Brenda R. Sharton

Representative Data Breach Investigations

• A global public Silicon Valley customer management software company in connection with data security breach where millions of customer credentials had been exposed.
• A global information security company in connection with a nation state threat actor.
• Negotiated ransom on behalf of an information security company in connection with cyberextortion by organized crime syndicate using RaaS. 
• A health management company in data breach regarding disclosure of patient health and medical information and in HHS/OCR investigation.
• A developer of a push-to-talk app in a data breach that compromised data of its 140 million users.
• A global technology/social media company in connection with counseling on compliance with an FTC order and privacy program.
• A Chinese bitcoin mining company in connection with a global data breach in which US$500 million of bitcoin was stolen.
• A public biotech company in connection with nation state attack and cybersecurity management around sensitive drug development matters.
• A subscription-based business information database company on data breach affecting over 100 million database records from around the globe.
• A Silicon Valley-based healthcare company in a breach affecting millions of patient records and defense of HHS/OCR enforcement action in a case that had the highest ransom the FBI had seen to date.
• A public technology company specializing in 3D printing in a sophisticated global ransomware attack.
• European and Asian law enforcement in negotiating and coordinating multi-million-dollar ransom.
• A public software company in connection with cyberattack by a nation state.
• A public education software company regarding a cyberattack by a nation state that affected student data and state AG, FTC and SEC Cybersecurity Division actions.
• A European health care app with over 100 million users in a data breach and defense of FTC action regarding its privacy practices.
• A global public bioscience company based in Hong Kong regarding a cyberattack that defrauded the company of millions of dollars.
• A cloud services and identity management company on a data breach in which an unauthorized user gained access to the company’s U.S. database, potentially accessing passwords and credentials for thousands of the company’s corporate customers. This matter remains one of the most significant recent data breaches in the tech and cloud services community. Also defended the company in an FTC enforcement action.
• A healthcare payment platform in connection with a highly sophisticated attack on its system that resulted in the theft of over US$10 million in customer funds.
• A global financial services provider on a Microsoft Office 365 email intrusion that led to the exposure of thousands of health insurance records, including information protected under HIPAA; as well as the defense of HHS/OCR and day-to-day counseling on privacy/cybersecurity issues.
• A global biotech company on a breach involving the release of employee W-2 forms via a phishing scam. Also represented the company in a putative class action arising from the breach and defended the New York Attorney General’s action.
• The One Fund Boston, a charity created to provide financial assistance to survivors and families of those killed in the Boston Marathon bombings, in creating a complete privacy program and policies for employees, volunteers and collaborating parties of the charity, which was created on a pro bono basis.

Representative Data Breach/Privacy Litigation

• A health management company in two purported class action lawsuits regarding disclosure of patient information following a 2020 data breach.
• Representation of Easy Healthcare/Premom App. in a favorable settlement with the FTC in July, 2023 alleging violations of section 5 of the FTC Act and the Health Breach Notification Rule (one of the first brought by the FTC).
• Representation of Easy Healthcare and favorable settlement for Premom fertility tracking app in consumer class action in N.D. Illinois alleging violations of its privacy policies in the sharing of user data.
• Representation of Flo Health, Inc. world’s leading women’s health app in the defense of numerous class actions pending in federal court in California, Canada (British Columbia, Quebec and Ontario), as well as in Israel and Portugal alleging that the sharing of user data with analytics companies violated privacy policy and CIMA, among other claims.
• Representation of Prisma Labs, Inc., the maker of the Lensa AI app (No. 1 on the Apple store in December, 2022), in dismissal of consumer class action alleging violation of the Illinois Biometric Information Privacy Act (“BIPA") in N.D. CA in favor of arbitration.
• Representation of Prisma Labs, Inc., the maker of the Lensa AI app, in connection with the defense of a purported consumer class action filed in the N.D. Illinois alleging claims under BIPA.
• Representation of Flo Health, Inc. in connection with the successful settlement with the FTC in June 2021. 
• Representation of Cano Health, Inc. in connection with the successful settlement of two purported class actions pending in state court in Miami-Dade county in Florida following an Office 365 cyberattack. 
• Macy’s Inc. in federal court against purported class action claims arising out of 2019 data breach.
• Taconic Biosciences, Inc. in a putative class action in NY state court arising theft of employee information following phishing scam.
• People’s United Bank in a summary judgment victory in a landmark case, which involved an alleged breach of the bank’s online security system through keylogging malware. One of the first cases of its kind to be decided by an appellate court and named a “national case to watch” by the American Banker, the dispute was resolved after the First Circuit reversed in part and remanded the district court’s decision.
• Wellpoint Inc./Anthem in an Office of Civil Rights (HHS Division) investigation involving alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). At the time, the settlement was one of only 12 OCR settlements nationwide.
• Online video and media service providers in class action litigations filed nationwide challenging the alleged use of local shared objects, also known as “flash cookies.”
• Numerous companies in privacy-related government investigations and enforcement actions brought by states attorneys general, the FTC, HHS and the Office of Civil Rights, among others.
• Numerous public companies in hundreds of data security breaches, including global investigations and the handling one of the first major data breaches for a public company in 2002.
• Numerous companies in TCPA litigation.

