Overview
Overview
O’Hagan Meyer’s Data Privacy & Cybersecurity team helps organizations prevent, manage, and resolve cyber incidents and privacy risks with practical counseling, coordinated response, and experienced defense in investigations and litigation nationwide.
Our lawyers advise companies across industries on building and maintaining effective privacy and security programs tailored to their operations. We conduct early risk assessments, identify vulnerabilities, and develop policies, procedures, and governance frameworks designed to mitigate risk and ensure compliance. This includes data mapping and classification, vendor and third-party risk management, and comprehensive employee training and awareness programs. We also assist clients in preparing incident response plans and conducting cybersecurity simulations and tabletop exercises to test readiness and improve real-time response capabilities.
We guide clients on compliance with federal and state laws and consumer protection statutes, including:
- Fair Credit Reporting Act (FCRA)
- Gramm-Leach-Bliley Act (GLBA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Health Information Technology for Economic and Clinical Health Act (HITECH)
- Fair and Accurate Credit Transactions Act (FACTA)
- CAN-SPAM Act, Telephone Consumer Protection Act (TCPA)
- Children’s Online Privacy Protection Act (COPPA)
- Electronic Communications Privacy Act (ECPA)
- Stored Communications Act (SCA)
- Section 5 of the Federal Trade Commission Act
We also advise on applicable international privacy frameworks, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and European Union data protection directives and related requirements.
When an incident occurs, we respond swiftly and decisively. O’Hagan Meyer serves as breach counsel and first responder, operating a 24/7 cyber hotline and leading coordinated response efforts from initial detection through containment and recovery. We perform early incident assessments to determine scope, legal obligations, and potential exposure, and we guide clients through all phases of crisis management.
We assemble and direct multidisciplinary teams that include forensic IT specialists, crisis management and public relations professionals, forensic accountants, and notification and credit monitoring providers. We guide clients through containment, investigation, and remediation—assessing the scope of the incident, determining notification and post-incident obligations, and managing communications with affected individuals, regulators, and other stakeholders. Following an incident, we conduct post-breach assessments, develop corrective action plans, and advise on improvements to reduce future risk and strengthen operational resilience.
Our experience spans ransomware attacks, network intrusions, business email compromise, fraudulent funds transfers, and inadvertent disclosures, with a focus on minimizing disruption and enabling business continuity.
Cyber incidents frequently lead to regulatory scrutiny and litigation. We represent clients in investigations and enforcement actions involving state attorneys general and federal agencies, including the Federal Trade Commission (FTC), Department of Health and Human Services (HHS), Office for Civil Rights (OCR), and Federal Deposit Insurance Corporation (FDIC). Our team defends class actions and commercial litigation arising from data breaches, privacy violations, biometric privacy claims, and data tracking practices in state and federal courts nationwide, as well as in arbitration and mediation.
O’Hagan Meyer also serves as incident response coordination and monitoring counsel for domestic and London-based cyber insurers and their policyholders. We manage claim intake and triage, assemble response teams in real time, advise on coverage-related issues, and resolve coverage disputes through mediation, arbitration, and litigation.
Throughout the incident lifecycle—before, during, and after an event—we deliver clear, practical guidance that helps clients move efficiently from incident to resolution.