Four Decades for Justice
As cybersecurity technology becomes increasingly complex and regulators continue to impose new cyber‑related obligations on companies, Cravath’s interdisciplinary Data Security and Privacy Practice is poised to counsel our clients on the array of challenges arising from the entire data lifecycle. Our team of attorneys advises on a wide variety of issues, from compliance to incident response to post‑breach investigation, regulatory intervention and litigation, as well as the full range of data security and privacy issues that arise in corporate transactions and projects.
Our advisory lawyers counsel clients on compliance under the California Consumer Privacy Act (CCPA), European Union’s General Data Protection Regulation (GDPR) and other data protection regimes by conducting—often with the help of expert consultants—assessments of our clients’ data security and privacy programs to help them develop and implement comprehensive compliance strategies and, for public companies, make appropriate disclosures in their periodic filings. We also conduct data privacy and data security due diligence in connection with mergers and acquisitions and other corporate transactions and provide advice with respect to securities law disclosures.
In the event of a data breach or other type of cyber incident, including those with a cross‑border dimension, our investigations team assists companies in coordinating the response, conducting internal investigations, advising with regard to breach notification and communicating with U.S.‑based and foreign regulatory and enforcement authorities. If an incident results in follow‑on litigation, the members of our preeminent litigation practice are ready to defend against securities claims and other types of class actions. We also counsel companies and boards of directors on the development and implementation of crisis management strategies before incidents occur.
Our corporate lawyers provide advice on a wide variety of data privacy and data security issues across the whole spectrum of types of transactions and projects, as well as public company disclosures. These include consideration and analysis of data collection, data storage, joint data processor issues, cross‑border data sharing, protection of personally identifiable and other sensitive information, privacy management and data privacy regulation.
Our Data Security and Privacy Practice includes seasoned attorneys with a range of experience from private practice and senior levels of government, including former senior U.S. Securities and Exchange Commission lawyers, former senior U.S. Department of Justice officials, a former Chief of the National Security & Cybercrime Section of the U.S. Attorney’s Office for the Eastern District of New York, a former Under Secretary of Commerce and Director of the U.S. Patent and Trademark Office, and trial attorneys with deep experience with a broad range of technology issues.
We also regularly contribute to thought leadership in the cybersecurity and data privacy space, providing client memos, writing for mainstream and industry publications and routinely speaking on cybersecurity‑related panels, including on topics concerning emerging cybersecurity threats and collateral consequences for businesses as well as developments in privacy and cybersecurity law from U.S. and cross‑border perspectives.
Our advisory lawyers counsel clients on compliance under the California Consumer Privacy Act (CCPA), European Union’s General Data Protection Regulation (GDPR) and other data protection regimes by conducting—often with the help of expert consultants—assessments of our clients’ data security and privacy programs to help them develop and implement comprehensive compliance strategies and, for public companies, make appropriate disclosures in their periodic filings. We also conduct data privacy and data security due diligence in connection with mergers and acquisitions and other corporate transactions and provide advice with respect to securities law disclosures.
In the event of a data breach or other type of cyber incident, including those with a cross‑border dimension, our investigations team assists companies in coordinating the response, conducting internal investigations, advising with regard to breach notification and communicating with U.S.‑based and foreign regulatory and enforcement authorities. If an incident results in follow‑on litigation, the members of our preeminent litigation practice are ready to defend against securities claims and other types of class actions. We also counsel companies and boards of directors on the development and implementation of crisis management strategies before incidents occur.
Our corporate lawyers provide advice on a wide variety of data privacy and data security issues across the whole spectrum of types of transactions and projects, as well as public company disclosures. These include consideration and analysis of data collection, data storage, joint data processor issues, cross‑border data sharing, protection of personally identifiable and other sensitive information, privacy management and data privacy regulation.
Our Data Security and Privacy Practice includes seasoned attorneys with a range of experience from private practice and senior levels of government, including former senior U.S. Securities and Exchange Commission lawyers, former senior U.S. Department of Justice officials, a former Chief of the National Security & Cybercrime Section of the U.S. Attorney’s Office for the Eastern District of New York, a former Under Secretary of Commerce and Director of the U.S. Patent and Trademark Office, and trial attorneys with deep experience with a broad range of technology issues.
