Lisa Ropple is a leading data breach lawyer. She has extensive experience advising companies across many industries on all aspects of cyber/data incident response and has represented clients in connection with some of the largest, highest profile data breaches in history. Applying her experience leading breach response both as outside counsel and as in-house counsel, Lisa brings a pragmatic, strategic approach to helping companies effectively respond to incidents while also minimizing downstream legal risk.
Lisa handles all aspects of data breach incident investigation and response, including directing privileged forensic investigations, coordinating and supporting internal incident response teams, engaging with law enforcement authorities, and advising senior management and boards of directors on response and risk mitigation strategies. She also defends clients against ensuing investigations by state and federal regulators, including the FTC, SEC, OCR/HHS, and state attorneys general.
In addition, Lisa serves as head of litigation for the Firm's Boston Office. She has three decades of experience representing public and private companies in a wide range of complex litigation matters and government investigations, including contract and business disputes, unfair and deceptive practices claims, and DOJ, SEC, FTC, and state AG enforcement actions.
Before joining Jones Day, Lisa was in private practice for 22 years at an AmLaw 25 firm, where she was a litigation partner, a leading member of the firm's data breach practice, and served as co-chair of the litigation department. She also spent five years as associate general counsel, vice president at a Fortune 125 public company, where she served as the global head of litigation and government investigations and oversaw the company's response to significant cybersecurity incidents.
The following are representative examples of experience acquired prior to joining Jones Day.
Represented The TJX Companies in investigating and responding to a significant criminal intrusion into its computer network and theft of consumer and payment card data announced in 2007, including negotiating a resolution of a multistate investigation by 41 state attorneys general.
Represented Heartland Payment Systems in connection with a high-profile data breach, including successfully defending against an FTC investigation (no action was taken against the company).
Represented a prominent teaching hospital against enforcement action by OCR relating to an employee's highly publicized loss of sensitive protected health information. Successfully negotiated a novel resolution agreement and corrective action plan.
Represented third-party benefits provider in connection with extortion threats made by criminals who had stolen highly sensitive protected health information.
Represented a leading financial services company in connection with an employee's theft of credit card data.
Represented a retailer in all aspects of investigating and responding to a publicly disclosed criminal intrusion into certain point of sale systems. Successfully resolved without litigation related to federal and state regulatory investigations and payment card brand claims.
Persuaded state AG's office to drop publicly announced enforcement action relating to claimed violation of consumer protection/unfair and deceptive trade practice laws. AG closed investigation and issued press release praising client.
Convinced state AG not to pursue threatened enforcement action for alleged consumer protection violations that had been reported in a prominent national newspaper.
Represented company and its private equity owner in a prominent accounting fraud enforcement action by DOJ and the SEC in which three senior executives plead guilty to securities fraud, but the company was not prosecuted.
Successfully defended a financial services client in connection with market timing/late trading investigations by DOJ and SEC.
Represented computer manufacturer in parallel litigation proceedings in the United States and Venezuela arising in connection with termination of a joint venture.
Represented a manufacturer in federal court action against claims that it breached a contract and violated the Lanham Act by granting overlapping exclusive licenses to two licensees. Obtained summary judgment on counterclaim for royalties against plaintiff, and plaintiff thereafter withdrew its $20+ million claim.
Defended high-technology company against securities fraud class action lawsuit in first case under the PSLRA litigated in the First Circuit, obtaining dismissal of the case (affirmed on appeal).
In a case simultaneously litigated in three federal courts, obtained summary judgment for manufacturing client on the interpretation of a contractual indemnification provision contained in an asset purchase agreement governing environmental liability, which facilitated a highly favorable settlement.
