Winston & Strawn address the full spectrum of clients’ privacy and data security challenges

The global law firm of Winston & Strawn announced the formation of a new, fully integrated Global Privacy & Data Security practice.

Sheryl Falk, Steve Grimes, and Alessandra Swanson will lead a cross-disciplinary and international team with a deep bench of experience in privacy and data security issues that span employment, health care, trade secrets, breach counseling, litigation, consumer, emerging technologies, private equity and mergers and acquisitions.

“In today’s increasingly complex regulatory environment, nearly every business entity we serve has serious concerns about compliance in how they protect their valuable data,” said Falk.

“The almost-universal remote work environment caused by the COVID-19 pandemic has added to the challenge of providing access to information while ensuring systems are not vulnerable, and abiding by privacy and data security laws.”

The new practice is the culmination of Winston’s Global Privacy & Data Security Task Force, formed in 2017, which effectively established a suite of capabilities to serve clients across a wide range of regions and industries. Now, the team of more than 75 attorneys in 13 offices across the world can work together seamlessly to address the full spectrum of clients’ privacy and data security challenges, including:

• Privacy counseling and compliance program building
• Regulated Personal Information
• Privacy and data security litigation
• Internal forensic investigations and cybersecurity incident response
• Theft of confidential information and trade secrets
• Breach notification, response and regulatory defense
• Technology outsourcing
• Private equity and mergers and acquisitions
• Health care privacy and security
• Financial privacy
• Employee privacy
• Emerging technology
• E-commerce and consumer interaction
• Marketing and online advertising
• International trade, export controls, and sanctions

“What sets this practice apart is not only the scope and breadth of experience—our team members regularly advise the world’s largest companies on their most complex and highly sensitive data issues—but also the strategic manner in which we provide counsel,” said Swanson.

“By combining a pragmatic business approach with technical forensic expertise, we can translate the legal and regulatory expectations into specific business decisions and actions.”

“As companies evolve and grow, they need to consider the cross-border implications of how they collect, use and protect their data, given rapidly evolving U.S. and international privacy laws,” added Grimes.

“Our international team is poised to advise clients around the world on trade secret protection and investigations, cyber-investigations and data security class action litigation, and international data protection.”

Sheryl Falk draws on her deep expertise in privacy, data security, and forensic technology, as well as her strong litigation background as a former federal prosecutor, to handle complicated privacy and data protection issues.

Sheryl concentrates her practice on privacy and data security counseling and diligence, providing strategic advice to mitigate privacy and data security risk in emerging technology, investigating trade secret theft, leading data security incident response, and handling privacy and trade secret litigation.

Steve Grimes is a former federal prosecutor, an experienced trial lawyer, and a former chief compliance officer and senior litigation counsel for a global, publicly traded Fortune 500 company whose practice focuses on compliance counseling, sensitive internal investigations, and complex litigation.

Steve works with companies across many industries to investigate highly sensitive and urgent issues related to trade secret theft, technology and security breaches, employee misconduct, conflicts of interest, financial fraud, and potential violations of anti-bribery and other laws.

Alessandra Swanson is a former federal privacy regulator and leverages her unique experience to help clients understand their regulatory and compliance obligations regarding the use, disclosure, and protection of personal information.

She focuses her practice in the areas of Regulated Personal Information, privacy and data security counseling, security breach response and regulatory defense, marketing and data ownership issues, corporate advisory services and outsourcing, and large-scale commercial contracting.