Kari M. Rollins is a partner in the Intellectual Property Practice Group and an Office Managing Partner of the New York office.
Areas of Practice
Kari focuses on data privacy and data security, and complex commercial litigation matters. She has successfully represented clients in the financial services, audit and accounting, retail and fashion, food services, hospitality, manufacturing, and technology industries before state and federal courts, as well as in front of state attorneys general, federal regulators, and U.S. and international commercial arbitration forums.
Kari serves as a trusted advisor to her clients, bringing a focused, strategic approach to complex litigation and data security matters alike. Her clients praise her ability to efficiently and effectively manage complex matters with multiple moving pieces, and to concisely and persuasively communicate the core issues of her clients’ cases to judges, regulators, and opposing counsel. These traits have enabled Kari to successfully argue critical motions, procure dismissals, and achieve successful resolutions for her clients in the context of complex commercial litigation, as well as effectively managing high-intensity incident response matters and regulatory inquiries arising from data privacy and security issues.
As it relates to her data security practice, Kari offers her clients the continuity of effective assistance during all three critical stages of the data security lifecycle: (1) cybersecurity preparedness (the before); (2) data breach investigation and response (the during); and (3) data breach litigation and regulatory enforcement (the after). As part of cybersecurity preparedness, Kari assists clients in crafting their existing security and compliance practices in the context of the ever-changing data security regulations so they are as well positioned as possible in the event of the inevitable data incident or inquiry. When a data incident occurs, Kari draws on her significant litigation and internal investigation experience to manage and direct all aspects of incident response for her clients—from directing forensic investigators, to liaising with insurance counsel, to determining whether the facts of the incident give rise to a duty to notify, to overseeing notification to consumers and regulatory bodies, and to assisting with communications to Boards and responding to media inquiries. Finally, post-breach, in the event litigation or regulatory inquiries ensue, Kari draws on her significant litigation experience to offer clients strategic assistance in defending against complex data privacy litigation and/or regulatory inquiries from state and/or federal regulators.
Recognizing her effective assistance in the area of data security, Kari was named to Cybersecurity Docket’s 2019 Incident Response 30, which recognizes 30 of the best and brightest data breach response lawyers in the business who are key players in the most significant data breach responses worldwide. Global Data Review also named Kari to its first annual “40 under 40” list in 2018, praising her as one of the top 40 practitioners in data privacy globally under the age of 40. Kari is also a partner in the Privacy and Cybersecurity team of Sheppard Mullin, which was recognized as a “2018 Practice Group of the Year” by Law360.
Kari is invited annually to give numerous speeches and seminars on data privacy and data breaches by organizations across the country, and regularly writes articles and blog posts on emerging trends and topics in data privacy. Notably, Kari wrote a chapter on cybersecurity standards and data breach response in Volume III of The US Privacy Equity Fund Compliance Guide published by Privacy Equity International, and currently sits on the Drafting Committee of the Sedona Conference WG11 on Data Security and Privacy Liability, which is responsible for drafting and publishing the Sedona Conference WG11 Incident Response Guide, a practitioners guide to navigating the law and issues relating to preparing for, managing, and responding to data breaches. Recently, Kari brought her experience to the classroom as an adjunct law professor at DePaul University’s College of Law in Chicago, teaching a course on data breach law.