Lisa M.Ropple

Practice Leader Cybersecurity, Privacy & Data Protection

Boston + 1.617.449.6955

Lisa Ropple is a nationally recognized cybersecurity lawyer and leader of Jones Day's global Cybersecurity, Privacy & Data Protection Practice. She has extensive experience advising companies on cyber incident and ransomware response and has represented clients in some of the largest, highest profile data breaches in history. Applying her litigation experience and crisis management skills, Lisa brings a pragmatic, strategic approach to helping companies effectively respond to incidents while minimizing downstream legal risk. She also advises companies and their boards of directors on cybersecurity risk, governance, and risk mitigation strategies.

Lisa handles the response to all aspects of domestic and global cyber incidents, including directing forensic investigations, supporting internal corporate incident response teams, engaging with law enforcement authorities, developing internal and external communication strategies, and advising on regulatory notification and disclosure obligations under securities, consumer protection, and other laws. She also defends clients in litigation and government investigations that often follow significant cyber incidents, including class action litigation and regulatory investigations by the FTC, SEC, OCR/HHS, state attorneys general, and industry regulators. Lisa has over three decades of experience representing public and private companies in complex litigation matters and government investigations, and she served for many years as head of litigation for Jones Day's Boston Office.

Before joining Jones Day, Lisa was a litigation partner at an AmLaw 25 firm, where she was a founding member of the firm's data breach practice and served as co-chair of the litigation department. She also spent five years as associate general counsel, vice president at a Fortune 125 public company, where she was global head of litigation and government investigations and led the company's response to significant cybersecurity incidents.

Expérience

  • Aerospace manufacturer develops centralized technology governance framework and integrated enterprise risk management program for its IT, OT, and IoT assetsJones Day advised a global aerospace manufacturer on the design and implementation of a centralized technology governance framework and integrated enterprise risk management program for its IT, OT, and IoT assets.
  • Applus Technologies sold to Opus InspectionJones Day advised Applus Servicios Tecnologicos, S.L.U. in the sale of one of its U.S. subsidiaries, Applus Technologies Inc., to Opus Inspection, Inc.
  • Follett Corporation divests Baker & Taylor division to private investor groupJones Day advised Follett Corporation in its divestiture of its Baker & Taylor division, the world's premier distributor of physical and digital books and services to public and academic libraries, which will now operate as an independent, privately-owned entity group led by Baker & Taylor's President and CEO Aman Kochar.
  • Diebold Nixdorf completes offering of $700 million of Senior Secured NotesJones Day represented Diebold Nixdorf, Incorporated, a global leader in driving connected commerce for the banking and retail industries, in connection with the issuance of its $700 million aggregate principal amount of 9.375% Senior Secured Notes due 2025 in a Rule 144A and Regulation S offering.
  • Diebold Nixdorf completes offering of €350 million of Senior Secured NotesJones Day represented Diebold Nixdorf, Incorporated, a global leader in driving connected commerce for the banking and retail industries, in connection with the issuance by its wholly-owned Dutch subsidiary, Diebold Nixdorf Dutch Holding B.V., of €350 million aggregate principal amount of 9.000% due 2025 in a Rule 144A and Regulation S offering.
  • Fortune 500 public company assesses its investigation processes and develops enterprise-wide investigations governance structureJones Day is assisting a Fortune 500 public company in a year-long project to assess its investigation processes and develop a new, enterprise-wide investigations governance structure.
  • Global manufacturing company responds to disclosure of potential vulnerabilities in its productsJones Day led a global manufacturing company's response to the disclosure of potential vulnerabilities in its products.
  • Fortune 500 manufacturing company investigates cyberattacks targeting payment card data on eCommerce siteJones Day directed the investigation into cyberattacks targeting payment card data on an eCommerce site of a Fortune 500 company's recently-acquired subsidiary.
  • Fortune 500 public company advised on data security and privacy regulatory compliance issuesJones Day is advising a Fortune 500 public company on data security and privacy regulatory compliance issues, including written information security program (WISP) and incident response plan.
  • Large multinational company seeks cybersecurity adviceJones Day is advising a multinational company with regard to developing its cyber incident response plan.
  • Technology company seeks advice on fraudulent online recruiting scamsJones Day advised a technology company regarding fraudulent online recruiting scams.
  • Transportation company investigates potential computer hack of customer dataJones Day led an investigation into a potential criminal intrusion into the network of a transportation company's customer data, provided advice regarding data breach notification laws, and represented the company in responding to an inquiry by the New York Department of Financial Services.
  • Technology company seeks advice regarding ransomware attackJones Day advised a technology company suffering a ransomware attack, including analyzing potential reporting obligations under GDPR and U.S. law.
  • The following are representative examples of experience acquired prior to joining Jones Day.

    Represented The TJX Companies in investigating and responding to a significant criminal intrusion into its computer network and theft of consumer and payment card data announced in 2007, including negotiating a resolution of a multistate investigation by 41 state attorneys general.

    Represented Heartland Payment Systems in connection with a high-profile data breach, including successfully defending against an FTC investigation (no action was taken against the company).

    Represented a prominent teaching hospital against enforcement action by OCR relating to an employee's highly publicized loss of sensitive protected health information. Successfully negotiated a novel resolution agreement and corrective action plan.

