Brenda Sharton, partner and chair of Dechert’s top ranked, global privacy and cybersecurity practice, is a top privacy and cybersecurity and commercial litigator. Ms. Sharton is Chambers ranked and a recipient of the 2022 Law360 MVP award in Cybersecurity and Privacy.  For many years, Ms. Sharton has been ranked as a "Leading Lawyer" by The Legal 500 for Cyber Law and Data Protection/Breach Response. A first chair trial lawyer, Ms. Sharton counsels and represents public and private corporations and their boards in complex commercial litigation, arbitration and civil government/regulatory and enforcement matters.

Ms. Sharton is a nationally recognized expert, pioneer and thought leader in privacy and cybersecurity law. She has handled over 1,000 data breach investigations and cyber-attacks of every type and size for companies in every industry ranging from start-ups to global, multi-billion-dollar public companies. Ms. Sharton has handled some of the highest-profile data breaches brought by nation states, organized crime, insiders and other threat actors, including the negotiation of ransom/ransomware, business email interruption/Office 365 attacks, corporate and nation state espionage, DDoS, insider threats and theft of computer/electronic data of all types. She has defended companies in hundreds of privacy-related government investigations and enforcement actions brought by global and U.S. regulators, including state attorneys’ general, the FTC, HHS/OCR for HIPAA breaches, the SEC Cybersecurity Division, European regulators among others, as well as defended public and private companies in class action litigation arising from those data breaches around the globe.

Ms. Sharton’s experience is second-to-none in handling cyberattacks. Since the late 1990s, she has quarterbacked hundreds of data breaches, including numerous high-profile, front-page news breaches. Since COVID-19 has forced companies to a hybrid work environment, Ms. Sharton has counseled numerous companies on enhanced cyber and physical security related to the exponential increase in related cyberattacks, including companies engaged in COVID-19 research. She counsels companies on pre-breach cybersecurity counseling as well as handles all aspects of data breach investigations (crisis management, working with law enforcement and forensic firms, crisis and PR firms, as well as board, auditor and investor communications, advice on global notification obligations, and analysis of cyber insurance). She has litigated high profile landmark cases in this space, including one of the first bank online hacking cases to have been litigated to an appeals court. She provides counseling on cyber and physical security programs, in particular for high target companies.

Ms. Sharton has over 30 years of experience in all manner of complex commercial litigation, internal investigations, arbitration and civil government regulatory matters, involving contract claims, trade secret, post-closing disputes, non-compete, false advertising, business torts, fiduciary duties, banking and trust claims, fraud, minority shareholder and partnership disputes, among others. She is experienced with virtually every type of civil claim brought against financial services institutions, banks and asset managers and has a deep expertise in the financial services industry (including fintech and digital currency), as well as in the technology, life sciences, healthcare and artificial intelligence industries. Ms. Sharton has successfully tried cases to conclusion in federal and state courts throughout the country and has represented clients in the full range of ADR procedures. In addition to trial work, she has defended government enforcement actions brought by an alphabet soup of federal and state regulators, including the SEC, FDIC, FTC, FINRA, DOL, FDA, HUD, OCC, HHS/OCR and the CFPB, among others.

Ms. Sharton has been recommended for commercial litigation, financial services litigation, and privacy and cybersecurity/breach response work by The Legal 500 United States consecutively for nearly a decade. She is recognized by Chambers USA as a leader in Privacy and Data Security. In 2022, she received Law360's MVP award in Cybersecurity and Privacy, an honor given to only five lawyers worldwide. Ms. Sharton is named to Cybersecurity Docket’s Incident Response 40 list, the best data breach response lawyers in the business.  She has been listed in U.S. News-Best Lawyers in the practice areas of Commercial Litigation, Litigation - Banking and Finance and Mass Tort Litigation/Class Action - Defendants. A recognized thought leader, Ms. Sharton frequently writes on cybersecurit. She has published and/or been quoted in publications such as the Harvard Business Review, Wall Street Journal, Thomson Reuters, BloombergLaw360, Risk Management and Practical Law, among others. She has also lectured at the Federal Reserve Bank, numerous state Bank Associations, the MIT Sloan School of Management and the Harvard Law School executive leadership program. 

