Cybersecurity and Privacy

  • Overview
  • Team

McAfee & Taft provides comprehensive cybersecurity and privacy legal and business consulting services to clients of all sizes, both private and public, across a broad range of industries. With data and technology driving business and society in unprecedented ways, the firm’s Cybersecurity and Privacy Group relies on a diverse team of attorneys practicing in a broad range of disciplines that regularly encounter issues in this niche but growing area of law. This is made possible by having the most certified group of privacy attorneys in the state, including those with masters degrees in cybersecurity and numerous certifications from the International Association of Privacy Professionals (IAPP). Leveraging our industry-specific expertise and specialized certifications and training, as well as years of experience encountering clients’ cybersecurity and privacy law issues, McAfee & Taft is able to offer customized and fixed-fee solutions to meet the business needs of every client.

Comprehensive Legal and Business Services

Our representation has included assistance with the Health Insurance Portability and Accountability Act (HIPAA) for clients in the healthcare industry, providing legal expertise for financial institutions pertaining to the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA), guidance for clients’ compliance efforts with the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), and consultation of clients through complex cyber and ransomware attacks. Our comprehensive legal and business representation includes the following services:

  • Cybersecurity and privacy strategy
  • Data governance, protection, and strategy
  • Cyber risk, compliance, and transactions
  • Crisis management, incident response and investigations
  • Cybersecurity and privacy litigation

Cybersecurity and Privacy Strategy

In recent years, cybersecurity and privacy strategy has grown more complex due to technological advancements and an ever-changing business and legal landscape. Today, in addition to assisting with legal issues specific to certain business sectors, the firm assists clients with the following strategy-related legal services:

  • Assessments of cybersecurity and privacy plans and policies
  • Implementation of practices and procedures for comprehensive and customized cybersecurity and privacy solutions that address business needs
  • Cybersecurity and privacy tabletop exercises with customized action plans and reports

Our team also advises clients when purchasing cyber liability and risk insurance coverage. Today, many cyber liability policies are not tailored toward cybersecurity issues, or explicitly exclude them. Leveraging our expertise and professional relationships, our attorneys can help clients understand their own coverage and to identify potential gaps in their risk management strategy.

Data Governance, Protection & Strategy

As technology becomes more complex in how data may be collected and analyzed, so too has the legal framework governing that collection, protection and use. McAfee & Taft attorneys have reviewed internal and external policies across numerous business sectors concerning data and cybersecurity issues, including the impact of the General Data Protection Regulation (GDPR) on global data collection issues. Our data and cybersecurity representation has been for Fortune 100 companies as well as start-ups concerning the constantly changing universe of rights, responsibilities, and risks that accompany data collection, governance and protection in the modern world.

Cyber Risk, Compliance & Transactions

With no current federal law that generally concerns all data use and collection, compliance and risk management require an in-depth knowledge of the patchwork of federal, state, and potentially foreign laws that may apply to your business. McAfee & Taft assists clients in identifying and assessing its legal risk and strategic needs in collecting, using, storing, and securing information of its customers and employees that covers many aspects of our clients’ businesses, including:

  • Industry-based and regulation-specific assessments, including CCPA and CPRA, GDPR, GLBA, HIPAA, National Institute of Standards and Technology (NIST) Cybersecurity and Privacy Frameworks, and state data breach and privacy laws.
  • Implementation of public-facing policies that inform employees and customers of your data practices in a manner that addresses applicable legal requirements.
  • Training of employees on cyber hygiene principles, including for phishing and business email compromise awareness.

In addition to assisting with day-to-day operations, McAfee & Taft assists clients with privacy and cybersecurity issues related to business transactions. Our services have included due diligence for privacy, data security and information rights, and negotiating representations, warranties, and risk allocation concerning the same in business transactions, including merger and acquisition transactions.

