The stakes have never been higher in cybersecurity and privacy. The recent attacks against our country’s energy and food supply, along with the growing landscape of privacy laws, provide just the latest examples of why it is imperative for organizations to address cybersecurity and privacy realities. Fortunately, Maynard Cooper’s nationally recognized Cybersecurity and Privacy Practice offers comprehensive, custom solutions to address this pressing need. Leveraging experienced attorneys and technology professionals, Maynard Cooper's Cybersecurity and Privacy team provides not only the legal proficiency and technical expertise our clients expect, but an unmatched practical business sense.

Our Team

Get to know the Maynard Cooper Cybersecurity & Privacy team: approachable leaders who simplify the complex.

“We look at issues practically and strategically. What does the law require? What risks do we need to manage and mitigate? What are the critical business considerations? We then focus on delivering practical solutions that are aligned with this backdrop, framing the issues in the optimal way for both internal and external audiences.”
- J.T. Malatesta, Practice Group Chair

“Regardless of the situation in which we’re interfacing with our clients, we want them to feel like we’re on the same team working towards a common goal. They should see us like a favorite co-worker who happens to have a different email domain, not a faceless service provider.”
- Starr Drum, Shareholder - Privacy

"We are in the business of crisis prevention as well as crisis management – we strive to help our clients prevent fires from breaking out, but if they do, we’ll put them out. When you hire us, you don’t get lawyers sitting behind desks – you get strategic partners who are extensions of your team.”
- Sarah Glover, Shareholder - Cybersecurity

Our Services

Cybersecurity & Privacy Compliance

Regardless of industry or business model, every company should have measures in place to guide the protection and use of personal information in order to reduce risk and enhance marketability. Some of the projects we support include:

  • Corporate governance management and resource allocation
  • Data inventory and mapping
  • Privacy and security policies and procedures
  • Incident Response Plan development
  • Privacy by design product counsel
  • Vendor and other third-party risk management
  • Cross-border transfer arrangements
  • Privacy and cybersecurity training
  • Organizational security protocols
  • Tabletop exercises
  • DSAR response procedures
  • Marketing/digital advertising and data sale/purchase compliance

Breach Response

Maynard Cooper’s on-call breach response team has managed hundreds of incidents, spanning ransomware, BEC, fraudulent wire transfers, insider threats, and application vulnerabilities.

Businesses large and small face a patchwork of international, federal, and state laws and regulations, industry-specific guidelines, and common law theories of liability in the cybersecurity arena. Our breach response team counsels clients on the potential liabilities stemming from these sources and is prepared to navigate clients through incident response, internal investigations, regulatory inquiries, data breach notification laws, and civil litigation.

A timely, coordinated, and effective investigation is critical toward mitigating legal and financial exposure in the event of a data breach. Our team of experienced lawyers and technologists understand what must be done in the immediate aftermath of an incident to deliver an efficient response that complies with our clients’ regulatory landscape and in a manner that maximizes the protection of the attorney-client privilege over the investigation.

Maynard’s Cybersecurity and Privacy Practice serves as approved panel counsel for multiple global and national insurance carriers, including:

  • AIG
  • AXA XL
  • AXIS
  • Beazley
  • Chubb
  • Coalition
  • Zurich

Privacy Litigation & Regulatory Investigations

Our team works tirelessly with clients to prepare them for regulatory inquiries and protect them from shortcomings in their cybersecurity and privacy programs. However, when investigations and litigation arise, Maynard Cooper has the expertise and depth to meet your needs.

Our multi-disciplinary, experienced class action and trial teams stand ready to handle data breach and privacy cases that may be filed following a compromise of personal information. Almost all of these cases are filed as class actions, and Maynard Cooper’s nationally-recognized Class Action Practice has a wealth of experience successfully defending clients in numerous federal and state courts across the country. In addition, our Cybersecurity and Privacy team has handled hundreds of matters before:

  • State attorneys general
  • FTC
  • OCR
  • International data protection authorities

Our team also defends causes of action arising from statutory violations of privacy and cybersecurity laws including:

  • BIPA
  • CCPA
  • FERPA
  • GLBA
  • HIPPA
  • TCPA

Transaction & Risk Advisory Services

Maynard Cooper’s Cybersecurity and Privacy team supports clients through the intricate process of acquisitions and investments.

  • Partnering with M&A counsel and technical diligence teams to conduct privacy and security legal diligence
  • Developing comprehensive diligence memorandum with investment risk rating
  • Negotiating privacy and security terms of purchase agreement
  • Supporting R&W insurance diligence and underwriting

We help clients maximize the value of existing investments through Privileged Risk Assessments. Confidential and privileged risk assessment engagements include:

  • Assessment of operational, legal, and compliance risk factors
  • Benchmarking a company’s program against industry standards, regulatory requirements, and best practices
  • Offering observations on the company’s information security and privacy practices
  • Providing insight into legal, compliance, and operational risks
  • Providing guidance and recommendations to remediate any identified risks and mature the company’s information security and privacy compliance programs

Through a comprehensive risk assessment process, our team examines key privacy and security domains aligned with due diligence considerations. From corporate governance to cross-border data transfers to network security and more, our guidance and recommendations remediate identified risks and mature the company’s information security and privacy compliance programs.


“The privacy group at Maynard has helped us develop and mature a privacy program custom to our business through becoming intimately involved with the underlying aspects of our industry and specific business practices, all at a reasonable price. They have become a trusted and vital partner of both our privacy and cybersecurity departments due to their competent practical legal advice, hands-on approach and willingness to pick up the phone whenever called upon. I am hesitant to promote the practice for fear that the “secret” will get out as their firm seamlessly works with internal partners as if they are one of our own.”

-Blaine Doerrfeld, SVP, Senior Counsel, Athene


“Maynard’s expertise and command of the Cybersecurity and Privacy subject matter is unrivaled. They maintain an extensive network of industry professionals.”

-Darrell Jenkins, VP & CISO, Clayton Technology

Attorneys and Other Professionals in Cybersecurity & Privacy

Cybersecurity & Privacy News
Thursday, September 9, 2021

The Four Ps of Privacy

Privacy law is growing and evolving at a rapid pace. It can be overwhelming even for practitioners specializing in privacy. To help practitioners and organizations identify which privacy laws apply, Starr Drum, Shareholder, CIPM, CIPP/E, FIP, has established an alliterative privacy issue-spotting mechanism: “the four Ps of privacy.” Read Starr’s...

Read More
Wednesday, July 14, 2021

Three’s Company: Colorado Becomes Third U.S. State to Enact Comprehensive Privacy Law

On July 8, 2021, Governor Jared Polis signed into law the Colorado Privacy Act (“ColoPA”). Colorado is now the third U.S. state to enact a comprehensive privacy law, following the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act (“CPRA”), and Virginia’s Consumer Data Protection Act (“VCDPA”). The new...

Read More
Tuesday, June 15, 2021

European Commission Implements Updated Standard Contractual Clauses for Cross-Border Transfers and New Standard Contractual Clauses for Controller and Processor Relationships - Part II of II: Controller-Processor SCCs

On June 4, 2021 the European Commission (“Commission”) implemented two sets of standard contractual clauses (“SCCs”). One set, which we covered on June 7th in Part I, governs cross-border transfers of personal data and seeks to align the SCCs with the requirements of the European Union’s (“EU”) General Data Protection...

Read More