Representative Artificial Intelligence/Machine Learning Matters

• The world’s leading health application with over 300 million downloads, in eight federal class actions, an Israeli class action, a Portugal class action, three Canadian class actions, a Congressional Oversight Committee investigation and an FTC investigation—all alleging that the company’s AI product, which predicts female fertility and ovulation, violates user privacy.
• Holistic, comprehensive advice to global provider of financial digital products and services on AI for innovative consumer products and services. The scope of work includes providing recommendations for identifying and mitigating the risk of algorithmic bias in data sets, AI/ML processes and recommendations to target audiences. Our representation includes preparing appropriate user privacy disclosures and formulating risk-based solutions and arguments in light of applicable U.S. and European laws and “gray areas.”
• A global fintech company on implementing AI-driven biometric AI for consumer service.
• A healthcare technology start-up that uses AI for its core products in a federal regulatory investigation, three state attorneys general actions, and an Illinois class action.
• The most downloaded AI photo editing software company in multiple class actions concerning its alleged collection and use of biometrics.
• A global health app on AI-driven dynamic pricing.
• A global financial software company on ethical use of AI under U.S. and EU law and industry requirements.

Representative Business Litigation

• Minority shareholders of Diversified Communications, Inc. in a post-closing dispute related to the buyout of shares following the divestiture of the company’s electronic health records division.
• Hill Holliday Connors, Inc./Erwin-Penland, Inc. in winning a summary judgment in a case involving claims of trade secret misappropriation and breach of contract/fiduciary duty, as well as the rights to a national advertising campaign utilized by a Fortune 50 company. The case, in federal district court in South Carolina and with damages claimed of nearly US$100 million, was appealed to the Fourth Circuit, which affirmed summary judgment for the client.
• A public company in an arbitration involving trade secret and breach of acquisition agreement with another public company related to the right to do business in 21 states.
• New Balance, Inc./Warrior Lacrosse in the successful resolution of claims pending in federal district court in Michigan, for theft of trade secrets involving the hockey line, after successfully defeating an initial injunction motion.
• Zmags North America in a trial in federal court in Ohio after cross-examination of opposing party's CEO. Claims involved the alleged theft of the entire customer data base by a former employee.
• Numerous companies in successful resolutions to civil claims related to the Bernard L. Madoff Securities fraud.

