It was the scandal of the summer: AshleyMadison.com, the dating and social networking service that markets itself to would-be cheaters, was cyberattacked, and the names and contact information of purported members—including celebrities, congressional staffers and evangelists—were revealed online. Soon after, plaintiffs lawyers lodged class action litigation on behalf of website users.
The chain of events—a high-profile data hack, followed by proposed consumer class actions—was a familiar one. Prior data breaches at big-name companies, including 2013′s Target Corp. hack and the hack at Home Depot Inc. in 2014, spurred similar lawsuits.
Lawyers on both sides of the privacy and data security bar expect that large-scale breaches, along with companies’ more granular handling of personal information, will provide fodder for an expanding wave of future litigation. That’s true, they say, even as the heightened publicity of some attacks hasn’t yet translated into a larger number of suits or more successful results for plaintiffs in class actions.
(See related article on the fact that one-third of in-house lawyers say their companies have been the victims of data breaches.)
Judging by the submissions for this year’s Litigation Department of the Year competition, the world of Big Law is taking notice. Of the six firms recognized as general category finalists or winners, three—Orrick, Herrington & Sutcliffe, Kirkland & Ellis and Gibson, Dunn & Crutcher—highlighted their defense work on at least one data privacy or cyberbreach case in submissions to The American Lawyer. Another finalist, Quinn Emanuel Urquhart & Sullivan, noted the area as one of its growing practices, touting its January 2015 hire of partner Jenny Durkan, a former U.S. attorney who now heads the firm’s cyberlaw and privacy group.
Eugene Assaf, a litigation partner at Kirkland & Ellis, says his firm is among those that view data privacy and security work as a priority. Kirkland, Assaf says, is among a group of firms that have sought to add expert cybersecurity and data privacy lawyers to teams that guide a company through “enterprise risk” situations—high-profile scandals that often lead to government investigations and private litigation. “Firms are leveraging resources from their investigation and enforcement practices, their board governance practices and their litigation practices,” he says. In the context of data breaches, he adds, firms like his also try to distinguish themselves by offering “important support from lawyers with national security expertise.”