Quinn emanuel trial lawyers

Cyber Security & Data Protection

IntroductionSign up for firm Publications  Print

Threats to your cyber security can create significant operational and legal problems. They require an aggressive, fast-paced, multi-disciplinary plan to control and even prevent potential damage. Quinn Emanuel can work with you to design such a plan—one you can activate immediately in the event of a breach. We can work with you to update your current strategy or rapidly design and implement an entirely new plan if you do not already have one in place. We have successfully represented numerous companies faced with data security breaches. Our clients cut across a broad spectrum of industries, including insurance, health, financial, entertainment, employment, and other kinds of confidential personal information.

We can quickly activate an experienced team that will address all aspects of the matter that are likely to arise, including regulatory, state, and federal government investigations, class actions, and public relations. We have nationally recognized experts in each of these fields who can help your company navigate the thicket of issues that accompany a data security incident. We have eight offices in the U.S. and ten more located in Europe, Asia, and Australia. Thus, we have the resources in place, poised to act on a moment’s notice, no matter when or where the incident occurs. Our team is led by the former chair of the United States Attorney General’s Advisory Committee on Cybercrime and IP Enforcement, who also served as a member of the Cyber Advisory Committee for the Department of Justice.

As soon as a security breach becomes public or customers receive notice, multiple class actions are filed and continue to be filed over the succeeding weeks and even months. These suits are now commonly filed within hours of an event being public. Such suits are fairing better in courts. In addition, a wide array of regulators commence their own investigations. Quinn Emanuel’s experience with these cases, and its preceding reputation as a litigation powerhouse, gives our clients an edge in disposing of these cases as quickly as possible.

Almost no company is free of risk. Any company that stores private consumer or employee information can be a target of a security breach. Preventive care is important, both for corporate diligence and board and management peace of mind. We offer a Readiness Audit, which will assess the strength of your company’s data security, its preparedness in the event of an attack, and help to design a plan to bolster areas that are not sufficiently robust.

Back to Top

Recent Representations Print

  • Confidential consultations with industry leaders on preparing for or responding to a breach incident.
  • We are representing one of the world’s largest banks in connection with a highly publicized data breach caused by a rogue employee.  Within days of the breach, we worked directly with the client to conduct a thorough investigation into the cause and extent of the data breach.  We also assisted the client with devising a strategy to address customer concerns.  Simultaneously,  we managed the bank’s responses to both federal and state regulators (including the SEC Compliance Branch, the SEC Enforcement Branch, the FBI, the FTC, the CFTC, the FDIC, FINRA, the Federal Reserve, and numerous state regulators from across the United States) and foreign financial regulators (from Australia, Singapore, Japan, and all across Europe).  We ensured that all regulatory responses were consistent and complete, minimizing the potential for formal investigations.
  • We advised leading U.S. computer company in a matter involving leakage of highly confidential information (including information about the client’s new products and marketing strategy) through the hacking of an email account of the client’s partner in Russia. The complications included suspicions that the information was passed to the client’s European competitor. We handled internal investigation into activities of the client’s Russian partner as well as its former and current employees, interviews with the suspects, criminal investigations in Russia and Europe, and cooperation with the outside U.S. forensic experts.