Prior to joining Dechert, Ms. Sharton was a senior partner, global practice group leader and member of the executive committee at another leading international law firm.

Client Feedback

  • "Brenda has provided and led strategic and meaningful insight concerning breach notification, incident response and privacy management." - Chambers USA 2022
  • "She is an excellent attorney and business partner who provides practicable advice based on her extensive experience." - Chambers USA 2022
  • "Brenda Sharton is an amazing senior lawyer who combines deep experience and knowledge with a calm and collected approach." - The Legal 500 US 2021
  • "Brenda Sharton is a brilliant lawyer and a great client advocate. She is the lawyer you want in your corner. As a seasoned litigator and an experienced data security lawyer, she manages crises with confidence, finesse and strategy. Brenda will get into the weeds with the technical team and in the same breath turn to the legal team to interpret the significance and how it aligns with the bigger picture. Few lawyers have her depth, acumen and empathy but none have the same level of sincerity." - The Legal 500 US 2021
  • "Brenda Sharton is one of the most experienced privacy lawyers in the market today, with deep experience and the ability to translate complexity in a way that is actionable and understandable. She cuts through the noise and focuses everyone on what is critical." - The Legal 500 US 2021
  • Representative Data Breach Investigations

    • A global public Silicon Valley customer management software company in connection with data security breach where millions of customer credentials had been exposed.
    • A global information security company in connection with a nation state threat actor.
    • Negotiated ransom on behalf of a information security company in connection with cyberextortion by organized crime syndicate using RaaS. 
    • A health management company in data breach regarding disclosure of patient health and medical information and in OCR/HHS investigation.
    • A developer of a push-to-talk app in a data breach that with compromised data of its 140 million users.
    • A global technology/social media company in connection with counseling on compliance with a FTC order and privacy program.
    • A Chinese bitcoin mining company in connection with a global data breach in which US$500 million of bitcoin was stolen.
    • A public biotech company in connection with nation state attack and cybersecurity management around sensitive drug development matters.
    • A subscription-based business information database company on data breach affecting over 100 million database records from around the globe.
    • A Silicon Valley-based healthcare company in a breach affecting millions of patient records and defense of OCR/HHS enforcement action in a case that had the highest ransom the FBI had seen to date.
    • A public technology company specializing in 3D printing in a sophisticated global ransomware attack.
    • European and Asian law enforcement in negotiating and coordinating multi-million-dollar ransom.
    • A public software company in connection with cyberattack by a nation state.
    • A public education software company regarding a cyberattack by a nation state that affected student data and state AG, FTC and SEC Cybersecurity Division actions.
    • A European health care app with over 100 million users in a data breach and defense of FTC action regarding its privacy practices.
    • A global public bioscience company based in Hong Kong regarding a cyberattack that defrauded the company of millions of dollars.
    • A cloud services and identity management company on a data breach in which an unauthorized user gained access to the company’s U.S. database, potentially accessing passwords and credentials for thousands of the company’s corporate customers. This matter remains one of the most significant recent data breaches in the tech and cloud services community. Also defended the company in an FTC enforcement action.
    • A healthcare payment platform in connection with a highly sophisticated attack on its system that resulted in the theft of over US$10 million in customer funds.
    • A global financial services provider on a Microsoft Office 365 email intrusion that led to the exposure of thousands of health insurance records, including information protected under HIPAA; as well as the defense of HHS/OCR and day-to-day counseling on privacy/cybersecurity issues.
    • A global biotech company on a breach involving the release of employee W-2 forms via a phishing scam. Also represented the company in a putative class action arising from the breach and defended the New York Attorney General’s action.
    • The One Fund Boston, a charity created to provide financial assistance to survivors and families of those killed in the Boston Marathon bombings, in creating a complete privacy program and policies for employees, volunteers and collaborating parties of the charity, which was created to on a pro bono basis.

