Cybersecurity and Data Privacy


Businesses today face constant, and constantly evolving, cybersecurity risk.  Cyberattacks can cost victim businesses millions of dollars and create a host of complex problems, including the theft of valuable business information, regulatory investigations and penalties, civil lawsuits by shareholders and customers, demands for cooperation from law enforcement agencies, adverse media attention, and loss of customer trust and loyalty.  Regulators, recognizing the threat posed by computer hackers to businesses and critical infrastructure, are constantly proposing and implementing new rules that require businesses to adopt comprehensive cybersecurity and data protection programs.

Cadwalader’s White Collar Defense and Investigations group, which includes former federal prosecutors, a former Department of Defense analyst, and two Certified Information Privacy Professionals, has the experience and background to provide legal advice to clients in all aspects of cybersecurity, data privacy, and incident response. Partners have represented clients before the Department of Justice, the Federal Trade Commission, the Securities and Exchange commission, the Commodity Futures Trading Commission, and the New York Department of financial Services, and advised clients on cybersecurity matters including:

  • Cybersecurity Programs and Compliance. Identifying and assessing clients’ cybersecurity risks – including the risks posed by their third party service providers – to develop and implement the policies and procedures necessary to comply with regulations and reduce the risk of harmful cyberattacks. 
  • Incident Response and Investigations. Quickly identifying and retaining appropriate computer forensic consultants, directing internal investigations into potential incidents, managing law enforcement and regulatory interactions, overseeing breach notifications and public disclosures, and preparing for potential regulatory action or civil litigation.
  • Regulatory Defense and Litigation. Defending corporate victims of cyberattacks in regulatory enforcement proceedings and lawsuits from shareholders, customers, and other businesses.
  • Advised a publicly-traded company which had suffered a major data breach involving personal identifiable information (PII) on federal and state data breach notification obligations to customers and regulators
  • Advised a private company which had suffered a ransomware attack on state notification obligations and in a vendor contract dispute
  • Advised public and private companies in the hospitality, financial services, and national security industries on developing and implementing cybersecurity compliance programs
  • Advised a non-profit client on developing bring-your-own-device and other cybersecurity compliance policies and employee training modules
  • Advised various clients on cybersecurity compliance obligations involving the Federal Trade Commission, the Securities and Exchange Commission, the Commodity Futures Trading Commission, and the NY Department of Financial Services
  • Advised U.S. clients with European operations on compliance with the EU General Data Protection Regulation (GDPR)
  • Represented a former senior executive facing criminal charges under the Computer Fraud and Abuse Act

5 Attorneys

Avergun, Jodi L. Senior Counsel Washington
T. +1 202 862 2456
Breen, Kenneth M. Partner New York
T. +1 212 504 6240
Guberman, Phara A. Partner New York
T. +1 212 504 6241
Halper, Jason M. Partner New York
T. +1 212 504 6300
Tompkins, Anne M. Partner Charlotte
T. +1 704 348 5222
T. +1 202 862 2496