Cybersecurity and Privacy


McAfee & Taft provides comprehensive cybersecurity and privacy legal and business consulting services to clients of all sizes, both private and public, across a broad range of industries. With data and technology driving business and society in unprecedented ways, the firm’s Cybersecurity and Privacy Group relies on a diverse team of attorneys practicing in a broad range of disciplines that regularly encounter issues in this niche but growing area of law. This is made possible by having the most certified group of privacy attorneys in the state, including those with masters degrees in cybersecurity and numerous certifications from the International Association of Privacy Professionals (IAPP). Leveraging our industry-specific expertise and specialized certifications and training, as well as years of experience encountering clients’ cybersecurity and privacy law issues, McAfee & Taft is able to offer customized and fixed-fee solutions to meet the business needs of every client.

Comprehensive Legal and Business Services

Our representation has included assistance with the Health Insurance Portability and Accountability Act (HIPAA) for clients in the healthcare industry, providing legal expertise for financial institutions pertaining to the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA), guidance for clients’ compliance efforts with the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), and consultation of clients through complex cyber and ransomware attacks. Our comprehensive legal and business representation includes the following services:

  • Cybersecurity and privacy strategy
  • Data governance, protection, and strategy
  • Cyber risk, compliance, and transactions
  • Crisis management, incident response and investigations
  • Cybersecurity and privacy litigation

Cybersecurity and Privacy Strategy

In recent years, cybersecurity and privacy strategy has grown more complex due to technological advancements and an ever-changing business and legal landscape. Today, in addition to assisting with legal issues specific to certain business sectors, the firm assists clients with the following strategy-related legal services:

  • Assessments of cybersecurity and privacy plans and policies
  • Implementation of practices and procedures for comprehensive and customized cybersecurity and privacy solutions that address business needs
  • Cybersecurity and privacy tabletop exercises with customized action plans and reports

Our team also advises clients when purchasing cyber liability and risk insurance coverage. Today, many cyber liability policies are not tailored toward cybersecurity issues, or explicitly exclude them. Leveraging our expertise and professional relationships, our attorneys can help clients understand their own coverage and to identify potential gaps in their risk management strategy.

Data Governance, Protection & Strategy

As technology becomes more complex in how data may be collected and analyzed, so too has the legal framework governing that collection, protection and use. McAfee & Taft attorneys have reviewed internal and external policies across numerous business sectors concerning data and cybersecurity issues, including the impact of the General Data Protection Regulation (GDPR) on global data collection issues. Our data and cybersecurity representation has been for Fortune 100 companies as well as start-ups concerning the constantly changing universe of rights, responsibilities, and risks that accompany data collection, governance and protection in the modern world.

Cyber Risk, Compliance & Transactions

With no current federal law that generally concerns all data use and collection, compliance and risk management require an in-depth knowledge of the patchwork of federal, state, and potentially foreign laws that may apply to your business. McAfee & Taft assists clients in identifying and assessing its legal risk and strategic needs in collecting, using, storing, and securing information of its customers and employees that covers many aspects of our clients’ businesses, including:

  • Industry-based and regulation-specific assessments, including CCPA and CPRA, GDPR, GLBA, HIPAA, National Institute of Standards and Technology (NIST) Cybersecurity and Privacy Frameworks, and state data breach and privacy laws.
  • Implementation of public-facing policies that inform employees and customers of your data practices in a manner that addresses applicable legal requirements.
  • Training of employees on cyber hygiene principles, including for phishing and business email compromise awareness.

In addition to assisting with day-to-day operations, McAfee & Taft assists clients with privacy and cybersecurity issues related to business transactions. Our services have included due diligence for privacy, data security and information rights, and negotiating representations, warranties, and risk allocation concerning the same in business transactions, including merger and acquisition transactions.

Crisis Management, Incident Response & Investigations

Our attorneys also work closely with clients in security incident and data breach matters, ensuring swift, effective and confidential response plans. We have assisted numerous clients with incidents and breaches affecting employees and consumers throughout the United States. We assist in all aspects of incident response, from the initial assessment, to working with forensic companies to ascertain the cause of the breach in a manner to maintain privilege, to providing notification to those affected by a data breach. These services include:

  • Assessment and drafting of incident response and crisis communication plans
  • Consultation on contingency plans for management of any possible data breach, including manners to mitigate business risk in the event of an incident
  • Execution of incident response tabletops and strategy playbooks

Cybersecurity and Privacy Litigation

In the unfortunate event of a data breach and subsequent legal action, our experienced litigation team can help you navigate the legal and practical hurdles of cybersecurity forensics, insurance coverage, and litigation. In this ever-evolving industry with a growing regulatory landscape, litigation threats and challenges expand on a daily basis. Working collaboratively with other members of the firm’s extensive and diverse group, McAfee & Taft’s experienced team of litigators represent, counsel and advocate for clients to resolve a broad range of business and operational disputes and threats in cybersecurity and privacy, including regulatory compliance matters, insurer and government audits, civil and criminal investigations, and commercial contract disputes.

Practice Group Leaders

Zach Oubre

Joshua M. Snavely

Cybersecurity and Privacy Team

William J. Holland


(918) 574-3027

Robert T. Luttrell, III

Of Counsel

(405) 552-2291

Jenny M. Odom


(405) 270-6018

Zach Oubre

Shareholder, Industry Group Leader

(405) 270-6023

Patricia A. Rogers


(405) 235-9621

Joshua M. Snavely

Of Counsel, Industry Group Leader

(405) 270-6027

Chase C. Webb


(405) 552-2280

Matthew A. Welborn


(405) 552-2212

Anna E. Wolfe


(918) 574-3048