Views on New Law Firm Models for Providing Cybersecurity Legal Services From Harriet Pearson, Partner, Head of Cybersecurity Practice, Hogan Lovells

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

Hogan Lovells recently launched a Cyber Risk Services business unit that it said would “provide clients with cybersecurity program development, risk management, incident preparedness, breach response and investigations counsel, regulatory enforcement, litigation, and crisis management assistance” in one place.

Bloomberg BNA Privacy & Data Security News Managing Editor Donald G. Aplin posed a series of questions to Harriet Pearson, partner in Washington and head of the firm’s multi-disciplinary cybersecurity practice, about the firm's move and what it means for the business of cybersecurity law.

Bloomberg BNA:

So why launch the Hogan Lovells Cyber Risk Services business unit now?

Harriet Pearson:

Protecting against cyber incidents is a growing technical, managerial, and legal challenge for companies and public institutions. Because changes in technology and regulation are taking place so quickly, measures that a few years ago would be been considered reasonable today may no longer meet regulator, customer and investor expectations. And public disclosure of a cybersecurity breach at a company is often quickly followed by government investigations, congressional attention, stakeholder inquiries, consumer class actions and shareholder suits, particularly in the U.S. To say that it’s a complex landscape is an understatement.

In this environment we formed Cyber Risk Services because whether it’s in prevention, planning, or responding to incidents, clients tell us that our holistic approach—using technical, risk management, and crisis communications skills to support our legal services—is incredibly valuable. We have formalized and are expanding our offering because of client demand and also to ensure we continue to attract and retain the very best people to do this work.

Bloomberg BNA:

What kinds of things will the recently-formed unit be able to provide, or better provide, than what the firm was already covering?

Pearson:

By formalizing and expanding the team who work in conjunction with our lawyers, we’re able to offer clients comprehensive support to see them through every phase of a cybersecurity matter.

Working side-by-side, the team will provide clients with cybersecurity program development, risk management, incident preparedness, breach response and investigations counsel, regulatory enforcement, litigation, and crisis management assistance.

Bloomberg BNA:

Hogan Lovells has been a privacy and data security leader for a long time but is certainly facing more players trying to enter the space. Did that influence the rebranding and expansion of services for the firm?

Pearson:

In 2012, when I decided to leave IBM (where I was security counsel and chief privacy officer) and join a law firm, Hogan Lovells was an easy choice given the firm’s already-leading privacy and information management practice. Christopher Wolf and Marcy Wilder have built an incredible team of lawyers here and when Eduardo Ustaran and his team joined us in London we became even stronger in Europe.

Yes we are reacting to client demand, but we also see significant need ahead for technically-savvy cyber legal services.

When you have that kind of a leading-edge view, you can use it to look around corners for clients. That is what the launch of our new cybersecurity services is all about. Yes we are reacting to client demand, but we also see significant need ahead for technically-savvy cyber legal services.

Bloomberg BNA:

Is it accurate to say that the move is aiming to position the firm as a kind of one-stop-shop for cybersecurity planning, compliance, training and incident response?

Pearson:

Yes, absolutely. Our clients receive integrated services that reflect legal, technical and management counsel, creating a seamless experience.

Our end-to-end service has been crafted to provide what clients tell us they need: assessing threats; preparing for incidents; responding in the first hours or days of an incident; engaging with appropriate regulators or government officials; and defending against government investigations, enforcement actions and private party civil litigation.

Bloomberg BNA:

Do you see expanding big law business opportunities for moving to this integrated-holistic approach?

Pearson:

Whether for law firms or other types of services business, the best opportunities come from being a leader in helping clients solve their toughest problems.

As a former client I would certainly look twice or more at a law firm that could help me to address issues that cut across jurisdictions and disciplines.

Bloomberg BNA:

Can you tell us a little about how you ended up working as an attorney on privacy/data security/cybersecurity issues?

Pearson:

By accident. More seriously, I started exploring privacy law and policy in the mid 1990s when the Web was first coming of age as a platform for commerce. My work led to IBM’s appointing me as one of the first chief privacy officers business in the year 2000. In the mid-2000s, I started counseling my internal clients on data security and cybersecurity, just as those issues started their meteoric rise on corporate risk agendas.

I had several opportunities to broaden my focus into other business disciplines, but I have kept returning to the law, and specifically to these issues, because I can think of nothing else more important for a business—and society—to get right. The stakes are so high— whether it is from the perspective of national security, economic progress, or respect for individual rights. And lawyers play a vital role. I left IBM to enter private practice because I believe companies need experienced lawyers at their side. It’s not just about technologies; it’s about policies and strategies.