Norton Rose Fulbright expands global cyber risk group with three notable lawyers

Global Firm June 7, 2018

Norton Rose Fulbright today bolstered its Global Cyber Risk Group with the addition of three prominent privacy and cybersecurity lawyers: Chris Cwalina in Washington, DC, Jeewon Serrato in San Francisco and Steven Roosa in New York. Cwalina joins as the firm’s Global Co-Head of Cyber Risk and Serrato as its Head of Data Protection, Privacy and Cybersecurity in the United States. Roosa will head up the firm’s data lab, enhancing Norton Rose Fulbright’s Global Risk Advisory offering.

Daryl Lansdale, Norton Rose Fulbright’s US Managing Partner, said:

“Our expanded Global Cyber Risk Group offers coverage around the world in all areas of information risk, including cybersecurity, privacy, e-discovery and governance. These new additions make us stronger than ever in this arena.”

Ffion Flockhart, Norton Rose Fulbright’s Global Co-Head of Cyber Risk with Cwalina, commented:

“Data knows no borders, and privacy and cybersecurity concerns top the agendas of our largest global clients. With significant US litigation risk and regulatory exposures to contend with, our expanded team provides our global clients with a deep and highly experienced bench to help navigate the complex, multijurisdictional risks they face in this space.”

Cwalina concentrates his practice on cybersecurity and privacy compliance and risk management, with a focus on complex cybersecurity attack and data breach investigations. The former Co-Chair of Holland & Knight’s Cybersecurity and Privacy Team counsels clients in all phases of cybersecurity and privacy compliance, planning, training and program development. Since the inception of state breach notification statutes, Cwalina has helped companies respond to countless cybersecurity events, incidents and data breaches on an international scale. He helped lead the response to the first major breach to be publicly reported when there was only one data breach law in the US.

Cwalina, who provides counsel on the full lifecycle of cybersecurity and privacy compliance and risk management, said:

“Norton Rose Fulbright is the perfect law firm for us. As well as having a coast-to-coast presence in the US, we will have a significant platform of experienced cyber and privacy lawyers across the globe, which will be of considerable benefit to us and our clients. Our practice fits nicely with the talented team that is already in place, and we could not be more excited to start working with our new colleagues.”

Serrato brings significant experience advising global companies, financial services institutions, and public entities on cutting-edge issues at the interaction of technology and law. Most recently, she was Global Head of Privacy and Data Protection at Shearman & Sterling LLP. Before joining the private sector, Serrato served as Chief Privacy Officer of Fannie Mae and as the lead privacy executive for RELX Group (formerly Reed Elsevier), where she managed cybersecurity programs, data use policies and product design for more than 500 data analytics products globally. She currently serves on the US Department of Homeland Security Data Privacy and Integrity Advisory Committee and holds a US Secret Clearance.

Serrato, who advises companies seeking to implement smart data strategies, added:

“For many multinational clients, US data privacy and cybersecurity coverage is critical. Our team will be able to offer considerable experience and insight to assist companies with their ever-increasing needs in this area. With our global team expanding into San Francisco, we are well positioned to act as true business partners in product and service delivery from proof-of-concept to commercialization. The data lab that Steve Roosa will head up is a good example of how innovative and technology-forward our group will be.”

Roosa, a Fellow Emeritus at the Center for Information Technology Policy at Princeton University, has deep experience advising companies on a wide range of technology and legal issues pertaining to data privacy, security and governance.

Roosa, who worked closely with Cwalina on cyber risk offerings at Holland & Knight, added:

“Few outside of the university context have built a data lab providing data compliance testing and assessment at the technical level, and we’ve already started our first coding sprint. Folks should look forward to some big announcements in the near term.”

Cwalina, Serrato and Roosa join an experienced team of cyber, privacy and data management practitioners, which includes US Head of Data & Information Risk David Kessler, US Head of E-Discovery and Information Governance Andrea D’Ambra and Kim Gold, a lawyer with deep HIPAA experience.

Kessler, who ranks in Chambers USA for Nationwide Litigation: E-Discovery and founded Norton Rose Fulbright’s US data management practice, said:

“The addition of Cwalina, Serrato and Roosa add tremendous depth to our service offerings. There is virtually no data project that we cannot handle.”

Cwalina is admitted to practice in the District of Columbia and Maryland. He received his JD from the University of Baltimore School of Law and his BA from Gettysburg College.

Serrato is admitted to practice in California and the District of Columbia. She earned her JD from the University of California, Berkeley School of Law and her BA from the University of California, Berkeley.

Roosa is admitted to practice in the District of Columbia, New Jersey and New York. He received his JD at the Rutgers School of Law and his BA from Cornell University.


Global Co-Head and US Head of Information Governance, Privacy and Cybersecurity
Co-Vice Chair, United States