Representative Financial Services Litigation

• Cape Cod Five Cents Savings Bank in a winning summary judgment in trust litigation brought against the bank as trustee of an estate in multi-year litigation alleging breaches of fiduciary duty, breach of contract, 93A, violation of the Mass Uniform Trust Act and tort claims, among others.
• Citizens Bank in a winning motion to dismiss in federal court and in First Circuit Court of Appeals for in the defense of a putative class action arising from their overdraft fee program in a case. This case garnered the attention of legal news outlets, including as the leading story in Law360 on two different occasions.
• Southern Sun Asset Management in an arbitration award against claims brought by an international third-party marketing firm with claims of almost US$100 million. The arbitration award was challenged and successfully defended in federal court in Alabama.
• A Fortune 100 public financial institution in the successful resolution of a case in federal court in New York against for breach of fiduciary and financial fraud claims following its acquisition of a financial services company and the infusion of US$2 billion into that institution.
• A major public mutual fund company in the successful defense of in connection with SEC and FDIC investigations that resulted in no charges for the company.
• A Fortune 50 company in the successful negotiation and resolution of a consumer financial services class action case, pending in Ohio state court for more than 10 years.
• A Fortune 100 financial institution in a successful defense in a class action case in both state court and Ohio appeals court alleging pregnancy discrimination in mortgage lending practices. The case was settled favorably for our client.
• Massachusetts Bankers Association and other state banking associations for over a decade relating to litigation issues affecting banks.
• People’s United Bank in the successful dismissal of a putative class action complaint in state court in Connecticut, involving the bank’s overdraft fee program. Secured one of the few dismissals among the hundreds of overdraft cases that have been filed against banks across the country.
• East Cambridge Savings Bank in the successful dismissal of a complaint in its entirety with prejudice in a suit filed in Middlesex Superior Court arising out of a loan default. The Massachusetts Appeals Court affirmed the judgment in our client's favor.
• State Street Global Advisors in the successful dismissal of a complaint filed in Massachusetts Superior Court seeking recovery of losses during broad stock market decline. Successfully defended the dismissal in the Massachusetts Appeals Court.
• State Street Global Advisors in winning a summary judgment of a complaint alleging breach of fiduciary duty and breach of contract; claims dismissed as time barred under three-year statute of limitations. Summary judgment affirmed by the Massachusetts Appeals Court.
• Massachusetts Bankers Association and group of banks in winning a summary judgment in Massachusetts federal district court in a constitutional challenge to Massachusetts statutes that restricted how banks could sell insurance. First Circuit Court of Appeals dismissed the petition to vacate.
• Multiple banks, including BNY Mellon and HSBC, in the dismissal of numerous claims, in federal district court in California, involving alleged violations of Los Angeles rent ordinances. Ms. Sharton successfully argued the motion to dismiss in federal court on behalf of all the bank defendants. 

Representative Internal Investigations

• A private company in an internal investigation related to potential fraud allegations related to FDA certifications.
• A board of trustees for registered mutual funds in an internal investigation related to alleged misconduct by advisor personnel in connection with trading timing.
• The Japanese subsidiary of a public company in an internal investigation involving a revenue recognition issue.
• The Somaly Mam Foundation Board of Directors in an internal investigation regarding the background of an international sex-trafficking activist.

Includes matters handled at Dechert or prior to joining the firm.

• U.S. Regulatory Update by Dechert LLP — EFAMA, Webinar (December 12, 2022)
  
• WSJ Pro Cybersecurity Forum: Aligning with New Business Strategies - Speaker (June 1, 2022)
• The Digital Transformation of Customer Experience – Fintech Nexus USA, New York (May 25, 2022)
• The Digital Transformation of Customer Experience - Moderator, LendIt Fintech Conference (May 2022)
• A Discussion on Developments in Privacy and Cybersecurity Law with Experts from Both Sides of the Border - Speaker, John Hancock Global Law Conference Privacy Break-Out Session Webinar (May 2022)
• The Intersection of Cybersecurity, Data Privacy and Cyber Risk Management in M&A Transactions - Speaker, ABA Panel (January 2022)
  
• Cybersecurity and Privacy - Virtual California Investment Management Symposium, Dechert LLP, Webinar (October 27, 2021)
  
• Ransoms (Part 1): What are the Threats? - Speaker, Kayo Podcast (September 2021)
  
