Lisa M.Ropple

Partner

(T) 1.617.449.6955

Lisa Ropple is a leading data breach lawyer. She has extensive experience advising companies across many industries on all aspects of cyber/data incident response and has represented clients in connection with some of the largest, highest profile data breaches in history. Applying her experience leading breach response both as outside counsel and as in-house counsel, Lisa brings a pragmatic, strategic approach to helping companies effectively respond to incidents while also minimizing downstream legal risk.

Lisa handles all aspects of data breach incident investigation and response, including directing privileged forensic investigations, coordinating and supporting internal incident response teams, engaging with law enforcement authorities, and advising senior management and boards of directors on response and risk mitigation strategies. She also defends clients against ensuing investigations by state and federal regulators, including the FTC, SEC, OCR/HHS, and state attorneys general.

In addition, Lisa serves as head of litigation for the Firm's Boston Office. She has three decades of experience representing public and private companies in a wide range of complex litigation matters and government investigations, including contract and business disputes, unfair and deceptive practices claims, and DOJ, SEC, FTC, and state AG enforcement actions.

Before joining Jones Day, Lisa was in private practice for 22 years at an AmLaw 25 firm, where she was a litigation partner, a leading member of the firm's data breach practice, and served as co-chair of the litigation department. She also spent five years as associate general counsel, vice president at a Fortune 125 public company, where she served as the global head of litigation and government investigations and oversaw the company's response to significant cybersecurity incidents.

Experience

  • Fortune 500 manufacturing company investigates cyberattacks targeting payment card data on eCommerce siteJones Day directed the investigation into cyberattacks targeting payment card data on an eCommerce site of a Fortune 500 company's recently-acquired subsidiary.
  • Fortune 500 public company advised on data security and privacy regulatory compliance issuesJones Day is advising a Fortune 500 public company on data security and privacy regulatory compliance issues, including written information security program (WISP) and incident response plan.
  • Large multinational company seeks cybersecurity adviceJones Day is advising a multinational company with regard to developing its cyber incident response plan.
  • Technology company seeks advice on fraudulent online recruiting scamsJones Day advised a technology company regarding fraudulent online recruiting scams.
  • Transportation company investigates potential computer hack of customer dataJones Day led an investigation into a potential criminal intrusion into the network of a transportation company's customer data, provided advice regarding data breach notification laws, and represented the company in responding to an inquiry by the New York Department of Financial Services.
  • Technology company seeks advice regarding ransomware attackJones Day advised a technology company suffering a ransomware attack, including analyzing potential reporting obligations under GDPR and U.S. law.
  • The following are representative examples of experience acquired prior to joining Jones Day.

    Represented The TJX Companies in investigating and responding to a significant criminal intrusion into its computer network and theft of consumer and payment card data announced in 2007, including negotiating a resolution of a multistate investigation by 41 state attorneys general.

    Represented Heartland Payment Systems in connection with a high-profile data breach, including successfully defending against an FTC investigation (no action was taken against the company).

    Represented a prominent teaching hospital against enforcement action by OCR relating to an employee's highly publicized loss of sensitive protected health information. Successfully negotiated a novel resolution agreement and corrective action plan.

    Represented third-party benefits provider in connection with extortion threats made by criminals who had stolen highly sensitive protected health information.

    Represented a leading financial services company in connection with an employee's theft of credit card data.

    Represented a retailer in all aspects of investigating and responding to a publicly disclosed criminal intrusion into certain point of sale systems. Successfully resolved without litigation related to federal and state regulatory investigations and payment card brand claims.

    Persuaded state AG's office to drop publicly announced enforcement action relating to claimed violation of consumer protection/unfair and deceptive trade practice laws. AG closed investigation and issued press release praising client.

    Convinced state AG not to pursue threatened enforcement action for alleged consumer protection violations that had been reported in a prominent national newspaper.

    Represented company and its private equity owner in a prominent accounting fraud enforcement action by DOJ and the SEC in which three senior executives plead guilty to securities fraud, but the company was not prosecuted.

    Successfully defended a financial services client in connection with market timing/late trading investigations by DOJ and SEC.

