The first of the year marked the start of a new endeavor for Orrick. The law firm announced the opening of a new Boston office and four new members to its cybersecurity and privacy practice, bringing the total count of partners devoted to the space to 13. The new hires include seasoned privacy professionals Doug Meal, Heather Egan Sussman, CIPP/US, Michelle Visser and Seth Harrington, who were all previously at Ropes & Gray. Meal, Sussman and Harrington will be based in the firm’s new Boston office, where Meal will lead Orrick’s Cyber & Privacy litigation and enforcement practice, and Sussman will co-lead the Cyber & Privacy advisory practice with Orrick’s Aravind Swaminathan. As the team explained, the decision was rooted in direct response to client need and a vision for the future.
Swaminathan said while the effort behind investing in a new office is not to be overlooked, it was ultimately an easy decision. The firm's chairman visited with clients to find out top concerns, asking them two questions: What keeps you at night, and what do you want out of a law firm?
"Almost every single one responded that one of their top three concerns included cybersecurity, privacy and the ability to innovate with data," Swaminathan said.
As a firm, it was important that any addition reflect Orrick's culture.
"It was important to bring in a strong, capable, diverse team to complement what we were already starting to build. We want to bring a broader set of viewpoints to solve the complicated issues that we are bound to encounter over the next 10 years," Swaminathan said. "You need lots of perspective in the room, with varying backgrounds, who are willing to be entrepreneurial and innovative. Just in the U.S., prior to the addition of the Boston office, our team was 90 percent made of women and people of color. Across the globe, in our practice at large, its 70 percent."
Sussman said Orrick’s willingness to commit to privacy and cybersecurity helped draw her team to join.
"We are always making the business case for privacy, for cybersecurity and for data innovation with our clients, but to see a firm that’s willing to invest and make the business case for privacy and cybersecurity and to support that in its growth, it’s a really exciting milestone for our field,” she said.
On top of that, Sussman noted Orrick was a good fit culturally.
"I feel that privacy professionals, and those who do cybersecurity, we are a group of people who love what we do and who take pride in our work. What we were really looking for was a firm that reflected the culture of our group and that had the same ideals and values. We have been so impressed with the firm’s diversity initiative and its focus on innovation," she said.
Meal said that in terms of thinking where to grow the practice, several aspects of Orrick stood out. He noted the firm’s focus on technology, its geographic footprint across the U.S., Europe and Asia, and the existing privacy practice as deciding factors in the move. “We had built a very strong brand in the space at Ropes & Gray and we had a great run, but looking at those three factors combined, for us, Orrick was the head and shoulders first choice where we thought we could take the practice to the level we intend to take it.” He added, “It’s the global practice we need in order to turn the practice into the premier global privacy and cybersecurity practice, which is our goal and our expectation.”
The team noted that with more privacy-oriented litigation efforts emerging in Europe, the addition of Meal and Sussman will help carry Orrick forward. Kolvin Stone, privacy partner and head of Orrick’s London office, said that while Europe has not had an active plaintiffs claim, it is developing. “One of the exciting things from a European perspective is adding a team that includes Doug and Heather will allow us to take their litigation experience and translate it to the European market," Stone said. "Doug and Heather have been dealing with it for quite a number of years and that’s exciting from our perspective.”
Meal said that while the past 10 to 12 years spent in litigation and regulatory enforcement has been a very busy time, he said, "When we’re doing this interview 10 years from now, we are going to look back at this period and laugh at how mild it was with all that will likely happen between now and 2025, 2030."
He added, “It's highly likely that the GDPR model sweeps the world, and we have worldwide regulatory enforcement in the privacy and cybersecurity area that is enormous compared to what it has been up to now.”
Looking to the future, the team agreed the capability of Orrick's privacy, security and data innovation team will enable them to handle the increased regulation and enforcement on the horizon.
photo credit: Eric Kilby Moonrise Over Boston via photopin (license)