  • We obtained a complete victory for IBM, who had been named as a defendant in a series of state and federal class actions arising out of the loss of nine data tapes belong to IBM’s client, Health Net, Inc.  Plaintiffs sought  $2 billion in alleged damages.  After the cases were consolidated in the Eastern District of California, Quinn Emanuel filed a motion to dismiss  on standing grounds, which the Court granted.  During the months that the motion was pending, Quinn Emanuel also managed to stave off discovery by demonstrating to the Judge that they had a robust motion to dismiss and that causing IBM to engage in discovery before the motion was decided would be a miscarriage of justice.
  • We successfully represented data aggregator Choicepoint in numerous data privacy theft cases and obtained dismissal of all claims.
  • We obtained summary judgment in California state court for a major wireless telecommunications company  arising out of alleged disclosure of confidential consumer information.   The matter involved allegations of negligence and breach of privacy arising from allegedly divulging private consumer information to third parties.  The decision was upheld by the California Court of Appeal.
  • In a highly confidential matter, we represent a multinational corporation with respect to illegal hacking into their computer systems.
  • We adviseda major hospitality company regarding regulatory and other potential claims regarding a data breach.
  • We represent a major entertainment industry client with represent to the issues arising from the well-publicized hack of Sony Corporation.
  • We are overseeing a data breach matter for a multinational entertainment company including 50 state law compliance with notification rules, counseling reactions against the hacker(s), potential class action cases, notification to litigants and courts where documents subject to “lit hold” notices are compromised, etc.
  • For a government client we have advised on implementing a suite of data privacy and information security regulations across a truly diverse facility base.  For the same client, we are assessing what new procedures/protections should be put into place to avoid future data breaches.

  • We are intervening for Lycos, Inc. and Wired News in a case brought by the Electronic Frontier Foundation against AT&T for giving the NSA access to its fiber-optic telecommunications system.  EFF’s claims involve breach of privacy allegations; they have filed multiple documents under seal that were given to them by a former AT&T employee.  Wired News has obtained and published some of the sealed documents and is seeking to unseal the rest of them.
  • We won dismissal of a SDNY case against our client Harley-Davidson. The claims arose from loss of a computer with personal information of Harley-Davidson motorcycle owners.

  • We won summary judgment for Home Depot in a class action in the Southern District of California alleging violation of a credit card privacy statute.
  • We represent comScore, Inc., in a data privacy class action in the Northern District of Illinois.  The plaintiffs assert that comScore, a company that measures consumers’ online behavior, obtained information about their Internet usage and other personal information without adequate consent.
  • We were involved in a series of high-profile investigations by the U.S. and other governments into marketing practices and payments made to healthcare providers, including products such as Trileptal and TOBI, but also allegations on antitrust, data privacy, and other compliance-related issues in many jurisdictions. We set up a system ensuring compliance with relevant data privacy laws in the respective jurisdiction; in addition, we assisted in setting up a mechanism through which relevant personal data could be shared between the U.S. and Europe.
  • We represent Primary Group, a UK insurance group, in proceedings against the Royal Bank of Scotland alleging misuse of confidential information.  Primary banked with RBS; RBS also had an insurance business that competed with Primary.  Primary contends that RBS provided its confidential business information to the RBS insurance business improperly and in breach of explicit assurances that it would not do so.  The case will be tried in London in 2014.
  • One of our partners represented the German company Merz Pharmaceuticals in a U.S. pharmaceutical litigation concerning its Alzheimer’s disease treatment Namenda®.  Document discovery in that case implicated both the German Data Protection Act as well as HIPAA in the U.S. To comply with the law, all documents containing patient and personal employee data were hosted and reviewed in the EU with protected data being redacted before the documents could be brought into the U.S. for production.
  • One of our attorneys advised an internet content provider on consumer privacy policies.
  • One of our attorneys advised an international confectionery manufacturer with regard to compliance related data privacy issues in the context of internal investigations (including on limitations to access/search German employees’ e-mail accounts).
  • We represented DIRECTV in a class action matter alleging violations of the Electronic Communications Privacy Act (“ECPA”).  We obtained a decision from the Ninth Circuit Court of Appeal affirming the dismissal of the complaint.  In a case of first impression, the Court concluded that the ECPA did not permit liability for aiding and abetting or conspiracy to violate Section 2702 of the Act.

  • We obtained a $2.3 million judgment after a unanimous jury verdict finding 103 violations of the DMCA, Electronic Communications Privacy Act, and Federal Communications Act arising from defendant’s distribution of illegal signal theft devices designed to steal DIRECTV’s satellite programming.

Back to Top