Data is igniting a global, technological revolution. Increased collection, use, storage, and transfer of data has shifted the paradigm of innovation – and created a global security problem. Fortune
500 companies with large quantities of data, cities with vulnerable infrastructure, and every institution in between must manage that risk, without encumbering progress or technological advancement. To do so, they turn to Aravind Swaminathan, Global Co-chair of Orrick’s internationally recognized Cyber, Privacy & Data Innovation team. Aravind is one of four lawyers ranked nationally by Chambers USA
(Band 2) in the category of Privacy and Cybersecurity Litigation, which described him as "extremely skilled in the field of cybersecurity[.] He's always well prepared and consistently has the answer [clients] need."
As a strategic cybersecurity advisor, Aravind partners with clients to proactively plan for a crisis and develop strategies to improve resiliency, respond efficiently and effectively, protect their business and brand, and defend them in the onslaught of litigation and enforcement actions that follow. He guides organizations from large public company financial institutions to start-up technology companies to critical infrastructure providers through incidents, and develops business- and brand-centric strategies to mitigate and manage risk. He has directed more than 200 cybersecurity incident and data breach investigations, including enterprise-wide network intrusions to cyberattacks with national security implications. With extensive trial, litigation and appellate experience, he also defends his clients when cyber, privacy, and payments issues lead to regulatory investigations by the SEC, DOJ, FTC, and State Attorneys General and other civil litigation, including securities and consumer class action litigation and shareholder derivative suits.
Aravind’s background as an Assistant United States Attorney and Computer Hacking and Intellectual Property Section attorney gives him first-hand understanding of federal agencies that allows him to swiftly navigate the system, partner with investigators and find creative solutions for his clients. As a federal cybercrime prosecutor, Aravind investigated and prosecuted a broad array of cybercrime cases, including hacking, phishing, trade secrets theft, click fraud, cyber threats, and identity theft. Aravind also led the cybercrime outreach program, where he worked with members of the Department of Justice, state and federal regulators, law enforcement and other organizations on cybersecurity and related privacy issues.
Aravind is a sought-after speaker by Boards of Directors and industry professionals on cybersecurity issues, including threat landscapes, incident response plans, compliance, and brand/reputational risk management.
This post was drafted with contribution from Annie Prasad, law clerk.
The Supreme Court has made federal contracting more treacherous by extending the reach of False Claims Act (“FCA”) liability. While the decision related to FCA liability for misrepresentations related to staffing levels, the case may provide a roadmap for federal officials looking to trigger FCA claims against contractors who are noncompliant with federal labor laws enforced by the Department of Labor. Specifically, those at risk of debarment or cancellation of contracts due to noncompliance with Executive Order 11246 or the proposed Fair Pay and Safe Workplaces Executive Order may be at risk of more serious penalties.
With the rise of the cybersecurity whistleblower, there is a growing trend of whistleblower-initiated regulatory investigations. In this Law360 article, Orrick attorneys Renee Phillips, Aravind Swaminathan, and Shea Leitch examine the DOJ’s investigation, prompted by a cybersecurity whistleblower, into whether Tiversa Holding Corp. provided false information to the Federal Trade Commission about data breaches at companies that declined to purchase its data protection services. The article discusses what companies can do to protect themselves against this growing risk.
On December 3, the Second Circuit Court of Appeals became the most recent entrant into the circuit conflict on the question of when and under what circumstances an employee’s use of a computer to gain access to unauthorized information constitutes a violation of the Computer Fraud and Abuse Act. Over a dissent, the Court held that an employee cannot be convicted of violating the CFAA when he uses a database, to which he has been granted access, in a manner that is prohibited by company policy. With the Second Circuit joining the Fourth and Ninth Circuits in the minority on the issue, the answer continues to turn on the jurisdiction in which the suit was brought. Employers should take note because the decision reinforces the need to consider carefully whether and how to limit employee access to sensitive company information within its network—e.g., by use of written policy or technical access restrictions—and how those protections will play out in court if an employee takes company information for use in future employment.