Norton Rose Fulbright Expands Global Cyber Risk Group with Three Notable Lawyers

NEW YORK--()--Norton Rose Fulbright today bolstered its Global Cyber Risk Group with the addition of three prominent privacy and cybersecurity lawyers: Chris Cwalina in Washington, DC, Jeewon Serrato in San Francisco and Steven Roosa in New York. Cwalina joins as the firm’s Global Co-Head of Cyber Risk and Serrato as its Head of Data Protection, Privacy and Cybersecurity in the United States. Roosa will head up the firm’s data lab, enhancing Norton Rose Fulbright’s Global Risk Advisory offering.

Daryl Lansdale, Norton Rose Fulbright’s US Managing Partner, said:

“Our expanded Global Cyber Risk Group offers coverage around the world in all areas of information risk, including cybersecurity, privacy, e-discovery and governance. These new additions make us stronger than ever in this arena.”

Ffion Flockhart, Norton Rose Fulbright’s Global Co-Head of Cyber Risk with Cwalina, commented:

“Data knows no borders, and privacy and cybersecurity concerns top the agendas of our largest global clients. With significant US litigation risk and regulatory exposures to contend with, our expanded team provides our global clients with a deep and highly experienced bench to help navigate the complex, multijurisdictional risks they face in this space.”

Cwalina concentrates his practice on cybersecurity and privacy compliance and risk management, with a focus on complex cybersecurity attack and data breach investigations. The former Co-Chair of Holland & Knight’s Cybersecurity and Privacy Team counsels clients in all phases of cybersecurity and privacy compliance, planning, training and program development. Since the inception of state breach notification statutes, Cwalina has helped companies respond to countless cybersecurity events, incidents and data breaches on an international scale. He helped lead the response to the first major breach to be publicly reported when there was only one data breach law in the US.

Cwalina, who provides counsel on the full lifecycle of cybersecurity and privacy compliance and risk management, said:

“Norton Rose Fulbright is the perfect law firm for us. As well as having a coast-to-coast presence in the US, we will have a significant platform of experienced cyber and privacy lawyers across the globe, which will be of considerable benefit to us and our clients. Our practice fits nicely with the talented team that is already in place, and we could not be more excited to start working with our new colleagues.”

Serrato brings significant experience advising global companies, financial services institutions, and public entities on cutting-edge issues at the interaction of technology and law. Most recently, she was Global Head of Privacy and Data Protection at Shearman & Sterling LLP. Before joining the private sector, Serrato served as Chief Privacy Officer of Fannie Mae and as the lead privacy executive for RELX Group (formerly Reed Elsevier), where she managed cybersecurity programs, data use policies and product design for more than 500 data analytics products globally. She currently serves on the US Department of Homeland Security Data Privacy and Integrity Advisory Committee and holds a US Secret Clearance.

Serrato, who advises companies seeking to implement smart data strategies, added:

“For many multinational clients, US data privacy and cybersecurity coverage is critical. Our team will be able to offer considerable experience and insight to assist companies with their ever-increasing needs in this area. With our global team expanding into San Francisco, we are well positioned to act as true business partners in product and service delivery from proof-of-concept to commercialization. The data lab that Steve Roosa will head up is a good example of how innovative and technology-forward our group will be.”

Roosa, a Fellow Emeritus at the Center for Information Technology Policy at Princeton University, has deep experience advising companies on a wide range of technology and legal issues pertaining to data privacy, security and governance.

Roosa, who worked closely with Cwalina on cyber risk offerings at Holland & Knight, added:

“Few outside of the university context have built a data lab providing data compliance testing and assessment at the technical level, and we’ve already started our first coding sprint. Folks should look forward to some big announcements in the near term.”

Cwalina, Serrato and Roosa join an experienced team of cyber, privacy and data management practitioners, which includes US Head of Data & Information Risk David Kessler, US Head of E-Discovery and Information Governance Andrea D’Ambra and Kim Gold, a lawyer with deep HIPAA experience.

Kessler, who ranks in Chambers USA for Nationwide Litigation: E-Discovery and founded Norton Rose Fulbright’s US data management practice, said:

“The addition of Cwalina, Serrato and Roosa add tremendous depth to our service offerings. There is virtually no data project that we cannot handle.”

Cwalina is admitted to practice in the District of Columbia and Maryland. He received his JD from the University of Baltimore School of Law and his BA from Gettysburg College.

Serrato is admitted to practice in California and the District of Columbia. She earned her JD from the University of California, Berkeley School of Law and her BA from the University of California, Berkeley.

Roosa is admitted to practice in the District of Columbia, New Jersey and New York. He received his JD at the Rutgers School of Law and his BA from Cornell University.

Notes for editors:

Norton Rose Fulbright

Norton Rose Fulbright is a global law firm providing the world’s preeminent corporations and financial institutions with a full business law service. The firm has more than 4,000 lawyers and other legal staff based in Europe, the United States, Canada, Latin America, Asia, Australia, Africa and the Middle East.

Recognized for its industry focus, Norton Rose Fulbright is strong across all the key industry sectors: financial institutions; energy; infrastructure, mining and commodities; transport; technology and innovation; and life sciences and healthcare. Through its global risk advisory group, the firm leverages its industry experience with its knowledge of legal, regulatory, compliance and governance issues to provide clients with practical solutions to the legal and regulatory risks facing their businesses.

Norton Rose Fulbright operates in accordance with its global business principles of quality, unity and integrity, aiming to provide the highest possible standard of legal service in each of its offices and to maintain that level of quality at every point of contact.

Norton Rose Fulbright Verein, a Swiss verein, helps coordinate the activities of Norton Rose Fulbright members but does not itself provide legal services to clients. Norton Rose Fulbright has offices in more than 50 cities worldwide, including London, Houston, New York, Toronto, Mexico City, Hong Kong, Sydney and Johannesburg. For more information, see

Law around the world


Norton Rose Fulbright
Dan McKenna, +1 713 651 3576
National Director of Communications

Release Summary

Global law firm Norton Rose Fulbright has hired three prominent privacy and cybersecurity lawyers: Chris Cwalina, Jeewon Serrato and Steven Roosa.


Norton Rose Fulbright
Dan McKenna, +1 713 651 3576
National Director of Communications