Kathryn leverages her experience in incident response to help companies take proactive measures with their cyber and security practices. This includes drafting written information security policies, business continuity plans, incident response procedures, and conducting realistic tabletop exercises. Kathryn helps clients establish robust privacy programs by conducting data mapping exercises, developing internal and external policies, and providing trainings for employees, leadership teams and board members. Further, she frequently advises companies on privacy and data protection compliance and risk mitigation in software development, integration, AI, and other emerging technologies.
Kathryn is a Certified Information Systems Security Professional and a Certified Information Privacy Professional. Prior to joining Mayer Brown, Kathryn worked at a leading law firm and was seconded to a major technology company where she was an integral part of the global team working on privacy matters.
Kathryn’s experience as a cybersecurity and privacy lawyer includes:
- Responding to a variety of cyber incidents, including business email compromises, ransomware attacks, DDoS, phishing campaigns, credential stuffing, and employee wrong doing.
- Guiding clients through investigation, remediation, analysis, and notification stages of incident response.
- Assisting corporations by developing strategies for incident preparation and response.
- Performing hands-on tabletop exercises and presentations to help clients understand their strengths and areas for enhancements with their incident response.
- Counseling companies on risk mitigation and compliance matters with regards to software development, AI, and technology services.
- Providing clients with compliance strategies for state privacy laws, along with federal laws such as the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act.
- Developing forward-looking privacy programs and data governance strategies through data mapping.
- Negotiating data sharing, information security and technology agreements.