Cravath’s London Office Moves to 100 Cheapside
Cybersecurity & Data Privacy
Led by an interdisciplinary team of attorneys with a range of experience from private practice and senior levels of government, Cravath’s Cybersecurity & Data Privacy Practice provides clients with advice and insights to guide them in a challenging and ever‑evolving threat and regulatory landscape. We handle matters ranging from incident response and cybersecurity and privacy compliance advice to internal investigations, regulatory enforcement, class action defense and corporate governance, as well as the full range of cyber- and privacy‑related issues that arise in domestic and cross‑border corporate transactions. We also bring to bear our expertise to counsel clients across industries at the intersection of cybersecurity and data privacy with emerging technologies such as artificial intelligence (AI), machine learning (ML), blockchain and other data-intensive fields.
Preparedness and Regulatory Compliance
Our advisory lawyers counsel clients on compliance with state, federal and international data protection regimes, such as the California Consumer Privacy Act, the federal Health Insurance Portability and Accountability Act and the European Union’s General Data Protection Regulation. We conduct assessments of our clients’ cyber and privacy controls, policies and procedures, incident response plans, insurance policies, and third‑party contracts to help them develop and implement strategies that best meet legal requirements and business needs. Our focus on compliance and preparedness extends to counseling senior executives and boards of directors regarding testing and crisis management strategies, including facilitating tabletop exercises. Our expertise also includes advising clients ranging from public companies and financial institutions to startups on compliance matters related to emerging technologies impacting cyber and privacy, including AI.
Incident Response, Enforcement and Litigation
In the event of a data breach, ransomware attack or other type of cyber incident or cyber‑enabled attack, our team assists companies in coordinating the response; overseeing the work of forensic consultants; conducting internal investigations; advising with regard to notification obligations and disclosures; engaging with regulatory and enforcement authorities; and implementing short- and long‑term remediation plans. Our representations span advising public and private companies across numerous industries, including highly‑regulated industries such as healthcare and financial services, and engaging with state and federal authorities across the United States. And if an incident has a cross‑border response or enforcement dimension, we work seamlessly with our close network of foreign firms to ensure coverage across all jurisdictions. Our preeminent Litigation Department also stands ready to step in and defend our clients vigorously if an incident results in follow‑on class action or shareholder derivative suits.
Corporate
Our corporate lawyers advise on a wide variety of cyber and privacy issues across the spectrum of projects. We collaborate with our leading Corporate Governance and Board Advisory Practice to advise on public company disclosures, and with our premier Corporate Department on issues relating to cybersecurity and personal and proprietary data that arise in Mergers and Acquisitions and other transactions. We work closely with our clients to achieve business objectives, including by conducting cyber and privacy due diligence to surface any issues, structuring and negotiating agreements governing the transfer, use or licensing of data and assisting with post‑closing data integration or separation.
Data Rights
In addition to our robust practice supporting broader corporate transactions, our team routinely handles complex matters for which data is the linchpin of the transaction’s success. Across a wide variety of industries—including biotech, entertainment, fintech, life sciences, software and telecommunications—and jurisdictions, our clients turn to us for guidance as to the creation, protection, acquisition and use of data and technology. We advise on the structuring and negotiation of a wide variety of data- and technology‑related agreements, including data, technology and IP licenses; development agreements; joint venture and collaboration agreements; software and SaaS agreements; manufacturing and supply agreements; distribution agreements; media and content rights agreements; and internal and external privacy policies and notices. With our deep understanding of the legal and technical complexities attendant to data- and technology‑driven transactions, we help our clients develop and adopt business strategies to maximize the competitive advantage of their data and technology portfolios, across all stages of development.
Artificial Intelligence & Machine Learning
We have extensive experience advising with respect to issues arising from AI, ML and automation. Using a holistic approach that addresses intellectual property, cybersecurity, data privacy, competition, ethics and regulatory issues, we counsel clients on responsible AI development and adoption, including compliance with emerging and existing AI regulatory regimes as well as other AI‑applicable regulatory regimes, guiding our clients through the legal and regulatory issues that arise from AI/ML commercialization and use. Our client base represents a cross‑section of the AI ecosystem, and includes market leaders, investors, developers and companies that develop, use or are impacted by AI, no matter the industry. We advise at all stages of AI generation and deployment, including with respect to its acquisition, development, distribution, protection, training and responsible adoption.
Our interdisciplinary team includes former senior officials and lawyers from the U.S. Department of Justice and Securities and Exchange Commission, a former Chief of the National Security & Cybercrime Section of the U.S. Attorney’s Office for the Eastern District of New York and a former Under Secretary of Commerce and Director of the U.S. Patent and Trademark Office, as well as trial attorneys and corporate attorneys with deep experience with a broad range of cyber and privacy issues.
We also regularly contribute to thought leadership on cybersecurity and data privacy, providing client memos, writing for mainstream and industry publications, speaking on panels and hosting seminars and roundtables.
