Chris Cwalina is the Global Head of Cybersecurity and Privacy at Norton Rose Fulbright. His practice focusses on cybersecurity and privacy compliance and program development, with a focus on complex cybersecurity attack and data breach investigations, including those involving sophisticated threat actor groups and advanced persistent threats against critical infrastructure entities.
Chris has managed some of the largest data breaches that have occurred. Since the inception of state breach notification statutes, Chris has helped companies respond to countless cybersecurity events, incidents, and data breaches, on an international scale, involving external and internal threats and sophisticated threat actors with a variety of motives. He has handled theft of credit card data, intellectual property, trade secrets and confidential company information, health information, employee information, personal data and personally identifiable information.
Chris provides advice and counsel on the full lifecycle of cybersecurity and privacy compliance and risk management. He advises clients on how to prepare for a security incident to help them be in the best position possible prior to an incident occurring. This counsel involves assessing and developing appropriate governance and organizational structures, incident response programs, as well as conducting incident response workshops and exercises. These techniques and procedures are designed to prepare companies to respond to security incidents quickly, efficiently and in a manner that complies with applicable laws and regulations while simultaneously mitigating risk and preserving customer relationships.
As soon as a security incident occurs, Chris serves as "breach coach" and works closely with CISOs and SIRTs assisting his clients with leading the investigation, containment and remediation of the incident, and developing effective communications, which are designed to preserve customer relationships and minimize the likelihood and consequences of litigation and regulatory investigations. Chris also helps companies deal with the fallout of an incident by responding to resulting state, federal and international regulatory inquiries and investigations. He also defends clients in related litigation, including actions brought by consumers, shareholders, employees, and others.
Chris has represented companies in a wide range of industries, including a number of companies in critical infrastructure sectors, energy, oil & gas, communications, retail, transportation, hospitality, life sciences and healthcare, insurance, financial services, technology, advertising and marketing, entertainment, and education.
Chris brings his years of experience to provide proactive counsel on the complex regulatory issues pertaining to cybersecurity and privacy programs and data collection, use, maintenance, transfer, and sharing. He regularly presents to boards of directors and advises on governance and cybersecurity risk disclosure obligations. He advises clients on regulatory issues and legislative affairs pertaining to the full range of cybersecurity, data governance, data privacy and cross-border transfer issues with a focus on technology, mobile and online practices.