    Representative Data Breach/Privacy Litigation

    • A health management company in two purported class action lawsuits regarding disclosure of patient information following a 2020 data breach.
    • Representation of Flo Health, Inc. world’s leading women’s health app in the defense of numerous class actions pending in federal court in California, Canada (British Columbia, Quebec and Ontario), as well as in Israel.
    • Representation of Flo Health, Inc. in connection with the successful settlement with the FTC in June 2021. 
    • Representation of Cano Health, Inc. in connection with the successful settlement of two purported class actions pending in state court in Miami-Dade county in Florida following an Office365 cyberattack. 
    • Macy’s Inc. in federal court against purported class action claims arising out of 2019 data breach.
    • Taconic Biosciences, Inc in a putative class action in NY state court arising theft of employee information following phishing scam.
    • People’s United Bank in a summary judgment victory in a landmark case, which involved an alleged breach of the bank’s online security system through keylogging malware. One of the first cases of its kind to be decided by an appellate court and named a “national case to watch” by the American Banker, the dispute was resolved after the First Circuit reversed in part and remanded the district court’s decision.
    • Wellpoint Inc./Anthem in an Office of Civil Rights (HHS Division) investigation involving alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). At the time, the settlement was one of only 12 OCR settlements nationwide.
    • Online video and media service providers in class action litigations filed nationwide challenging the alleged use of local shared objects, also known as “flash cookies.”
    • Numerous companies in privacy-related government investigations and enforcement actions brought by states attorneys’ general, the FTC, HHS and the Office of Civil Rights, among others.
    • Numerous public companies in hundreds of data security breaches, including global investigations and the handling one of the first major data breaches for a public company in 2002.
    • Numerous companies in TCPA litigation.

    Representative Business Litigation

    • Minority shareholders of Diversified Communications, Inc. in a post-closing dispute related to the buyout of shares following the divestiture of the company’s electronic health records division.
    • Hill Holliday Connors, Inc./Erwin-Penland, Inc. in winning a summary judgment in a case involving claims of trade secret misappropriation and breach of contract/fiduciary duty, as well as the rights to a national advertising campaign utilized by a Fortune 50 company. The case, in federal district court in South Carolina and with damages claimed of nearly US$100 million, was appealed to the Fourth Circuit, which affirmed summary judgment for the client.
    • A public company in an arbitration involving trade secret and breach of acquisition agreement with another public company related to the right to do business in 21 states.
    • New Balance, Inc./Warrior Lacrosse in the successful resolution of claims pending in federal district court in Michigan, for theft of trade secrets involving the hockey line, after successfully defeating an initial injunction motion.
    • Zmags North America in a trial in federal court in Ohio after cross-examination of opposing party's CEO. Claims involved the alleged theft of the entire customer data base by a former employee.
    • Numerous companies in successful resolutions to civil claims related to the Bernard L. Madoff Securities fraud.

