Présentation
Lynette Arce focuses her practice on matters of privacy, cybersecurity and data breach response. She advises clients across multiple industries on a wide range of privacy and cybersecurity compliance issues, and assists clients in developing comprehensive and practical solutions related to compliance and minimizing risk. Lynette services clients of all sizes, ranging from Fortune 100 companies to small startups, and from various industries.
Lynette is a practical problem solver with a steel reserve in moments of crisis. She has vast experience advising multinational, highly regulated clients in responding to information security incidents. She manages all aspects of a data breach response and investigation, including directing privileged forensic investigation, managing vendor relationships, developing response strategies, assessing risks and impact stemming from the incident and advising clients on legal obligations and remediation plan.
In addition, Lynette advises clients with their cybersecurity preparedness. She crafts cybersecurity regulatory compliance documentation, such as incident response plans and written information security program policies, and advises on cybersecurity governance. She also assists clients with comprehensive privacy and cybersecurity gap and risk assessments.
Lynette regularly counsels clients on compliance with privacy and cybersecurity laws and standards, including advising clients on compliance with HIPAA, DFARS, GLBA, CCPA, NYDFS, PCI DSS and multiple state privacy and cybersecurity laws, as well as international laws including the EU’s GDPR, Canada’s PIPEDA and many international breach notification requirements. She also identifies and advises on privacy and cybersecurity risk in corporate M&A transactions, including post-closing risk mitigation and controls implementation.
Lynette is a Certified Information Privacy Professional/United States (CIPP/US) by the International Association of Privacy Professionals (IAPP).
Results
- Handled more than 100 cybersecurity incident and data breach responses involving ransomware, hacking, phishing, employee negligence and malfeasance, inadvertent disclosure and vendor-related events
- Performed investigation into encryption requirements and cybersecurity compliance for large financial institution in response to hotly contested and publicized internal audit
- Advised on the structure and development of privacy and cybersecurity programs for multiple organizations, including a large post-breached public institution*, bitcoin technologies platform and futures exchange
- Provided pro bono incident response preparedness services and resources to a nonpartisan nonprofit aimed at providing secure elections in the run-up to the 2020 national election
- Responded to largest higher education security incident, which resulted in the notification of over 2.8 million individuals residing in over 200 jurisdictions as well as regulators and consumer reporting agencies*
* Matter handled prior to joining McDermott
Credentials
Education
Loyola University of Chicago School of Law, JD, 2013
University of Vermont, BA, 2009
Admissions
Illinois