Crisis Management, Incident Response & Investigations

Our attorneys also work closely with clients in security incident and data breach matters, ensuring swift, effective and confidential response plans. We have assisted numerous clients with incidents and breaches affecting employees and consumers throughout the United States. We assist in all aspects of incident response, from the initial assessment, to working with forensic companies to ascertain the cause of the breach in a manner to maintain privilege, to providing notification to those affected by a data breach. These services include:

  • Assessment and drafting of incident response and crisis communication plans
  • Consultation on contingency plans for management of any possible data breach, including manners to mitigate business risk in the event of an incident
  • Execution of incident response tabletops and strategy playbooks

Cybersecurity and Privacy Litigation

In the unfortunate event of a data breach and subsequent legal action, our experienced litigation team can help you navigate the legal and practical hurdles of cybersecurity forensics, insurance coverage, and litigation. In this ever-evolving industry with a growing regulatory landscape, litigation threats and challenges expand on a daily basis. Working collaboratively with other members of the firm’s extensive and diverse group, McAfee & Taft’s experienced team of litigators represent, counsel and advocate for clients to resolve a broad range of business and operational disputes and threats in cybersecurity and privacy, including regulatory compliance matters, insurer and government audits, civil and criminal investigations, and commercial contract disputes.

Sasha L. Beling
Shareholder, Industry Group Leader
(405) 270-6011
Kate N. Dodoo
Of Counsel, Practice Group Leader
(405) 270-6057
William J. Holland
(918) 574-3027
Todd G. Lamb
Of Counsel
(405) 552-2354
Robert T. Luttrell, III
Of Counsel
(405) 552-2291
Jenny M. Odom
(405) 270-6018
Zachary A.P. Oubre
Shareholder, Industry Group Leader
(405) 270-6023
Patricia A. Rogers
(405) 235-9621
Joshua M. Snavely
Of Counsel, Industry Group Leader
(405) 270-6027
Chase C. Webb
(405) 552-2280
Anna E. Wolfe
(918) 574-3048


Lock sitting on a laptop keyboard
Data privacy and security concept art
Padlock sitting on a laptop keyboard

Oklahoma Legislature looks to pass numerous new consumer privacy laws

McAfee & Taft Data Privacy and Cybersecurity Alert |
Digital fingerprint on a circuit board

New bill aims to protect data privacy of Oklahoma residents

The Journal Record |
Digital fingerprint on a circuit board

Oklahoma the latest state to consider consumer data privacy legislation

McAfee & Taft Data Privacy and Cybersecurity Alert |

Will even stricter California privacy law spark push for national consumer privacy reform?

McAfee & Taft tIPsheet Alert |

Tips to jump-start cybersecurity preparedness

The Journal Record |

National Cybersecurity Awareness Month: 3 tips to jump-start your cybersecurity preparedness

McAfee & Taft tIPsheet |

Despite pandemic, CCPA enforcement deadline looms while businesses still wait for final regs

McAfee & Taft LINC |

COVID-19 Impacts: Data Privacy and Cybersecurity

McAfee & Taft LINC |

Yes, even your IT systems are susceptible to COVID-19

McAfee & Taft LINC Alert |

New year to ring in nation’s most comprehensive privacy law

McAfee & Taft tIPsheet |

Push for data privacy increases

The Journal Record |

Privacy Gone Public: How growing push for privacy laws may affect U.S. businesses

McAfee & Taft tIPsheet |

Would you like some milk with your cookies? 5 months post-GDPR

McAfee & Taft tIPsheet |

Biometric privacy laws pose new challenges, risks for employers

McAfee & Taft EmployerLINC |

Biometrics usher in new era of privacy laws, litigation risks

McAfee & Taft tIPsheet |

Speedier service or biased browsing?

The Journal Record |

Is the internet neutral and does it really matter?

McAfee & Taft tIPsheet |

Preventing data breaches

The Journal Record |

Legal risks on the rise for businesses that auto‑dial, text

McAfee & Taft tIPsheet |

FTC amends Children’s Online Privacy Protection Rule

McAfee & Taft tIPsheet |

Canada’s Anti-Spam Legislation to impact electronic marketing and communications

McAfee & Taft tIPsheet |

At The Podium

Cybersecurity Threats

JR Now Webinar
Online | May 18, 2022

The Privacy Playbook: An Overview of the Legal & Regulatory Landscape

State Chamber of Oklahoma / The Legal Center CLE
Oklahoma City, OK | May 5, 2022

Healthcare and Cyber Attacks: Protecting PHI and Mitigating Risks

Annual Checkup: Healthcare Industry Seminar 2022
Oklahoma City, OK | April 27, 2022