We also regularly contribute to thought leadership in the cybersecurity and data privacy space, providing client memos, writing for mainstream and industry publications and routinely speaking on cybersecurity‑related panels, including on topics concerning emerging cybersecurity threats and collateral consequences for businesses as well as developments in privacy and cybersecurity law from U.S. and cross‑border perspectives.
Activities & Publications
April 16, 2024
Cravath partners Gary A. Bornstein and Noah Joshua Phillips and practice area attorney Benjamin J. Bauer participated in the American Bar Association’s 2024 Antitrust Law Section Spring Meeting, which was held from April 10‑12, 2024, in Washington, D.C., and convened international antitrust, consumer protection and data privacy professionals.
Activities & Publications
April 09, 2024
On April 8, 2024, Cravath prepared a memo for its clients entitled “CISA Proposes Federal Cyber Incident Reporting Requirements for Businesses Across 16 Sectors.” The memo examines the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s recently proposed rule, entitled “Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements,” which sets forth the nation’s first broadly applicable federal cyber incident reporting requirements. The memo summarizes the criteria that will determine what entities will be covered if the rule is adopted as proposed; what will need to be reported; when reports will need to be filed; and other key aspects of the proposed rule.
Activities & Publications
April 02, 2024
In April 2024, Cravath continued its “Tech Explainers” series, which introduces and explains technical, cutting‑edge concepts and describes their importance in a way that is accessible to and easily understood by business and legal professionals outside the technical community.
Activities & Publications
March 21, 2024
Five Cravath partners were selected to serve on Law360’s 2024 Editorial Advisory Boards: Wes Earnhardt (Media & Entertainment), Evan Norris (Cybersecurity & Privacy), Helam Gebremariam (Securities), Bethany A. Pfalzgraf (Mergers & Acquisitions) and Maurio A. Fiore (Private Equity). As Editorial Advisory Board members, they will provide feedback on Law360’s coverage and expert insight on how best to shape future coverage.
Activities & Publications
March 18, 2024
On March 14, 2024, Cravath hosted its 2024 Web3 Regulatory Forum at its offices in New York. The event brought together lawyers from the Firm, market participants, executives, investors and others for presentations by practitioners, current and former regulators, and interactive roundtables examining the most significant regulatory developments in the digital assets and Web3 space.
Activities & Publications
April 16, 2024
Cravath partners Gary A. Bornstein and Noah Joshua Phillips and practice area attorney Benjamin J. Bauer participated in the American Bar Association’s 2024 Antitrust Law Section Spring Meeting, which was held from April 10‑12, 2024, in Washington, D.C., and convened international antitrust, consumer protection and data privacy professionals.
Activities & Publications
April 09, 2024
On April 8, 2024, Cravath prepared a memo for its clients entitled “CISA Proposes Federal Cyber Incident Reporting Requirements for Businesses Across 16 Sectors.” The memo examines the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s recently proposed rule, entitled “Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements,” which sets forth the nation’s first broadly applicable federal cyber incident reporting requirements. The memo summarizes the criteria that will determine what entities will be covered if the rule is adopted as proposed; what will need to be reported; when reports will need to be filed; and other key aspects of the proposed rule.
Activities & Publications
April 02, 2024
In April 2024, Cravath continued its “Tech Explainers” series, which introduces and explains technical, cutting‑edge concepts and describes their importance in a way that is accessible to and easily understood by business and legal professionals outside the technical community.
Activities & Publications
March 21, 2024
Five Cravath partners were selected to serve on Law360’s 2024 Editorial Advisory Boards: Wes Earnhardt (Media & Entertainment), Evan Norris (Cybersecurity & Privacy), Helam Gebremariam (Securities), Bethany A. Pfalzgraf (Mergers & Acquisitions) and Maurio A. Fiore (Private Equity). As Editorial Advisory Board members, they will provide feedback on Law360’s coverage and expert insight on how best to shape future coverage.
Activities & Publications
March 18, 2024
On March 14, 2024, Cravath hosted its 2024 Web3 Regulatory Forum at its offices in New York. The event brought together lawyers from the Firm, market participants, executives, investors and others for presentations by practitioners, current and former regulators, and interactive roundtables examining the most significant regulatory developments in the digital assets and Web3 space.
Celebrating 200 years of partnership. In 2019, we celebrated our bicentennial. Our history mirrors that of our nation. Integral to our story is our culture.
Attorney Advertising. ©2024 Cravath, Swaine & Moore LLP.