Paul H. Luehr is a partner at Faegre Drinker Biddle & Reath LLP. Paul partners with clients to optimize their privacy and cybersecurity practices, from risk management to incident response. As the leader of the firm’s privacy and cybersecurity team, Paul understands that cybersecurity crises can be profoundly costly, and they can strike organizations across a wide range of industries. Drawing from 25 years on the cutting edge of data privacy and cybersecurity — including experience investigating and prosecuting cybercrimes with the Federal Trade Commission (FTC) and the Department of Justice (DOJ) — Paul helps clients avoid becoming a cautionary tale. He has led investigations into several of the top data breaches on record.
Paul has overseen forensic teams on data incidents affecting national retailers, financial institutions, hospitals and national health care companies, universities, hotel chains, defense contractors, and online providers. Paul’s insights have been featured on CBS, NBC, CNBC and BBC television, and in The Wall Street Journal, The New York Times and USA Today.
Paul began his legal career at the FTC, where he served as a trial attorney and assistant director and became a foundational member of the agency’s internet team. He then joined DOJ as a federal cybercrime prosecutor, where he trained prosecutors and agents on cyber investigations and led cases related to computer intrusions, email threats, internet fraud and identity theft, phishing schemes, software piracy, and criminal trademark infringement. Immediately following September 11, 2001, Paul oversaw the initial investigation into computer evidence related to the terrorist Zacarias Moussaoui. Meanwhile, he served on the U.S. Internet and Telemarketing Fraud Task Force, DOJ’s Computer Crimes (CTC) Working Group, the U.S.-Canada Cross-Border Fraud Working Group and the U.S. Anti-Spam Task Force.
Drawing on his in-depth regulatory expertise, Paul joined Stroz Friedberg as a consultant and, over time, served as general counsel, chief privacy officer, and executive managing director as the data risk management firm grew to global prominence with 14 offices and over 500 employees. He assisted boards, CEOs, CISOs, chief privacy and compliance officers, and counsel with many incident response and internal investigations, and presented technical findings to numerous state and federal agencies. He also logged years of experience mining digital evidence related to privacy and security assessments, high-stakes litigation, trade secret disputes, global FCPA investigations, eDiscovery issues and online advertising.