Will Daugherty

Partner, Norton Rose Fulbright US LLP

Will Daugherty is a nationally recognized leader in data protection and privacy and is a partner in the Norton Rose Fulbright's data protection, privacy and cybersecurity group. Clients in a broad-range of industries turn to Will for his experience, practical solutions, and thought leadership on managing risks associated with data and technology, including assessing organizations' security postures; developing information security programs; privacy and cybersecurity training for boards, executives and employees; privacy compliance; incident response preparedness; and leading organizations through data security incidents.

Incident Response

Will has led organizations through hundreds of data security incidents, including many of the largest and most complex incidents in the world. Drawing on his prior experience in information technology, Will works closely with incident response teams and CISO's immediately after discovering a potential security incident to develop an effective strategy to understand what happened, contain and remediate the incident, address regulatory requirements, and build an effective communication strategy designed to preserve customer relationships and minimize the likelihood and consequences of regulatory investigations and litigation. In particular, Will is highly sought for his expertise in Payment Card Industry matters, including managing payment card incident investigations, minimizing fees and assessments from the card networks, and counselling on compliance with PCI DSS. Will also specializes in data security counselling of airlines, financial institutions, energy companies, retailers, hospitality and gaming companies, technology companies, and universities.

Disputes & Resolution

Leveraging his experience as a securities regulatory and class-action defense attorney, Will has led entities through investigations by the FTC, SEC, FINRA, US state attorneys general, EU supervisory authorities, and other international data protection regulatory authorities. When class actions arise in connection with data security incidents, Will is an integral part of the class-action defense team providing invaluable insight into the technical and strategic aspects of the incident and developing an efficient and effective defense.

Privacy & Cybersecurity Risk Advisory

Will has also worked with hundreds of organizations to create and enhance existing incident response plans and procedures. Will works with incident response teams, executives, and boards to conduct interactive workshops and tabletop exercises to educate and coach organizations on best-practices for handling incidents and improving incident response plans and procedures. With his unique mix of experience in information technology and privacy law, Will works closely with both legal and information technology departments to measure and enhance the organization's security posture, including working with internal and external teams to conduct risk assessments and penetration tests, prioritize security projects and mitigation controls, and continuously measure the organization privacy and security posture. He also advises clients on a wide range of privacy and data security issues, including issues arising under the Gramm-Leach-Bliley Act, the Electronic Communications Privacy Act, the Critical Infrastructure Protection Reliability Standards, FERPA, CISA, PCI-DSS, the FTC Act, state data protection laws, international data privacy laws, and self-regulatory rules.

A frequent speaker and writer on the privacy and data security issues, Will is known as a recognized leader in the field. Additionally, he has earned the designation of Certified Information Privacy Professional through the International Association of Privacy Professionals.