Lisa M. Ropple has extensive experience, both as outside and in-house counsel, and on some of the largest, high-profile data breaches in history, helping companies effectively respond to, and minimize the impact of, significant cybersecurity incidents.
She handles all aspects of data breach incident investigation and response, including conducting privileged forensic investigations, coordinating and supporting internal incident response teams, engaging with law enforcement authorities, and advising senior management and boards of directors on notification and other legal obligations and risk mitigation strategies.
Lisa also defends clients against ensuing litigation and investigations by state and federal regulators, including the FTC, SEC, OCR/HHS, and state attorneys general. She represents clients across industries, including retail, health care, technology, and financial services.
More broadly, Lisa serves as head of litigation for the Firm’s Boston Office. She has nearly three decades of experience representing public and private companies in a wide range of complex litigation matters and government investigations, including contract and business disputes, unfair and deceptive practices claims, securities fraud, and DOJ, SEC, FTC, and state AG enforcement actions.
Before joining Jones Day, Lisa was in private practice for 22 years at an AmLaw 25 firm, where she was a litigation partner and a leading member of the firm’s data breach practice. She then was associate general counsel, vice president, at a Fortune 125 public company where she served as the global head of litigation and government investigations and oversaw the company’s response to significant cybersecurity incidents.
- Boston College (J.D. magna cum laude 1989; Order of the Coif; West Publishing Prize for class rank: 2d in class; Articles Editor, Boston College Law Review);
- Trinity College, Dublin, Ireland (Rotary International Scholar, 1985-1986);
- College of the Holy Cross (B.A. summa cum laude 1984; Phi Beta Kappa)
BAR ADMISSIONS : Massachusetts
- Represented The TJX Companies in investigating and responding to a significant criminal intrusion into its computer network and theft of consumer and payment card data announced in 2007, including negotiating a resolution of a multistate investigation by 41 state attorneys general.
- Represented Heartland Payment Systems in connection with a high-profile data breach, including successfully defending against an FTC investigation (no action was taken against the company).
- Represented third-party benefits provider in connection with extortion threats made by criminals who had stolen highly sensitive protected health information.
- Represented a retailer in all aspects of investigating and responding to a publicly disclosed criminal intrusion into certain point of sale systems. Successfully resolved without litigation related to federal and state regulatory investigations and payment card brand claims.
- Convinced state AG not to pursue threatened enforcement action for alleged consumer protection violations that had been reported in a prominent national newspaper.
- Successfully defended a financial services client in connection with market timing/late trading investigations by DOJ and SEC.
- Defended high-technology company against securities fraud class action lawsuit in first case under the PSLRA litigated in the First Circuit, obtaining dismissal of the case (affirmed on appeal).
Rate : $$$