The stakes have never been higher in cybersecurity and privacy. The recent attacks against our country’s energy and food supply, along with the growing landscape of privacy laws, provide just the latest examples of why it is imperative for organizations to address cybersecurity and privacy realities. Fortunately, Maynard Nexsen’s nationally recognized Cybersecurity & Privacy Practice offers comprehensive, custom solutions to address this pressing need. Leveraging experienced attorneys and technology professionals, Maynard Nexsen’s Cybersecurity & Privacy team provides not only the legal proficiency and technical expertise our clients expect, but an unmatched practical business sense.

Our Team

Get to know the Maynard Nexsen Cybersecurity & Privacy team: approachable leaders who simplify the complex.

“We look at issues practically and strategically. What does the law require? What risks do we need to manage and mitigate? What are the critical business considerations? We then focus on delivering practical solutions that are aligned with this backdrop, framing the issues in the optimal way for both internal and external audiences.”
- J.T. Malatesta, Practice Group Chair

“Regardless of the situation in which we’re interfacing with our clients, we want them to feel like we’re on the same team working towards a common goal. They should see us like a favorite co-worker who happens to have a different email domain, not a faceless service provider.”
- Starr Drum, Shareholder - Privacy

"We are in the business of crisis prevention as well as crisis management – we strive to help our clients prevent fires from breaking out, but if they do, we’ll put them out. When you hire us, you don’t get lawyers sitting behind desks – you get strategic partners who are extensions of your team.”
- Sarah Glover, Shareholder - Cybersecurity

"Responsiveness and thoughtfulness are critical components of our practice. Whether responding to a simple question, or leading the response to a potentially catastrophic incident, we are always available to provide answers and solutions carefully tailored to the client and situation at hand.”
- Adam Griffin, Shareholder - Cybersecurity

Our Services

Cybersecurity & Privacy Compliance

Regardless of industry or business model, every company should have measures in place to guide the protection and use of personal information in order to reduce risk and enhance marketability. Some of the projects we support include:

  • Corporate governance management and resource allocation
  • Data inventory and mapping
  • Privacy and security policies and procedures
  • Incident Response Plan development
  • Privacy by design product counsel
  • Vendor and other third-party risk management
  • Cross-border transfer arrangements
  • Privacy and cybersecurity training
  • Organizational security protocols
  • Tabletop exercises
  • DSAR response procedures
  • Marketing/digital advertising and data sale/purchase compliance

Breach Response

Maynard Nexsen’s on-call breach response team has managed hundreds of incidents, spanning ransomware, BEC, fraudulent wire transfers, insider threats, and application vulnerabilities.

Businesses large and small face a patchwork of international, federal, and state laws and regulations, industry-specific guidelines, and common law theories of liability in the cybersecurity arena. Our breach response team counsels clients on the potential liabilities stemming from these sources and is prepared to navigate clients through incident response, internal investigations, regulatory inquiries, data breach notification laws, and civil litigation.

A timely, coordinated, and effective investigation is critical toward mitigating legal and financial exposure in the event of a data breach. Our team of experienced lawyers and technologists understand what must be done in the immediate aftermath of an incident to deliver an efficient response that complies with our clients’ regulatory landscape and in a manner that maximizes the protection of the attorney-client privilege over the investigation.

Maynard Nexsen’s Cybersecurity & Privacy Practice serves as approved counsel for multiple global and national insurance carriers, including:

  • AIG
  • AXA XL
  • AXIS
  • Beazley (InfoSec and MediaTech policies)
  • Chubb
  • Coalition
  • Zurich

Privacy Litigation & Regulatory Investigations

Our team works tirelessly with clients to prepare them for regulatory inquiries and protect them from shortcomings in their cybersecurity and privacy programs. However, when investigations and litigation arise, Maynard Nexsen has the expertise and depth to meet those needs.

Our multi-disciplinary, experienced class action and trial teams stand ready to handle data breach and privacy cases that may be filed following a compromise of personal information. Almost all of these cases are filed as class actions, and Maynard Nexsen’s nationally-recognized Class Action Practice has a wealth of experience successfully defending clients in numerous federal and state courts across the country. In addition, our Cybersecurity & Privacy team has handled hundreds of matters before:

  • State attorneys general
  • FTC
  • OCR
  • International data protection authorities

Our team also defends causes of action arising from statutory violations of privacy and cybersecurity laws including:

  • BIPA
  • CCPA
  • GLBA
  • TCPA

Transaction & Risk Advisory Services

Maynard Nexsen’s Cybersecurity & Privacy team supports clients through the intricate process of acquisitions and investments.

  • Partnering with M&A counsel and technical diligence teams to conduct privacy and security legal diligence
  • Developing comprehensive diligence memorandum with investment risk rating
  • Negotiating privacy and security terms of purchase agreement
  • Supporting R&W insurance diligence and underwriting

We help clients maximize the value of existing investments through Privileged Risk Assessments. Confidential and privileged risk assessment engagements include:

  • Assessment of operational, legal, and compliance risk factors
  • Benchmarking a company’s program against industry standards, regulatory requirements, and best practices
  • Offering observations on the company’s information security and privacy practices
  • Providing insight into legal, compliance, and operational risks
  • Providing guidance and recommendations to remediate any identified risks and mature the company’s information security and privacy compliance programs

Through a comprehensive risk assessment process, our team examines key privacy and security domains aligned with due diligence considerations. From corporate governance to cross-border data transfers to network security and more, our guidance and recommendations remediate identified risks and mature the company’s information security and privacy compliance programs.

“The privacy group at Maynard Nexsen has helped us develop and mature a privacy program custom to our business through becoming intimately involved with the underlying aspects of our industry and specific business practices, all at a reasonable price. They have become a trusted and vital partner of both our privacy and cybersecurity departments due to their competent practical legal advice, hands-on approach and willingness to pick up the phone whenever called upon. I am hesitant to promote the practice for fear that the “secret” will get out as their firm seamlessly works with internal partners as if they are one of our own.”

-Blaine Doerrfeld, SVP, Senior Counsel, Athene

“Maynard Nexsen’s expertise and command of the Cybersecurity and Privacy subject matter is unrivaled. They maintain an extensive network of industry professionals.”

-Darrell Jenkins, VP & CISO, Clayton Technology



Jump to Page