associated with the collection, use, retention, disclosure, transfer and disposal of personal data.
Her clients come from diverse business sectors, including technology, financial services, retail, consumer products, energy and infrastructure, healthcare and life sciences, manufacturing, food and beverage, media, academic institutions, service industries.
Heather frequently writes on current privacy and information security issues before trade and legal organizations and has been quoted in hundreds of major news outlets, including MSNBC.com, ABCNews.com, The New York Times, The Los Angeles Times, Bloomberg BusinessWeek, The San Francisco Chronicle, Washington Times, Houston Chronicle.