Paul Hastings continued its Texas growth Monday announcing that Michelle Reed, a nationally-recognized expert in cybersecurity and privacy litigation, joined the firm’s Dallas office as a partner.
Reed, who has spent her entire 21-year legal career at Akin Gump, is among about 40 attorneys who have joined Paul Hastings in Texas during the past year. The firm now has nearly 70 lawyers in Houston and Dallas.
A 2003 graduate of Brigham Young University Law School, Reed is a Certified Information Privacy Professional and a member of the U.S. and International Associations of Privacy Professionals.
“With cybersecurity and data privacy remaining high on the agenda of boards, c-suites, audit committees, and GCs of large multinationals, Michelle’s extensive experience with corporate enterprise risks and global regulation is a valuable addition to our robust data privacy and cybersecurity team,” said Paul Hastings Global Managing Partner Sherrese Smith. “Her diverse securities and complex litigation experience also positions us well to capture additional market share in this important area and across the Texas economy.”
Reed has scored some major litigation successes, including a complete dismissal of a data breach class action against a waste management and environmental services company alleging negligence and other torts and a successful appeal at the U.S. Court of Appeals for the Third Circuit affirming dismissal of lawsuit claiming that Resolute Energy Corp.’s proxy statement for a $1.6 billion merger with Cimarex Energy Co. misled investors about the value of the oil and gas company’s stock.
The Texas Lawbook interviewed Reed on her move to Paul Hastings and developments and trends in cybersecurity litigation.
Texas Lawbook: What led you to move your practice to Paul Hastings? How did the discussions start?
Michelle Reed: Not long after Paul Hastings opened their Dallas office, I received a call to talk to Sherrese Smith, who had moved from her cybersecurity leadership role to global managing partner. I spoke to Sherrese, [firm chair] Frank Lopez, and the cyber/privacy team, and it was simply an irresistible match — their strategic direction, leading cyber/privacy practice, global footprint, and culture of collaboration made it a great home for both me and my clients.
Lawbook: How will your practice be different at PH than it has been at Akin Gump?
Reed: For 21 years, I have served as a trusted advisor to companies facing bet-the-company class action litigation and crisis management. I will continue to do this, but now with the backing of a powerhouse, market-leading platform, with a developing roster of premier talent around the world, to serve clients in their most business-critical matters such as data privacy, cybersecurity, and securities litigation. Paul Hastings has an entrepreneurial spirit, a strong and balanced full-service platform, and tremendous momentum. I’m excited to build its new office in Dallas that I have no doubt will rival any other practice in Texas.
Lawbook: Are there one or two high-profile public matters that you are currently involved in that we can highlight?
Reed: Serve as outside legal counsel to the City of Dallas in connection with its ransomware incident. Serve as outside legal counsel to a major U.S. mortgage servicer and lender in connection with its data breach.
Lawbook: We have seen some high-profile data breaches lately. What are two or three trends you are seeing now regarding cybersecurity?
Reed: AI enables threat actors to move quickly at a much lower cost. The differentiating factor for companies is not whether they are breached, but how they respond when they are breached. Companies must have strong incident response and practice to ensure nimble response.
The new SEC cyber rule for public companies has fundamentally changed incident response. Timing is everything and companies must ensure that their disclosure controls and incident response procedures are strong enough to pass the inevitable enforcement that is soon to come.
Lawbook: How are data breaches today different from back when Michael’s Stores and others experienced their breaches?
Reed: The early days of my cyber practice were much more straight forward. Companies typically had breaches where data was stolen and they provided notices to individuals and a handful of attorneys general. Today, every state in the nation has its own data breach notification law and 18 states (and counting) have comprehensive privacy laws. Incidents can be catastrophic—shutting down businesses and supply chains for weeks and causing billions of dollars in damage. Depending on the type of data involved, notification timelines can be as short as 8 hours. With a breach, time is of the essence, and this requires a skilled, nimble team to be able to respond. Paul Hastings has a deep bench and global footprint that will lead companies to security in times of crisis.
Lawbook: What am I not asking that I should be asking?
Reed: Today, on July 1, 2024, the Texas Data Privacy and Security Law goes into effect, impacting businesses across the Lone Star State. The Texas AG has signaled that it intends to aggressively enforce this and other privacy and data security laws. Companies throughout Texas should be conducting a cyber and privacy health assessment to ensure that they are not ensnared in one of the country’s largest enforcement team’s nets. See Attorney General Ken Paxton Launches Data Privacy and Security Initiative to Protect Texans’ Sensitive Data from Illegal Exploitation by Tech, AI, and Other Companies | Office of the Attorney General (texasattorneygeneral.gov)