Kari Rollins
United States of America
  • PositionPartner
  • FirmSheppard Mullin Richter & Hampton
  • Age38
Abstract Shape Background
Kari Rollins

Kari Rollins

United States of America
  • Position: Partner
  • Firm: Sheppard Mullin Richter & Hampton
  • Age: 38

Professional history

I came up through the ranks not as a transactional intellectual property attorney, but instead as a commercial litigator. When I started focusing my practice on data privacy about eight years ago, I brought my significant litigation and internal investigation experience with me to that practice to help companies better prepare and respond to data breach and cybersecurity threats.

Influences and mentors?

I was first introduced to the world of data privacy law by Liisa Thomas. Since that initial introduction, and still today, she remains one of my mentors – not just in the realm of data privacy law (because she literally wrote the book on data breach), but also more generally in career development and advancement.

Advice for young lawyers?

To succeed in this space, you have to stay abreast not only of the ever-changing legal landscape, but also, and equally as important, the constantly evolving technologies and cyberthreats. As a practitioner, you will be infinitely more effective if you know and understand the relevant technologies – ie, the difference between two-factor and multi-factor authentication, the variations of malware used in recent attacks on companies, the use and effectiveness of EMV chip technology at payment platforms, and the list goes on and on.

What will data lawyers be advising on in 10 years?

I actually do not think it will be much different in principle than it is today, but instead the technologies, threats and commoditisation of “personal” information will have so evolved as to make the basic questions upon which we advise and litigate simply more complex. Those basic questions being, for example, what is or what should be protected information? How should it be protected, both by the law and by standard, and reasonable security practices? How do we respond to breaches impacting the security, confidentiality, and integrity of protected categories of information? And who is or who should be ultimately responsible when such a breach occurs?

What do you do to relax?

I love to compete in triathlons, and recently completed my first full Ironman. If I’m not swimming, biking, or running, I enjoy playing tourist in my own city – New York – and taking full advantage of all the great museums, exhibits, musicals, plays, concerts and food the city has to offer. And in the winter, skiing as much as time will permit