GDR 100 2022

Morrison & Foerster

Morrison & Foerster

Professional notice

Other lawyers9
Who’s Who Legal: Data nominees7
Personal data breaches notified100

Practice profile

West Coast-headquartered Morrison & Foerster (MoFo) brings together practitioners who can handle the full data life cycle, spanning advisory, compliance, transactional and contentious matters. Its privacy and data practice is frequently cited as being among the best in the world, and the firm boasts more than 60 data lawyers in offices in the US, Europe and Asia.

The firm has particular expertise in guiding clients through the EU binding corporate rules process. The complex international transfer mechanism is notoriously burdensome for companies and their advisers alike; that MoFo has bagged several such mandates demonstrates its sophistication and ability to handle large volumes of work. It has recently leveraged its global presence to advise companies as they deal with complex data issues linked to the covid-19 outbreak, and has assisted multiple clients with the legality of employee and workplace tracking in various jurisdictions. While the firm’s list of key clients cannot be disclosed, it contains household names in hospitality, insurance, manufacturing, software, energy and healthtech.

Leading individuals

Co-lead of the MoFo privacy and data security practice, Miriam Wugmeister’s considerable expertise is put to use advising global companies on multinational compliance, and she handles many of the largest data security incidents globally. Co-lead Alex van der Wolk in Brussels is particularly skilled in assisting clients with structuring their approach to data privacy in specialised areas such as healthtech, agrotech, and adtech. He was notably one of the first practitioners in Europe to help companies set up BCRs.

Alja Poler De Zwart in Brussels, Alex Iftimie in San Francisco, Kristen Mathews in New York, Julie O’Neill in Boston, Nathan Taylor in Washington, DC, Annabel Gillham in London, Hanno Timner in Berlin and Brussels-based senior of counsel Lokke Moerel – a real guru on the GDPR’s one-stop-shop, among other matters – are other key names.

Work highlights

MoFo is representing FireEye Mandiant in connection with its cybersecurity investigation into the massive SolarWinds cyberattack. The firm also advised Cognizant on every aspect of its response to a Maze ransomware attack.

The firm represented telecommunications service provider 1&1 Telecom GmbH in the first GDPR fine to be successfully challenged in court. It also represents technology company Oracle in the first-ever Dutch privacy class action – impressive work for a firm that lacks an office in the Netherlands, and is running the case out of Brussels. Another first saw the firm involved in the inaugural CCPA litigation case in California, representing SalesForce.

On the non-contentious side, the firm has handled multiple binding corporate rules applications, and advises on laws as diverse as the CCPA and Chinese Cybersecurity Law. Brussels-based senior counsel Moerel and London partner Annabel Gillham guided Visa Europe as it set up its open banking platform across the EU. The Visa advice needed to take the EU’s PSD2 open banking framework into account and analyse relationships with stakeholders such as banks and merchants to resolve data storage, sharing and access issues. In deals, it acted for Salesforce on the IP and privacy aspects of the company's US$27 billion acquisition of business communications leader Slack – the second-largest software deal in history. It also acted for Japanese pharmaceutical company Taisho in transferring employee data in the context of its US$1.6 billion acquisition of French pharmaceutical company UPSA.

Through the Wugmeister-founded and led Global Privacy Alliance, the firm has submitted comments to Chinese, Japanese, EU Commission and European Data Protection Board regulators over the past 12 months.

Client feedback

One multinational client said: “As MoFo has data privacy specialists worldwide, they collaborate smoothly and provide us appropriate measures promptly based on their knowledge in local laws,” adding it would have been burdensome to contact individual local law firms and slow the setup of the programme.

Morrison and Foerster is recognized as an undisputed leader in privacy and data security worldwide. Our multidisciplinary, award-winning Privacy and Data Security Practice Group boasts more than 60 lawyers in offices in the United States, Europe, and Asia.

Our team provides creative and practical advice concerning all stages of the information lifecycle, from privacy compliance to incident response. We work across disciplines, including technology, financial services, life sciences, employment, healthcare, crisis management, transactions, and other fields. We’re counseling, litigating cases, and representing clients before regulators around the world. Our extensive experience with data protection laws and our geographic reach uniquely position us to handle virtually any privacy or data security issue anywhere in the world.

Over 100 countries now have their own data protection laws regulating the collection, use, disclosure, and security of personal information. The complex and sometimes conflicting obligations imposed by these laws can be challenging for companies seeking to comply—but fortunately, not for us! We’re at the forefront of firms advising clients on the legal and operational challenges presented by the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), and the Schrems II decision, as well as the Cyber Security Law of the People’s Republic of China, the Personal Data (Privacy) Ordinance of Hong Kong, Japan’s Personal Information Protection Act, and an entire alphabet soup of other global privacy laws. So it should come as no surprise that we were selected to litigate the first-ever CCPA class action. We’ve also done more Binding Corporate Rules (BCR), a form of corporate self-regulation designed to facilitate global inter-company data transfers in compliance with EU Data Protection Law, than any other firm worldwide.

While we advise on a broad range of privacy compliance and data protection matters, we also offer unparalleled expertise when cybersecurity incidents occur, having handled more major breaches than any other firm. Our interdisciplinary global risk and crisis management team includes former federal prosecutors and regulators, internationally recognized cybersecurity experts, and former officials at the Department of Justice, in the Intelligence Community, and at the Securities and Exchange Commission, among others. With decades of collective experience across a wide range of industries—in the private sector and at the highest levels of government—our team knows how to successfully guide clients through major crises. We’ve advised on some of the largest data security incidents in history, across both the public and private sectors, including work on security incidents for FireEye, Target, Marriott, Citrix, Juniper Software, JPMorgan Chase, Adobe, and Dell

We’re a proven leader in global technology and data law. We routinely help clients navigate the legal and regulatory factors of a full range of issues related to data analytics, AI, and machine learning, including intellectual property, transactional, commercial, privacy and data security, consumer protection, competition, and regulatory issues. We also understand the value of data and have extensive experience helping clients find value in their data.

Our deep bench has long and successful track record developing compliance programs, responding to security incidents, and defending high-stakes litigation that threaten a company’s brand reputation, business model, and bottom line. Our team is efficient, practical, and well-equipped to pivot often, and swiftly, to meet the needs of our clients in any and every situation, in any and every jurisdiction.

Diversity is our Superpower. Our Privacy + Data Security Group is a successful case study of what a commitment to diversity and inclusion can achieve, with women representing roughly 59% of our partners globally, and 25% of our lawyers across the practice identifying as diverse or LGBTQ+. We believe that providing our clients the best possible service comes when there is a diverse group of voices at the table. That’s a real superpower.

We’ve advised hundreds of organizations, from ambitious startups to global industry leaders, including nearly half of the Fortune 50 and leading companies across all sectors. We want to help you with timely, knowledgeable, realistic advice and attorneys available around the globe, 24/7. Come talk to us. We’re MoFo.


Unlock unlimited access to all Global Data Review content