    Representative Financial Services Litigation

    • Cape Cod Five Cents Savings Bank in a winning summary judgment in trust litigation brought against the bank as trustee of an estate in multi-year litigation alleging breaches of fiduciary duty, breach of contract, 93A, violation of the Mass Uniform Trust Act and tort claims, among others.
    • Citizens Bank in a winning motion to dismiss in federal court and in First Circuit Court of Appeals for in the defense of a putative class action arising from their overdraft fee program in a case. This case garnered the attention of legal news outlets, including as the leading story in Law360 on two different occasions.
    • Southern Sun Asset Management in an arbitration award against claims brought by an international third-party marketing firm with claims of almost US$100 million. The arbitration award was challenged and successfully defended in federal court in Alabama.
    • A Fortune 100 public financial institution in the successful resolution of a case in federal court in New York against for breach of fiduciary and financial fraud claims following its acquisition of a financial services company and the infusion of US$2 billion into that institution.
    • A major public mutual fund company in the successful defense of in connection with SEC and FDIC investigations that resulted in no charges for the company.
    • A Fortune 50 company in the successful negotiation and resolution of a consumer financial services class action case, pending in Ohio state court for more than 10 years.
    • A Fortune 100 financial institution in a successful defense in a class action case in both state court and Ohio appeals court alleging pregnancy discrimination in mortgage lending practices. The case was settled favorably for our client.
    • Massachusetts Bankers Association and other state banking associations for over a decade relating to litigation issues affecting banks.
    • People’s United Bank in the successful dismissal of a putative class action complaint in state court in Connecticut, involving the bank’s overdraft fee program. Secured one of the few dismissals among the hundreds of overdraft cases that have been filed against banks across the country.
    • East Cambridge Savings Bank in the successful dismissal of a complaint in its entirety with prejudice in a suit filed in Middlesex Superior Court arising out of a loan default. The Massachusetts Appeals Court affirmed the judgment in our client's favor.
    • State Street Global Advisors in the successful dismissal of a complaint filed in Massachusetts Superior Court seeking recovery of losses during broad stock market decline. Successfully defended the dismissal in the Massachusetts Appeals Court.
    • State Street Global Advisors in winning a summary judgment of a complaint alleging breach of fiduciary duty and breach of contract; claims dismissed as time barred under three-year statute of limitations. Summary judgment affirmed by the Massachusetts Appeals Court.
    • Massachusetts Bankers Association and group of banks in winning a summary judgment in Massachusetts federal district court in a constitutional challenge to Massachusetts statutes that restricted how banks could sell insurance. First Circuit Court of Appeals dismissed the petition to vacate.
    • Multiple banks, including BNY Mellon and HSBC, in the dismissal of numerous claims, in federal district court in California, involving alleged violations of Los Angeles rent ordinances. Ms. Sharton successfully argued the motion to dismiss in federal court on behalf of all the bank defendants. 

    Representative Internal Investigations

    • A private company in an internal investigation related to potential fraud allegations related to FDA certifications.
    • A board of trustees for registered mutual funds in an internal investigation related to alleged misconduct by advisor personnel in connection with trading timing.
    • The Japanese subsidiary of a public company in an internal investigation involving a revenue recognition issue.
    • The Somaly Mam Foundation Board of Directors in an internal investigation regarding the background of an international sex-trafficking activist.

    Includes matters handled at Dechert or prior to joining the firm.