• Cybersecurity - Speaker, Dechert's Sovereign Counsel Series (April 2021)
• Hot Topics In Cybersecurity: “Not ‘If,’ But ‘When’” - Practical Tips to Reduce Risk - Speaker, Dechert's Q2 Directors' Forum Panel (April 2021)
• What Keeps You Up at Night?  What Every Asset Manager Needs to Know About Cybersecurity - Speaker, Dechert's Mutual Funds Virtual Conference (March 2021)
• Not a Question of if, a Question of When: Reducing Cybersecurity Risk in Private Equity Transactions - Speaker, Kayo Podcast (March 2021)
• Committed Capital | Managing Cybersecurity Risk in Private Equity Transactions: Investing in the Modern Age - Speaker, Dechert Podcast (February 2021)
• Understanding the Impact of Brazil's New Data Protection Laws and Agency - Speaker, Dechert Webinar (February 2021)
• Coffee Break Compliance Broadcast Series | Episode Ten: A Conversation With The Experts - Hot Topics in Privacy & Cybersecurity - Speaker, Dechert Podcast (January 2021)
• Hot Topics In Cybersecurity: “Not ‘If,’ But ‘When’” - What Keeps In-House Counsel Up At Night - Speaker, Greater Philadelphia's Association of Corporate Counsel Webinar (January 2021)
• MassChallenge Innovation Summit: Securing the Future of Work - Moderator, MassChallenge, Israel (June 2020)
• Cybersecurity + COVID-19 - Goodwin Webinar (April 2020)
• Advising Boards of Directors About Cyberattacks and Incident Response - Speaker, Boston Bar Association Privacy and Cybersecurity Conference (2019)
• Unlocking the Value of Data in MedTech: Protect Your IP, Protect Your Business: Cybersecurity Deep Dive - Goodwin Webinar (2019)
• How to Anticipate, Investigate & Litigate a Data Breach in 2019 - Moderator, Consero Financial Services Litigation Forum (2019)
• Privacy + Cybersecurity Readiness: What every real estate company needs to know - Goodwin Webinar (2019)
• Digital Technology and the Law: Big Data, Cybersecurity and other Hot Spots - MIT Course, Guest Lecturer (2019)
• Cyber Liability Decoded - Massachusetts Bankers Association Webinar (2019)
• Privacy & Cybersecurity Legal Overview and Trends - Federal Reserve Bank of Boston Cyber-Threat Interest Group Meeting (2018)
• Challenges in Innovation – Navigating the Uncertain Terrain - Goodwin’s Annual Banking Symposium (2017)
• Cybersecurity and Incident Response: Managing the Issues - New York Bankers Association’s Financial Services Forum (2017)
• How Will Trump’s Administration Affect the Financial Services Industry? - Goodwin (2017)
• Data Breach & Privacy Litigation: Mitigating Enterprise Risk - Consero Financial Services Litigation Forum (2017)
• The Privacy Shield: What Does it Mean for Your Business? - Webinar, Moderator (2016)
• “I’m Negotiating with K-Mart!” and Other Truisms Dealing with Ransomware Hackers - IAPP's Privacy. Security. Risk. Conference (2016)
• Examine the Interplay of Cybersecurity and Patent Law to Strengthen Patent Innovation - The 13th Annual Patents for Financial Services Summit  (2016)
• Hear From the Judges: Best Practices to Navigate the First Circuit Court of Appeals - Boston Bar Association (2016)
• Ch-Ch-Ch-Changes...A 20-year Privacy Law Veteran Discusses Notable Trends and Their Implications - IAPP Global Privacy Summit (2016)
• Seven Things You Should Know About Arbitration Clauses - Marcus Evans Chief Litigation Summit & IP Law Summit (2016)
• Privacy and Cybersecurity Litigation: What You Need to Know - Consero Financial Services Litigation Forum (2016)
• Cybersecurity Issues - Northeast Human Resources Association (NEHRA) FE Dinner (2016)

• Nine Cybersecurity Resolutions for 2025 - Cybersecurity Law Report (January 22, 2025)
• Artificial intelligence litigation in the crystal ball for 2025 - Reuters (January 7, 2025) 
  
• Leadership Profile (Page 10) - Profiles in Diversity Journal (2024 Fourth Quarter Issue)
• Lawyers navigate novel AI legal battles - Financial Times (December 9, 2024)
• Practitioners: ten types of legal pioneer - Financial Times (December 9, 2024)
• Cyber Threats to Make Trump Balance Security, Deregulation (1) - Bloomberg Law (November 26, 2024)
• MVP: Dechert's Brenda Sharton - Law360 (October 10, 2024)
  
• Brantley et al. v. Prisma Labs, Inc. - Global Legal Chronicle (August 31, 2024)
  
• Law360's Legal Lions Of The Week - Law360 (August 9, 2024)
• Lensa AI App Creator Shakes Ill. Biometric Privacy Suit - Law360 (August 6, 2024)
• Prisma Labs Skirts BIPA Suit Over Training of Its AI Photo App - Bloomberg Law (August 6, 2024)
• US-EU Plan On AI Illustrates Differing Opinions On Regulation - Law360 (August 2, 2023)
  
• Your Company’s Data Is for Sale on the Dark Web. Should You Buy It Back? - Harvard Business Review (January 2023)
  
• FDA Medical Device Cyber Guidance Protects Patients, Cos. - Law360 (June 2022)
  
• SEC proposes 4-day breach reporting rule - Media Mention, Global Data Review (April 2022)
  
