Kate Macmillan
Cyber and Data – Incident Response, Incident Prevention, Disputes following Incidents, Reputation Management.
Kate’s 20+ years of experience of cyber and information/data law and reputation/brand management in partner, director and consultant roles equips her to support clients on cyber incident response, measures to prevent cyber and data security incidents and on disputes following such incidents, particularly where there is a threat of significant reputational harm. Chambers describes her as “calm in a crisis”, “reassuring to people in the eye of the storm” and working “tirelessly to achieve the best outcome for her clients.”
Kate blends cyber security, information law and reputation management experience to support clients with the challenges of the digital age. She advocates looking at business challenges through different lenses in order to achieve the best outcomes for clients. Immediately before joining HSF she led the contentious cyber and data security legal team at PwC, working very closely with PwC’s market leading cyber security team. Kate has been recognised as a leader in information/data law by Chambers and the Legal 500 since 2008. Her extensive experience of all the causes of action protecting the right to private and family life under Article 8, ECHR (privacy, data privacy, defamation, confidence and harassment) gives her a deep understanding of both contentious data privacy and of fast-paced crisis work, which threatens adverse scrutiny, including from the media. The Legal 500 2017 describes her as a “real star in the data privacy space” and as a “very clever litigator with huge experience, masterful at managing tricky cases”.
Background
Prior to embarking on a legal career, Kate was an award winning journalist and magazine editor. She holds the Practitioner Certificate in Data Protection (Distinction). She holds the Certificate in High Impact Leadership (95%) from the University of Cambridge’s CISL.
Experience & expertise
Selected matters
- acting on a global company’s incident response in relation to a personal data breach in one jurisdiction which required consideration of notification and other legal obligations in over 30 countries in a short timescale
- advising a US based company on litigation risk following a cyber and data security incident affecting individuals in over 20 countries
- leading on an aspect of the UK Information Commissioner’s investigation into the use of data analytics for political purposes
- leading on an inquiry into corruption in a global sport involving tricky contentious data protection issues and balancing the Article 8 right to privacy and the Article 10 right to freedom of expression
- leading on a high profile High Court privacy claim which established a precedent for damages for “loss of control” of information.