- January 2019
Quoted in Dumb Devices Smarten Up, Widening Data Security Enforcement Net, Privacy Law Watch (BNA)
- June 17, 2019
Building a Cybercrime Prosecution: Law Enforcement and Corporate Perspectives (with DOJ and FBI), MIT Applied Cybersecurity Professional Education Program
- May 14, 2019
Advising Boards of Directors About Cyberattacks and Incident Response, panelist, Boston Bar Association, Privacy and Cybersecurity Conference
- April 25, 2019
50 Points of Law – Civil Litigation: Major Developments & Traps for the Unwary, presenter, Massachusetts Continuing Legal Education Webinar
- March 20, 2019
Cybersecurity Litigation, presenter, Massachusetts Bar Association
- March 8, 2019
“You’ve been breached now what?”, Cyber Attack Simulation, moderator, Boston Conference on Cyber Security, sponsored by Boston College and the FBI
- March 7, 2019
Data Breach Response – The First 72 Hours, presenter, Jones Day CLE
- March 6, 2019
The Anatomy of a Cyber Attack, moderator, Third Annual Boston Conference on Cybersecurity, sponsored by Boston College and the FBI
- October 17, 2018
Jones Day Data Breach Class Actions: Rise in Data Breaches and Litigation; What you Can do to Prepare, and What to do if a Breach Occurs
- October 17, 2018
Jones Day Data Breach Class Actions--an interactive webex covering the rise in data breaches and resulting litigation, what you can do to prepare, and what to do if a breach occurs
- August 30, 2018
Cybersecurity Issues in Third Party Contracts
- June 25, 2018
Building a Cybercrime Prosecution: Law Enforcement and Corporate Perspectives (with DOJ and FBI), presenter, MIT Applied Cybersecurity Professional Education Program
- May 2018
Devil in the Details: Crafting an Effective Incident Response Plan, Boston Bar Association
- March 7, 2018
Preparing for Cyber Security Incidents, presenter, New England Corporate Counsel Association
- March 7, 2018
The Anatomy of a Cyber Attack, panelist, Second Annual Boston Conference on Cybersecurity, Boston College
- January 24, 2018
Jones Day's 2018 Speaker Series: Preparing for Cybersecurity Incidents - What to Expect and How to Reduce Impact
- December 12, 2017
Cybersecurity and the Courts: The New Litigation Paradigm, Association of Corporate Counsel Cybersecurity Summit
- October 18, 2017
Next Generation Cyber-threats, presentation to New England Legal Foundation Board of Directors
- June 19, 2017
Building a Cybercrime Prosecution: Law Enforcement and Corporate Perspectives, speaker, Massachusetts Institute of Technology Applied Cybersecurity Professional Education Program
- June 16, 2017
Cyber Security: Preparing, Preventing & Responding, Lawyer's Clearinghouse Cyber Security Overview for Nonprofits
- May 4, 2017
Notable Global Data Privacy and Cybersecurity Trends and Developments
- April 10, 2017
The Digital Criminal: Cyber Crime Trends and Enforcement with the U.S. Attorney's Cybercrime Unit
- March 8, 2017
Governance, Risk Management & Compliance, The First Boston Conference on Cybersecurity, speaker
- March 7, 2017
Building Resilient Organizations Through Cyber Wargaming - A Legal Perspective, speaker
- Boston College (J.D. magna cum laude 1989; Order of the Coif; Articles Editor, Boston College Law Review); Trinity College, Dublin, Ireland (Rotary International Scholar, 1985-1986); College of the Holy Cross (B.A. summa cum laude 1984; Phi Beta Kappa)
- Massachusetts, U.S. District Court for the District of Massachusetts, and U.S. Court of Appeals for the First Circuit
Chambers USA, recognized for Litigation
Best Lawyers in America, recognized for Privacy & Data Security Law
Fellow, Litigation Counsel of America
Boston Bar Association, Privacy & Cybersecurity Section Advisory Committee, 2019
Boston College, Masters of Science in Cybersecurity Policy & Governance Program, Advisory Council
Member, International Association of Privacy Professionals
Massachusetts Lawyers Weekly, "In-House Leaders in the Law" honoree (2016)