• Congress Seizes On Incident Reports In Fighting Cyberattacks - Media Mention, Law360 (March 2022)
  
• Cybersecurity Resolutions for 2022 - Media Mention, Cybersecurity Law Report (January 2022)
  
• FTC threatens enforcement on firms lax about Log4j vulnerability - Media Mention, Cybersecurity Dive (January 2022)
  
• Sinclair Broadcast Investigates a Ransomware Attack. The Stock Is Dropping - Barron's (October 2021)
  
• As Cyberthreats Mount, Advisors Have a Target on Their Backs - Media Mention, Barron's (September 2021)
  
• 10 Steps Companies Can Take to Reduce Cybersecurity Risk - IsraelDesks (June 2021)
• Seven Steps Companies Can Take to Reduce Risk in a Ransomware Attack - Inside Story (June 2021)
  
• ‘Hackers Love a Good Crisis’: Dechert’s Brenda Sharton on the Rise in Cybersecurity Threats and Ransom Demands - AmLaw Litigation Daily (May 2021)
  
• Ransomware Attacks Are Spiking. Is Your Company Prepared? - Harvard Business Review (May 2021)
  
• Expect Increased Scrutiny of 401(k) Cybersecurity: Lawyers - Media Mention, Ignites (May 2021)
• Biden's Cybersecurity Order Likely To Reach Beyond Gov't - Media Mention, Law360 (May 2021)
  
• Gov't May Lean On Private Sector To Stop Next Critical Hack - Media Mention, Law360 (May 2021)
  
• Data 'Scraping' Episodes Don't Fall Neatly Into Breach Laws - Media Mention, Law360 (April 2021)
  
• With Rising 401(k) Theft, DOL Issues Cybersecurity Guidance - Media Mention, Ignites (April 2021)
  
• 5th Circ. Creates Roadblocks For New HHS Privacy Enforcers - Media Mention, Law360 (February 2021)
  
• Cybersecurity And Privacy Policy To Watch In 2021 - Media Mention, Law360 (January 2021)
• How Will the Biden Administration’s Approach to Cybersecurity Impact the Private Sector? - Media Mention, Cybersecurity Law Report (December 2020)
  
• Macy’s Ducks Suit Over 2019 Data Breach - Media Mention, Law360 (November 2020)
• Macy’s Dodges Customer’s Proposed Data Breach Class Action - Media Mention, Bloomberg Law (November 2020)
• Biden Term Could Spell Sanctions, Boost Data Transfer Deal - Media Mention, Law360 (November 2020)
• Macy’s Escapes Liability in Data Breach Suit  - Media Mention, Law Street (November 2020)
• Preventing Insider Threats to Cybersecurity - Co-authored with John Ansbach of Stroz Friedberg, Risk Management (September 2020)
• Employees Present Cos.' Biggest Cyber Risk During Pandemic - Media Mention, Law360 (August 2020)
• Cyberattack on Freddie Mac Vendor Highlights Supply Chain Vulnerabilities - Wall Street Journal (July 2020)
• How Organizations Can Ramp Up their Cybersecurity Efforts Right Now - Harvard Business Review (May 2020) 
• Will Coronavirus Lead to More Cyber Attacks? - Harvard Business Review (March 2020) 
• Key Issues in Computer Fraud and Abuse Act (CFAA) Civil Litigation - Practical Law (2018)
• The Legal Risks of Monitoring Employees Online - Harvard Business Review (2017)
• Equifax and Why It’s So Hard to Sue a Company for Losing Your Personal Information - Harvard Business Review (2017)
• Defend Trade Secrets Act Creates Federal Trade Secret Clause of Action With Enhanced Seizure Remedies; Employers Should Give Notice to All Employees Regarding DTSA Whistleblower Immunity - Goodwin Alert (2016)
• DHS and NIST Issue Internet of Things Cybersecurity Guidance - Goodwin Alert (2016)
• Whatsapp-Facebook Data Sharing Affects Scrutiny From EU Privacy Authorities - Goodwin Alert (2016)
• EU-US Privacy Shield Framework Formally Adopted - Goodwin Alert (2016)
• European Commission Releases Details of EU-US Privacy Shield - Goodwin Alert (2016)
• European Commission and United States Agree to New Framework for Transatlantic Data Flows - Goodwin Alert (2016)