Faculty: Chris Cwalina

Cwalina 150Chris Cwalina is the Global Co-Head of Norton Rose Fulbright’s Data Protection, Privacy and Cybersecurity and concentrates his international practice on cybersecurity and privacy compliance and program development, with a focus on complex cybersecurity attack and data breach investigations, primarily involving sophisticated threat actor groups and advanced persistent threats focused on critical infrastructure entities. Having been in-house for a decade, Chris understands clients’ challenges, priorities, and concerns, and knows what clients expect from their outside counsel.

Chris has managed some of the largest data breaches that have occurred. He began his career in privacy as vice president and assistant general counsel at ChoicePoint Inc., where he ran the company’s Privacy, Compliance, Ethics and Credentialing Department and helped lead the company’s response to the first publicly-reported data breach. This occurred at a time when only one state breach notification law had been enacted. While at ChoicePoint, Chris helped the company respond to a Federal Trade Commission (FTC) investigation and complaint, Congressional inquiry, a U.S. Securities and Exchange Commission (SEC) investigation, an investigation and complaint brought by a coalition of state attorneys general offices, as well as managed a number of class-action complaints.

Since the inception of state breach notification statutes, Chris has helped companies respond to countless cybersecurity events, incidents, and data breaches, on an international scale, involving external and internal threats and sophisticated threat actors with a variety of motives. He has handled theft of credit card data, intellectual property, trade secrets and confidential company information, health information, employee information, personal data and personally identifiable information.

Chris provides advice and counsel on the full lifecycle of cybersecurity and privacy compliance and risk management. He advises clients on how to prepare for a security incident to help them be in the best position possible prior to an incident occurring. This counsel involves assessing and developing appropriate governance and organizational structures, incident response programs, as well as conducting incident response workshops and exercises. These techniques and procedures are designed to prepare companies to respond to security incidents quickly, efficiently and in a manner that complies with applicable laws and regulations while simultaneously mitigating risk and preserving customer relationships.

As soon as a security incident occurs, Chris serves as “breach coach” and works closely with CISOs and SIRTs assisting his clients with leading the investigation, containment and remediation of the incident, and developing effective communications, which are designed to preserve customer relationships and minimize the likelihood and consequences of litigation and regulatory investigations. Chris also helps companies deal with the fallout of an incident by responding to resulting state, federal and international regulatory inquiries and investigations. He also defends clients in related litigation, including actions brought by consumers, shareholders, employees, and others.

Chris has represented companies in a wide range of industries, including a number of companies in critical infrastructure sectors, energy, oil & gas, communications, retail, transportation, hospitality, life sciences and healthcare, insurance, financial services, technology, advertising and marketing, entertainment, and education.

Chris brings his years of experience to provide proactive counsel on the complex regulatory issues pertaining to cybersecurity and privacy programs and data collection, use, maintenance, transfer, and sharing. He regularly presents to boards of directors and advises on governance and cybersecurity risk disclosure obligations. He advises clients on regulatory issues and legislative affairs pertaining to the full range of cybersecurity, data governance, data privacy and cross-border transfer issues with a focus on technology, mobile and online practices. Chris also provides counsel on compliance with COPPA, GLBA, HIPAA, FCRA, ECPA, CPNI Rules, TCPA, and other state and federal privacy and security laws as well as international privacy laws, regulations and directives, including the EU General Data Protection Regulation (GDPR).

Comments are closed.


When: Tuesday, April 14, 2020
8:15 am - 5:00 pm (followed by announcement of "IR 30")
Where: Virtual (online only)
CLE Credit:
6.0+ hours (details here)

Corporate Sponsors

Kroll 230 2019

Ankura 230x60

Crypsis 230 2020

Intel 230


Sard 230 2020 UGT 230

Law Firm Sponsors

Orrick 230 v2

Alston 230 v2



Beckage 230


Covington2018 230


Faegre Drinker 230



Lewis Brisbois 230

Norton Rose 230

O'Melveny 230


Ropes &Gray

SheppardMullin 230

Willkie 230

Wilson Sonsini 230 2020


Links to materials available here.