Nelson Mullins Encompass

Whether seeking to develop or assess data security and governance practices, implementing investigative and response measures in response to a cyber attack, communicating with law enforcement or regulators regarding a data breach, or navigating lawsuits relating to cybersecurity, our team can guide you on tactical steps designed to address preventive and responsive measures in an integrated manner.


We understand the cybersecurity-related business and reputational risks, regulatory landscape, sensitivities relating to internal investigations and Board-level and customer communications, law enforcement and government relations, and the interplay with data breach-related litigation. Our multidisciplinary team includes the Firm's Managing Partner, and practice leaders for the Firm's Nelson Mullins Encompass, Privacy and Information Security, and Government Investigations and White Collar Defense practice areas. Our group brings a wide level of experience and diverse perspectives, with various team members having experience that includes having served formerly as senior in-house counsel (including as general counsel and in compliance and privacy roles), government prosecutor and military service, experience as enterprise-wide electronic discovery counsel for clients with global operations, class action and multidistrict litigation defense counsel, and insights from having conducted internal investigations on behalf of the company and the Board.


Our clients span industry sectors and include Fortune 50 and privately held companies, clients with global operations, and companies in heavily regulated industries. Some clients have in-house multidisciplinary information governance teams and others have a designated professional leading information security and data protection efforts.

Data-related challenges are increasing in prominence and importance. Enterprises seeking to implement proactive organizational structures and practices or experiencing data breach or cyber attack crises need to be prepared to make careful and timely, informed decisions regarding internal investigations, response and data protection, preservation and litigation readiness measures, and communications with the Board, regulators, customers, and law enforcement. We work closely with you to develop defensible strategies and investigative and response measures, and to advocate on your behalf with regulators, law enforcement, the courts, and potential litigants.  


Our cybersecurity and data breach response services include:

  • Counsel on Board, Law Enforcement, Regulatory, and Customer Communications- advising on communications and coordination strategies as part of integrated data breach response measures.
  • Counsel on Cyber Insurance Issues- advising on appropriate cyber insurance coverage solutions based on the client’s exposure; post-breach cyber insurance coverage analysis and related coverage litigation. 
  • Data Security Program Design- advising clients on organizational structure, policies, and practices to help protect and manage company data.
  • Data Preservation- counseling clients on data preservation issues in connection with cyber attack and breach-related government subpoenas and investigations and related litigation.
  • Due Diligence- performing privacy and security due diligence to assess risks in connection with ongoing operations, acquisitions, and new service offerings and technology platforms.
  • Government Investigations, Discovery, and Litigation- representing clients in connection with data and breach-related government investigations, defensible data preservation and discovery strategies, and litigation.
  • Integrated Incident Response- counseling clients on time-sensitive, integrated response measures, including breach containment, incident investigations and disclosure, customer notifications, law enforcement and government relations communications, data and evidence preservation, regulatory reporting, and litigation and discovery readiness.
  • Internal Investigations- conducting or guiding clients on performing internal investigations in connection with cyber attacks and data breach incident response.
  • Regulatory Reporting- advising on reporting and disclosure requirements.
  • Remediation- guiding clients on mitigation measures, including developing integrated remediation strategies that reinforce information governance and litigation readiness practices.
  • Risk Assessment and Mitigation Counseling- conducting risk assessments and data security audits, and counseling clients on practices to help mitigate data, business, and litigation risks.
  • Security Consultant Retention- advising on security consultant retention and privilege and litigation readiness-related issues.
  • Transactional Guidance- reviewing and advising on data security, preservation, information lifecycle governance, and risk allocation in connection with business transactions.
Data Breach and the Financial Institution

If you are the CEO, CISO or General Counsel of a financial institution (FI) of any size, you have likely been thinking about what you must do to secure your institution's sensitive financial data. It is also likely... MORE

Minimize Risks and Improve Readiness
Ethisphere® Magazine
Reprinted with permission of Ethisphere®

Companies need information to succeed, including information on products, services,... MORE


Data and Integrated Enterprise Discovery Counsel for Cyber Attack

We assisted our client, a Fortune 50 company, in connection with its response involving one of the largest cyber attacks in history.  Our role included frequent and sometimes daily coordination with law enforcement, counseling our client on data preservation issues, assistance with response to attorneys general, regulators, and lawmakers, as well as on litigation coordination, consolidation and strategy. 


Risk Assessment and Remediation Counseling

Nelson Mullins' privacy and information security team counseled multiple retail organizations in full-scale risk assessments and remediation of privacy and security practices.  In addition, they performed privacy and security due diligence for the acquisition of a major digital marketing company, advised major retail companies regarding consumer law and consumer protections issues and collections practices to help minimize risks, and performed privacy and security rule risk assessment under HIPAA and HITECH for a national skilled nursing care provider.


Data Breach Incident Counsel

When our client, a financial institution, experienced a data breach, our Nelson Mullins team counseled the client through all stages of the data breach incident. Our role included advising on incident analysis, breach containment, incident disclosure, loss mitigation, and remediation.