Orrick Herrington & Sutcliffe is expanding its cyber and data privacy litigation and regulatory enforcement practice to London with the addition of a pair of PricewaterhouseCoopers lawyers.
Keily Blair and James Lloyd are joining the firm as partners in its cyber & privacy litigation and enforcement practice.
“They are two of only a handful of UK based lawyers who are really focusing on the contentious side of privacy and cyber security,” said Doug Meal, head of Orrick’s cyber and privacy litigation & enforcement practice.
Meal joined Orrick last January along with several of his Ropes & Gray colleagues to launch Orrick’s Boston office.
Blair led PwC’s contentious data protection strategy where she spearheaded the response to investigations by the U.K.’s Information Commissioner’s Office, the Irish Data Protection Commission, the U.S. Department of Justice and the Federal Bureau of Investigations, among others. She also managed several contentious matters, including a multi-jurisdictional investigation into a post-GDPR data breach and associated litigation.
Blair began her legal practice over a decade ago at Allen & Overy. In 2010, she jumped to Morrison & Foerster where she teamed up with Lloyd, who joined the firm in 2008, before she left for PwC to become its director of regulatory and commercial disputes in 2017. Lloyd joined PwC in early 2019 as a senior manager.
The addition of the PwC pair was the result of perfect timing, Meal said. After Meal and his team joined Orrick in early 2019, the plan was to launch a practice in the European Union and the U.K.
At the same time there were developments within Europe and the U.K. that signaled that they could be on the leading edge of data and privacy enforcement and regulatory investigation work in the U.K., he said. Meal pointed to the pending decisions by the U.K.'s Information Commissioner’s Office on possible fines on Marriott and British Airways pertaining to data breaches as well as case law within the U.K. that could create a viable class action vehicle for data security breaches.
“All those things right now make this the perfect time for this practice area to really explode,” Blair said.
Her goal is to create a global destination practice for privacy and cyber litigation, not just in the U.S., but in Europe.
“I want non-Orrick clients to come to Orrick because of the practice we create,” she said.
With their new lawyers, according to Meal, the Orrick cyber and data privacy team globally has the ability to take on enforcement work that they predict will become a significant part of the market in the coming years.
He said Orrick represents major cybersecurity insurers and security firms in the U.S. that are in the process of building significant capacity in the U.K. and EU.
Orrick plans on growing the advisory side of its cyber and data security practice in London, Meal said.
But the expectation is that the cyber and data privacy team in London will become one of the premier U.K. practices and will eventually expand into France, Italy, and Germany where Orrick already has offices, Meal said, also noting the firm is looking to build eventually in Asia.
“We really see it as an important stepping stone towards achieving this global strategy,” Meal said.