Our Practice

Our Cybersecurity & Data Protection team provides tactical, real-time advice to the world’s leading companies and boards on complex, high-stakes cyber incidents, national security, and data privacy and protection matters, whether in the regulatory, litigation or transactional context.

The global team is led by one of the most respected national security lawyers and an architect of the modern U.S. cybersecurity regime; a former leading member of Special Counsel Robert Mueller’s team who spearheaded investigations of Russian cyber, social media and intelligence efforts to influence the 2016 presidential election; and a former U.S. Secretary of Homeland Security. The team also includes a former Treasury Department deputy general counsel with responsibility for data protection and cybersecurity matters affecting the financial sector; a former Assistant U.S. Attorney in the Southern District of New York who served as chief of the Complex Frauds and Cybercrime Unit; a former in-house privacy counsel at IBM; and several former Federal Trade Commission officials, among others.

Complementing our U.S. practice, our dedicated teams in London and Brussels also advise on a broad range of UK and European privacy, data and data security laws and matters, including guidance on General Data Protection Regulation (GDPR). We also maintain a robust global network of data privacy and cybersecurity counsel in other key jurisdictions.

Companies processing sensitive or personal data, experiencing breaches impacting national security laws or accused of misuse of consumer data need comprehensive advice. Recognized by Chambers and Global Data Review, the Paul, Weiss team is a global legal authority on data privacy and security, guiding clients through the entire compliance and threat landscape. Our full-service approach helps clients safely navigate the entire spectrum of challenges that may be triggered by a breach, including media scrutiny and reputational damage, potential business impacts, government investigations and enforcement actions, congressional investigations and complex litigation, including class actions and derivative suits targeting boards. We provide both real-time guidance in the immediate aftermath of an incident and longer-term advice on responding to litigation and regulatory fallout.

We also focus on stemming problems before they arise. In a compliance context, we can help in:

• understanding fast-changing regulations, regulatory expectations, disclosure obligations and industry standards related to cyber- and national security and data privacy;
• developing “best in class” but yet pragmatic compliance frameworks to identify and address data collection, sharing, use and retention practices that may give rise to national security, privacy, consumer protection or other regulatory risks;
• analyzing the viability, legality and risk of proposed products, practices and business models in connection with national security laws or privacy regulations;
• crafting national security, cybersecurity and privacy policies and procedures tailored to both external and internal risks; and
• reviewing and implementing crisis management and disaster recovery plans.

In the transactional context, we have advised private equity investors and public companies on national security, privacy and cybersecurity risks and potential mitigations concerning hundreds of transactions in recent years, including those involving technology, adtech, fintech, healthcare, consumer marketing and other businesses. We also help clients understand how to monetize and leverage data in a manner that complies with relevant privacy laws while achieving their business outcomes.