Representative Experience

Successfully ‎resolved a major international data breach involving some of the world's highest profile web brands, including the pursuit of perpetrator across multiple countries to recover stolen data


Advising a leading global technology and cybersecurity company on international data transfers issues and their Binding Corporate Rules ‎application


Advising one of the world's leading digital advertising and media businesses on a “Privacy By Design” audit and the development of new policy to limit enforcement risks under the GDPR

View More

  • Handled high-profile data security breaches for large financial institutions, health care entities, a major airline and a national hotel operator, among other clients.
  • Assisted FireEye in obtaining the first ever SAFETY Act Certification for a cybersecurity product.
  • Counseled clients facing hacker attacks, data theft, unauthorized data disclosure by vendors and other data-oriented threats and crises.
  • Handled employee data privacy matters for pharmaceutical companies in more than 40 countries.
  • Represented a U.S.-headquartered, international business in securing EU approval of its Binding Corporate Rules (BCRs)—the gold star standard when transferring data internationally in light of new EU regulatory changes.
  • Represented one of the world’s leading professional services organizations in structuring and negotiating the terms of their cyber insurance programs.
  • Represented a global credit card and payment services company in structuring and negotiating the terms of their cyber insurance programs.
  • Represented an internationally renowned network of hospitals and clinics in structuring and negotiating the terms of their cyber insurance programs.
  • Represented a national health plan management company in structuring and negotiating the terms of their cyber insurance programs.
  • Represented a biopharmaceutical company in structuring and negotiating the terms of their cyber insurance programs.
  • Represented a leading medical claims processing company in structuring and negotiating the terms of their cyber insurance programs.
  • Working with HR directors in 12 countries, represented a health care company in harmonizing privacy policies across business units in the wake of a major acquisition.
  • Helped a major global electronics firm with a privacy audit and compliance issues related to emerging privacy concerns around the Internet of Things.
  • Advised a national retailer in connection with a DDoS cyberattack, including data breach issues arising from the attack and securing insurance coverage for costs stemming from the incident.
  • Represented a global executive search firm in connection with issues relating to cross-border flows of candidate information.
  • Advised a globally prominent game maker on privacy and data security issues related to virtual goods and virtual currencies.
  • Representing Sony Pictures on insurance issues related to the November 2014 cyberattack on its network and IT infrastructure.
  • Represented Sony on insurance claims arising out of attacks on its online gaming networks in 2011.

Practice Area Highlights

Genuine thought leaders, including authors of leading books (Regulation of the Internet and E-Business: The Practical Guide) and regular broadcast, print and online media commentators.


Deep experience stemming from the earliest days of web commerce and commercialized data use, from advising GE‎ on their e-enablement project to representing GM on the first websites selling cars.


Fully immersed in the cybersecurity, data protection and privacy law of today, from social media hacks, to e-payments to customer tracking and the Internet of Things.

Pillsbury Partner Rafi Azim-Khan discusses the GDPR

GDPR: What You Need To Do & Steps To Take