Preparedness and Regulatory Compliance
Our advisory lawyers counsel clients on compliance with state, federal and international data protection regimes, such as the California Consumer Privacy Act, the federal Health Insurance Portability and Accountability Act and the European Union’s General Data Protection Regulation. We conduct assessments of our clients’ cyber and privacy controls, policies and procedures, incident response plans, insurance policies, and third‑party contracts to help them develop and implement strategies that best meet legal requirements and business needs. Our focus on compliance and preparedness extends to counseling senior executives and boards of directors regarding testing and crisis management strategies, including facilitating tabletop exercises. Our expertise also includes advising clients ranging from public companies and financial institutions to startups on compliance matters related to emerging technologies impacting cyber and privacy, including AI.
Incident Response, Enforcement and Litigation
In the event of a data breach, ransomware attack or other type of cyber incident or cyber‑enabled attack, our team assists companies in coordinating the response; overseeing the work of forensic consultants; conducting internal investigations; advising with regard to notification obligations and disclosures; engaging with regulatory and enforcement authorities; and implementing short- and long‑term remediation plans. Our representations span advising public and private companies across numerous industries, including highly‑regulated industries such as healthcare and financial services, and engaging with state and federal authorities across the United States. And if an incident has a cross‑border response or enforcement dimension, we work seamlessly with our close network of foreign firms to ensure coverage across all jurisdictions. Our preeminent Litigation Department also stands ready to step in and defend our clients vigorously if an incident results in follow‑on class action or shareholder derivative suits.
Corporate
Our corporate lawyers advise on a wide variety of cyber and privacy issues across the spectrum of projects. We collaborate with our leading Corporate Governance and Board Advisory Practice to advise on public company disclosures, and with our premier Corporate Department on issues relating to cybersecurity and personal and proprietary data that arise in Mergers and Acquisitions and other transactions. We work closely with our clients to achieve business objectives, including by conducting cyber and privacy due diligence to surface any issues, structuring and negotiating agreements governing the transfer, use or licensing of data and assisting with post‑closing data integration or separation.
Data Rights
In addition to our robust practice supporting broader corporate transactions, our team routinely handles complex matters for which data is the linchpin of the transaction’s success. Across a wide variety of industries—including biotech, entertainment, fintech, life sciences, software and telecommunications—and jurisdictions, our clients turn to us for guidance as to the creation, protection, acquisition and use of data and technology. We advise on the structuring and negotiation of a wide variety of data- and technology‑related agreements, including data, technology and IP licenses; development agreements; joint venture and collaboration agreements; software and SaaS agreements; manufacturing and supply agreements; distribution agreements; media and content rights agreements; and internal and external privacy policies and notices. With our deep understanding of the legal and technical complexities attendant to data- and technology‑driven transactions, we help our clients develop and adopt business strategies to maximize the competitive advantage of their data and technology portfolios, across all stages of development.
Artificial Intelligence & Machine Learning
We have extensive experience advising with respect to issues arising from AI, ML and automation. Using a holistic approach that addresses intellectual property, cybersecurity, data privacy, competition, ethics and regulatory issues, we counsel clients on responsible AI development and adoption, including compliance with emerging and existing AI regulatory regimes as well as other AI‑applicable regulatory regimes, guiding our clients through the legal and regulatory issues that arise from AI/ML commercialization and use. Our client base represents a cross‑section of the AI ecosystem, and includes market leaders, investors, developers and companies that develop, use or are impacted by AI, no matter the industry. We advise at all stages of AI generation and deployment, including with respect to its acquisition, development, distribution, protection, training and responsible adoption.
Our interdisciplinary team includes former senior officials and lawyers from the U.S. Department of Justice and Securities and Exchange Commission, a former Chief of the National Security & Cybercrime Section of the U.S. Attorney’s Office for the Eastern District of New York and a former Under Secretary of Commerce and Director of the U.S. Patent and Trademark Office, as well as trial attorneys and corporate attorneys with deep experience with a broad range of cyber and privacy issues.
We also regularly contribute to thought leadership on cybersecurity and data privacy, providing client memos, writing for mainstream and industry publications, speaking on panels and hosting seminars and roundtables.
Publications
May 13, 2025
Cravath Publishes Finance & Capital Markets Quarterly Review for Q1 2025
On May 12, 2025, Cravath published the latest edition of its Finance & Capital Markets Quarterly Review, which has been redesigned for the Q1 2025 edition to provide greater insight into practical points, key takeaways and relevant developments related to the bond, equity and loan markets and restructuring activity during the first quarter of 2025. Highlights from this edition include:
Publications
May 13, 2025
Cravath Publishes Quarterly Review on Q1 2025 Trends in M&A, Activism and Corporate Governance
On May 12, 2025, Cravath published the latest edition of its Quarterly Review, which has been redesigned for the Q1 2025 edition to provide greater insight into practical points, key takeaways and relevant developments across the M&A, activism, tax, regulatory and corporate governance landscape. This edition covers:
Activities
May 02, 2025
Cravath Partners Named to Lawdragon’s 2025 List of Leading Global Cyber Lawyers
On May 2, 2025, Cravath partners David J. Kappos, John D. Buretta, Noah Joshua Phillips, Sasha Rosenthal‑Larrea, Evan Norris, Michael L. Arnold and Kimberley S. Drexler were named to Lawdragon’s list of “500 Leading Global Cyber Lawyers” in recognition of their work advising clients on incident response and preparation, corporate governance and disclosure matters, investigations and regulatory enforcement, and transactional and competition matters related to data privacy and cybersecurity. The list recognizes “world leaders in privacy, data, security, incident response, and the deals and lawsuits that revolve around all things Cyber.”
