监管执法和民事诉讼

When organizations face claims of privacy violations and/or cybersecurity failures, skilled legal representation is essential. Ropes & Gray’s privacy & cybersecurity enforcement team has the knowledge and experience to master quickly the relevant facts and develop an effective defense strategy.


Experience

From very early on as cybersecurity incidents began to make an impact on global commerce, Ropes & Gray’s attorneys have been developing their extensive experience in privacy and cybersecurity regulatory enforcement and civil litigation, including in some of the highest profile cybersecurity incidents with hundreds of millions of dollars as stake. These representations have been on behalf of clients throughout the United States; we have defended clients in the courts of Arizona, California, Delaware, Florida, Georgia, Illinois, Indiana, Massachusetts, Minnesota, Missouri, New Hampshire, New Jersey, New York, Ohio, Tennessee, and Texas, and before the First, Third, Fifth, Sixth, Eighth, and Eleventh Circuits; before the FTC, Office of Civil Rights, and virtually every Attorney General’s office and many state officials; and in regard to non-U.S. regulatory investigations in Australia, Brazil, Canada, Hong Kong, Ireland, Japan, and the United Kingdom. Our most substantial representations of this sort include:

  • LabMD in its petition to the U.S. Court of Appeals for review of the first FTC decision holding a company liable for allegedly having unreasonable data security practices that violate Section 5 of the FTC Act.
  • A multinational advertising and public relations company in class action litigation and regulatory investigations related to an alleged “workaround” by which third-party cookies could be set on browsers that had been configured to deny such cookies.
  • Supervalu Inc. in defending and responding to all litigation claims and regulatory inquiries stemming from cybersecurity incidents announced in 2014.
  • Multiple clients in diverse industries in defending against payment card brand claims seeking to impose fines and issuing bank reimbursement assessments arising from cybersecurity incidents involving payment card data. Such clients include TJX, Hannaford Brothers, Heartland, Wyndham Hotels, Target, Neiman Marcus, Aldo, Hilton, Landry’s, Destination Hotels, Sally Beauty, Supervalu, Home Depot, and Arby’s.
  • Arby’s Restaurant Group as lead counsel in defending against all third-party claims, including the pending issuer and consumer class actions, arising from a cyber incident announced in February 2017.