  •  

    • U.S. Regulatory Update by Dechert LLP — EFAMA, Webinar (December 12, 2022)
    • WSJ Pro Cybersecurity Forum: Aligning with New Business Strategies - Speaker (June 1, 2022)
    • The Digital Transformation of Customer Experience – Fintech Nexus USA, New York (May 25, 2022)
    • The Digital Transformation of Customer Experience - Moderator, LendIt Fintech Conference (May 2022)
    • A Discussion on Developments in Privacy and Cybersecurity Law with Experts from Both Sides of the Border - Speaker, John Hancock Global Law Conference Privacy Break-Out Session Webinar (May 2022)
    • The Intersection of Cybersecurity, Data Privacy and Cyber Risk Management in M&A Transactions - Speaker, ABA Panel (January 2022)
    • Cybersecurity and Privacy - Virtual California Investment Management Symposium, Dechert LLP, Webinar (October 27, 2021)
    • Ransoms (Part 1): What are the Threats? - Speaker, Kayo Podcast (September 2021)
    • Cybersecurity - Speaker, Dechert's Sovereign Counsel Series (April 2021)
    • Hot Topics In Cybersecurity: “Not ‘If,’ But ‘When’” - Practical Tips to Reduce Risk - Speaker, Dechert's Q2 Directors' Forum Panel (April 2021)
    • What Keeps You Up at Night?  What Every Asset Manager Needs to Know About Cybersecurity - Speaker, Dechert's Mutual Funds Virtual Conference (March 2021)
    • Not a Question of if, a Question of When: Reducing Cybersecurity Risk in Private Equity Transactions - Speaker, Kayo Podcast (March 2021)
    • Committed Capital | Managing Cybersecurity Risk in Private Equity Transactions: Investing in the Modern Age - Speaker, Dechert Podcast (February 2021)
    • Understanding the Impact of Brazil's New Data Protection Laws and Agency - Speaker, Dechert Webinar (February 2021)
    • Coffee Break Compliance Broadcast Series | Episode Ten: A Conversation With The Experts - Hot Topics in Privacy & Cybersecurity - Speaker, Dechert Podcast (January 2021)
    • Hot Topics In Cybersecurity: “Not ‘If,’ But ‘When’” - What Keeps In-House Counsel Up At Night - Speaker, Greater Philadelphia's Association of Corporate Counsel Webinar (January 2021)
    • MassChallenge Innovation Summit: Securing the Future of Work - Moderator, MassChallenge, Israel (June 2020)
    • Cybersecurity + COVID-19 - Goodwin Webinar (April 2020)
    • Advising Boards of Directors About Cyberattacks and Incident Response - Speaker, Boston Bar Association Privacy and Cybersecurity Conference (2019)
    • Unlocking the Value of Data in MedTech: Protect Your IP, Protect Your Business: Cybersecurity Deep Dive - Goodwin Webinar (2019)
    • How to Anticipate, Investigate & Litigate a Data Breach in 2019 - Moderator, Consero Financial Services Litigation Forum (2019)
    • Privacy + Cybersecurity Readiness: What every real estate company needs to know - Goodwin Webinar (2019)
    • Digital Technology and the Law: Big Data, Cybersecurity and other Hot Spots - MIT Course, Guest Lecturer (2019)
    • Cyber Liability Decoded - Massachusetts Bankers Association Webinar (2019)
    • Privacy & Cybersecurity Legal Overview and Trends - Federal Reserve Bank of Boston Cyber-Threat Interest Group Meeting (2018)
    • Challenges in Innovation – Navigating the Uncertain Terrain - Goodwin’s Annual Banking Symposium (2017)
    • Cybersecurity and Incident Response: Managing the Issues - New York Bankers Association’s Financial Services Forum (2017)
    • How Will Trump’s Administration Affect the Financial Services Industry? - Goodwin (2017)
    • Data Breach & Privacy Litigation: Mitigating Enterprise Risk - Consero Financial Services Litigation Forum (2017)
    • The Privacy Shield: What Does it Mean for Your Business? - Webinar, Moderator (2016)
    • “I’m Negotiating with K-Mart!” and Other Truisms Dealing with Ransomware Hackers - IAPP's Privacy. Security. Risk. Conference (2016)
    • Examine the Interplay of Cybersecurity and Patent Law to Strengthen Patent Innovation - The 13th Annual Patents for Financial Services Summit  (2016)
    • Hear From the Judges: Best Practices to Navigate the First Circuit Court of Appeals - Boston Bar Association (2016)
    • Ch-Ch-Ch-Changes...A 20-year Privacy Law Veteran Discusses Notable Trends and Their Implications - IAPP Global Privacy Summit (2016)
    • Seven Things You Should Know About Arbitration Clauses - Marcus Evans Chief Litigation Summit & IP Law Summit (2016)
    • Privacy and Cybersecurity Litigation: What You Need to Know - Consero Financial Services Litigation Forum (2016)
    • Cybersecurity Issues - Northeast Human Resources Association (NEHRA) FE Dinner (2016)
    • Massachusetts Supreme Judicial Court, Honorable Joseph R. Nolan