The Cybersecurity and Privacy Playbook: A strategic guide for business

2021 Corporate Counsel Seminar
Oklahoma City, OK | December 2, 2021

The Cybersecurity and Privacy Playbook: A strategic guide for business

2021 Corporate Counsel Seminar
Tulsa, OK | December 1, 2021

Cyber Hygiene: An Apple (or PC) Defended a Day Keeps the Hacker Away

University Faculty Institute
Langston, OK | August 2021

First-Skill, Reskill, Upskill

National Initiative on Cybersecurity Education
Oklahoma City, OK | May 2021

A Playbook for Cyber Resilience: Basics & Best Practices

William J. Holloway American Inn of Court
Oklahoma City, OK | March 2021

Decrypting Diversity: The Secret Key to Cybersecurity

Providence, RI | February 2021

Cyber Resiliency Planning: The Basics & Best Practices for Business

Oklahoma Small Business Development Network
Oklahoma City, OK | October 2020

Cybersecurity Playbook: Fundamentals & Strategies for Business

Oklahoma Small Business Development Network
Oklahoma City, OK | October 2020

The Cyber Range – A Guide

National Initiative on Cybersecurity Education
Oklahoma City, OK | June 2020

#CyberDiversity – New Decade, New Rules

RSA Conference 2020
San Francisco, CA | February 2020

Data Insecurity

2019 Corporate Counsel Seminar
Oklahoma City, OK | December 5, 2019

Data Insecurity

2019 Corporate Counsel Seminar
Tulsa, OK | December 4, 2019

A Practical Overview of Privacy and Security for In-House Counsel

Oklahoma County Bar Association CLE Seminar
Oklahoma City, OK | November 15, 2019

Online Privacy

IABC of Central Oklahoma
Oklahoma City, OK | November 7, 2019

Westward Bound? How the CCPA Will Affect You

2019 InnoTech Oklahoma Conference
Oklahoma City, OK | October 22, 2019

Data Privacy and IT in this Technological World: A guide to ensuring compliance

2019 Regional Corporate Counsel Seminar
Springdale, AR | July 25, 2019

The Intersection of Cybersecurity & the Fourth Estate

Aspen Institute
Washington, DC | September 2018

Sleepless in Cyberspace: Navigating the Threat Landscape

American Bar Association Cyber Legal Task Force
Washington, DC | September 2018

Invasion of the Data Snatchers

Healthcare Headlines Seminar
Tulsa, OK | March 29, 2018

Invasion of the Data Snatchers

Healthcare Headlines Seminar
Oklahoma City, OK | March 27, 2018

Activating Your Cyber Insurance

TechAdvantage 2018 Conference & Expo
Nashville, TN | February 26, 2018

Cybersecurity and Risk Shifting

2017 Corporate Counsel Seminar
Oklahoma City, OK | December 7, 2017

Cyber Security for Law Firms and Those Who Retain Them

LEO Cyber Security Law Conference
Oklahoma City, Oklahoma | November 9, 2017

Cyber Security for Law Firms and Those Who Retain Them

LEO Cyber Security Law Conference
Tulsa, Oklahoma | November 8, 2017

Fundamentals of Cybersecurity Law & Policy

Washington, DC | September 2017

Security vs. Security – A Conversation with Facebook

American Bar Association’s Homeland Security Law Institute
Washington, DC | September 2017

The Cybersecurity Information Sharing Act: An Overview and Update

American Bar Association’s Homeland Security Law Institute
Oklahoma City, OK | April 2017

An ‘Apple’ a Day Keeps the Hacker … or the Government … Away?

Rotary Club of Oklahoma City
Oklahoma City, OK | April 2016

A Deep Dive on Cyber & Incident Response Plans

The National Summit on Homeland Security Law: The State of Cyber
Oklahoma City, OK | April 2016

The Rule of Law – Security vs. Liberty

The National Summit on Homeland Security Law
Oklahoma City, OK | April 2015

Homeland and National Security – The Evolution of Domestic Extremism

American Bar Association Midyear Meeting
Houston, TX | February 2015

Practical Considerations in Advising and Representing Clients in Anti-Terrorism & Homeland Security

Investigations and the Realm of National Security Law
Oklahoma City, OK | June 2014