    Represented third-party benefits provider in connection with extortion threats made by criminals who had stolen highly sensitive protected health information.

    Represented a leading financial services company in connection with an employee's theft of credit card data.

    Represented a retailer in all aspects of investigating and responding to a publicly disclosed criminal intrusion into certain point of sale systems. Successfully resolved without litigation related to federal and state regulatory investigations and payment card brand claims.

    Persuaded state AG's office to drop publicly announced enforcement action relating to claimed violation of consumer protection/unfair and deceptive trade practice laws. AG closed investigation and issued press release praising client.

    Convinced state AG not to pursue threatened enforcement action for alleged consumer protection violations that had been reported in a prominent national newspaper.

    Represented company and its private equity owner in a prominent accounting fraud enforcement action by DOJ and the SEC in which three senior executives plead guilty to securities fraud, but the company was not prosecuted.

    Successfully defended a financial services client in connection with market timing/late trading investigations by DOJ and SEC.

    Represented computer manufacturer in parallel litigation proceedings in the United States and Venezuela arising in connection with termination of a joint venture.

    Represented a manufacturer in federal court action against claims that it breached a contract and violated the Lanham Act by granting overlapping exclusive licenses to two licensees. Obtained summary judgment on counterclaim for royalties against plaintiff, and plaintiff thereafter withdrew its $20+ million claim.

    Defended high-technology company against securities fraud class action lawsuit in first case under the PSLRA litigated in the First Circuit, obtaining dismissal of the case (affirmed on appeal).

    In a case simultaneously litigated in three federal courts, obtained summary judgment for manufacturing client on the interpretation of a contractual indemnification provision contained in an asset purchase agreement governing environmental liability, which facilitated a highly favorable settlement.

    • October 28, 2019
      Conversations in Cyber: Challenges & Solutions in Cybersecurity Leadership, panelist, FBI
    • June 17, 2019
      Building a Cybercrime Prosecution: Law Enforcement and Corporate Perspectives (with DOJ and FBI), MIT Applied Cybersecurity Professional Education Program
    • May 14, 2019
      Advising Boards of Directors About Cyberattacks and Incident Response, panelist, Boston Bar Association, Privacy and Cybersecurity Conference
    • April 25, 2019
      50 Points of Law – Civil Litigation: Major Developments & Traps for the Unwary, presenter, Massachusetts Continuing Legal Education Webinar
    • March 20, 2019
      Cybersecurity Litigation, presenter, Massachusetts Bar Association
    • March 8, 2019
      “You’ve been breached now what?”, Cyber Attack Simulation, moderator, Boston Conference on Cyber Security, sponsored by Boston College and the FBI
    • March 7, 2019
      Data Breach Response – The First 72 Hours, presenter, Jones Day CLE
    • March 6, 2019
      The Anatomy of a Cyber Attack, moderator, Third Annual Boston Conference on Cybersecurity, sponsored by Boston College and the FBI
    • October 17, 2018
      Jones Day Data Breach Class Actions: Rise in Data Breaches and Litigation; What you Can do to Prepare, and What to do if a Breach Occurs
    • October 17, 2018
      Jones Day Data Breach Class Actions--an interactive webex covering the rise in data breaches and resulting litigation, what you can do to prepare, and what to do if a breach occurs
    • August 30, 2018
      Cybersecurity Issues in Third Party Contracts
    • June 25, 2018
      Building a Cybercrime Prosecution: Law Enforcement and Corporate Perspectives (with DOJ and FBI), presenter, MIT Applied Cybersecurity Professional Education Program
    • May 2018
      Devil in the Details: Crafting an Effective Incident Response Plan, Boston Bar Association
    • March 7, 2018
      Preparing for Cyber Security Incidents, presenter, New England Corporate Counsel Association
    • March 7, 2018
      The Anatomy of a Cyber Attack, panelist, Second Annual Boston Conference on Cybersecurity, Boston College
    • January 24, 2018
      Jones Day's 2018 Speaker Series: Preparing for Cybersecurity Incidents - What to Expect and How to Reduce Impact
    • December 12, 2017
      Cybersecurity and the Courts: The New Litigation Paradigm, Association of Corporate Counsel Cybersecurity Summit
    • October 18, 2017
      Next Generation Cyber-threats, presentation to New England Legal Foundation Board of Directors
    • June 19, 2017
      Building a Cybercrime Prosecution: Law Enforcement and Corporate Perspectives, speaker, Massachusetts Institute of Technology Applied Cybersecurity Professional Education Program
    • June 16, 2017
      Cyber Security: Preparing, Preventing & Responding, Lawyer's Clearinghouse Cyber Security Overview for Nonprofits
    • May 4, 2017
      Notable Global Data Privacy and Cybersecurity Trends and Developments
    • April 10, 2017
      The Digital Criminal: Cyber Crime Trends and Enforcement with the U.S. Attorney's Cybercrime Unit
    • March 8, 2017
      Governance, Risk Management & Compliance, The First Boston Conference on Cybersecurity, speaker
    • March 7, 2017
      Building Resilient Organizations Through Cyber Wargaming - A Legal Perspective, speaker