    Represented computer manufacturer in parallel litigation proceedings in the United States and Venezuela arising in connection with termination of a joint venture.

    Represented a manufacturer in federal court action against claims that it breached a contract and violated the Lanham Act by granting overlapping exclusive licenses to two licensees. Obtained summary judgment on counterclaim for royalties against plaintiff, and plaintiff thereafter withdrew its $20+ million claim.

    Defended high-technology company against securities fraud class action lawsuit in first case under the PSLRA litigated in the First Circuit, obtaining dismissal of the case (affirmed on appeal).

    In a case simultaneously litigated in three federal courts, obtained summary judgment for manufacturing client on the interpretation of a contractual indemnification provision contained in an asset purchase agreement governing environmental liability, which facilitated a highly favorable settlement.

    Speaking Engagements

    • June 17, 2019
      Building a Cybercrime Prosecution: Law Enforcement and Corporate Perspectives (with DOJ and FBI), MIT Applied Cybersecurity Professional Education Program
    • May 14, 2019
      Advising Boards of Directors About Cyberattacks and Incident Response, panelist, Boston Bar Association, Privacy and Cybersecurity Conference
    • April 25, 2019
      50 Points of Law – Civil Litigation: Major Developments & Traps for the Unwary, presenter, Massachusetts Continuing Legal Education Webinar
    • March 20, 2019
      Cybersecurity Litigation, presenter, Massachusetts Bar Association
    • March 8, 2019
      “You’ve been breached now what?”, Cyber Attack Simulation, moderator, Boston Conference on Cyber Security, sponsored by Boston College and the FBI
    • March 7, 2019
      Data Breach Response – The First 72 Hours, presenter, Jones Day CLE
    • March 6, 2019
      The Anatomy of a Cyber Attack, moderator, Third Annual Boston Conference on Cybersecurity, sponsored by Boston College and the FBI
    • October 17, 2018
      Jones Day Data Breach Class Actions: Rise in Data Breaches and Litigation; What you Can do to Prepare, and What to do if a Breach Occurs
    • October 17, 2018
      Jones Day Data Breach Class Actions--an interactive webex covering the rise in data breaches and resulting litigation, what you can do to prepare, and what to do if a breach occurs
    • August 30, 2018
      Cybersecurity Issues in Third Party Contracts
    • June 25, 2018
      Building a Cybercrime Prosecution: Law Enforcement and Corporate Perspectives (with DOJ and FBI), presenter, MIT Applied Cybersecurity Professional Education Program
    • May 2018
      Devil in the Details: Crafting an Effective Incident Response Plan, Boston Bar Association
    • March 7, 2018
      Preparing for Cyber Security Incidents, presenter, New England Corporate Counsel Association
    • March 7, 2018
      The Anatomy of a Cyber Attack, panelist, Second Annual Boston Conference on Cybersecurity, Boston College
    • January 24, 2018
      Jones Day's 2018 Speaker Series: Preparing for Cybersecurity Incidents - What to Expect and How to Reduce Impact
    • December 12, 2017
      Cybersecurity and the Courts: The New Litigation Paradigm, Association of Corporate Counsel Cybersecurity Summit
    • October 18, 2017
      Next Generation Cyber-threats, presentation to New England Legal Foundation Board of Directors
    • June 19, 2017
      Building a Cybercrime Prosecution: Law Enforcement and Corporate Perspectives, speaker, Massachusetts Institute of Technology Applied Cybersecurity Professional Education Program
    • June 16, 2017
      Cyber Security: Preparing, Preventing & Responding, Lawyer's Clearinghouse Cyber Security Overview for Nonprofits
    • May 4, 2017
      Notable Global Data Privacy and Cybersecurity Trends and Developments
    • April 10, 2017
      The Digital Criminal: Cyber Crime Trends and Enforcement with the U.S. Attorney's Cybercrime Unit
    • March 8, 2017
      Governance, Risk Management & Compliance, The First Boston Conference on Cybersecurity, speaker
    • March 7, 2017
      Building Resilient Organizations Through Cyber Wargaming - A Legal Perspective, speaker
    We use cookies to deliver our online services. Details of the cookies and other tracking technologies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you consent to our use of cookies.