Activities
May 01, 2025
Jelena McWilliams Speaks at George Mason University and the Financial Technology & Cybersecurity Center’s “The Great Debate: How to Modernize Financial Regulation and Create Economic Stability in a Digital Age” Program
On April 17, 2025, Cravath partner Jelena McWilliams participated in “The Great Debate: How to Modernize Financial Regulation and Create Economic Stability in a Digital Age,” a program hosted by George Mason University’s Center for Assurance Research and Engineering and the Financial Technology & Cybersecurity Center in Arlington, Virginia. The event convened experts for a discussion of what a financial regulatory structure equipped to deal with the realities of today’s financial services sector should look like. Jelena spoke on a panel entitled “Building a New Regulatory Model.”
Activities
March 28, 2025
Dave Kappos, Noah Phillips and Nick Dorsey Speak at Cornell Tech’s Board of Directors Forum
Cravath partners David J. Kappos, Noah Joshua Phillips and Nicholas A. Dorsey participated in Cornell Tech’s Board of Directors Forum, which was held from March 26‑27, 2025 in New York. The forum, designed for board members and senior leaders, convened business and legal practitioners, Cornell faculty, former senior government regulators and directors of private and public companies to discuss how corporate boards can stay ahead of developing technologies, regulatory trends and geopolitical shifts.
Publications
May 13, 2025
Cravath Publishes Finance & Capital Markets Quarterly Review for Q1 2025
On May 12, 2025, Cravath published the latest edition of its Finance & Capital Markets Quarterly Review, which has been redesigned for the Q1 2025 edition to provide greater insight into practical points, key takeaways and relevant developments related to the bond, equity and loan markets and restructuring activity during the first quarter of 2025. Highlights from this edition include:
Publications
May 13, 2025
Cravath Publishes Quarterly Review on Q1 2025 Trends in M&A, Activism and Corporate Governance
On May 12, 2025, Cravath published the latest edition of its Quarterly Review, which has been redesigned for the Q1 2025 edition to provide greater insight into practical points, key takeaways and relevant developments across the M&A, activism, tax, regulatory and corporate governance landscape. This edition covers:
Activities
May 02, 2025
Cravath Partners Named to Lawdragon’s 2025 List of Leading Global Cyber Lawyers
On May 2, 2025, Cravath partners David J. Kappos, John D. Buretta, Noah Joshua Phillips, Sasha Rosenthal‑Larrea, Evan Norris, Michael L. Arnold and Kimberley S. Drexler were named to Lawdragon’s list of “500 Leading Global Cyber Lawyers” in recognition of their work advising clients on incident response and preparation, corporate governance and disclosure matters, investigations and regulatory enforcement, and transactional and competition matters related to data privacy and cybersecurity. The list recognizes “world leaders in privacy, data, security, incident response, and the deals and lawsuits that revolve around all things Cyber.”
Activities
May 01, 2025
Jelena McWilliams Speaks at George Mason University and the Financial Technology & Cybersecurity Center’s “The Great Debate: How to Modernize Financial Regulation and Create Economic Stability in a Digital Age” Program
On April 17, 2025, Cravath partner Jelena McWilliams participated in “The Great Debate: How to Modernize Financial Regulation and Create Economic Stability in a Digital Age,” a program hosted by George Mason University’s Center for Assurance Research and Engineering and the Financial Technology & Cybersecurity Center in Arlington, Virginia. The event convened experts for a discussion of what a financial regulatory structure equipped to deal with the realities of today’s financial services sector should look like. Jelena spoke on a panel entitled “Building a New Regulatory Model.”
Activities
March 28, 2025
Dave Kappos, Noah Phillips and Nick Dorsey Speak at Cornell Tech’s Board of Directors Forum
Cravath partners David J. Kappos, Noah Joshua Phillips and Nicholas A. Dorsey participated in Cornell Tech’s Board of Directors Forum, which was held from March 26‑27, 2025 in New York. The forum, designed for board members and senior leaders, convened business and legal practitioners, Cornell faculty, former senior government regulators and directors of private and public companies to discuss how corporate boards can stay ahead of developing technologies, regulatory trends and geopolitical shifts.
Cravath Bicentennial
Celebrating 200 years of partnership. In 2019, we celebrated our bicentennial. Our history mirrors that of our nation. Integral to our story is our culture.
Attorney Advertising. ©2025 Cravath, Swaine & Moore LLP.