BOSTON and WASHINGTON, DC, February 19, 2025: Morgan Lewis is pleased to welcome partners Heather Egan and Hannah Levin in an expansion of the firm’s cybersecurity, incident response, privacy, and information management practice. Arriving from Orrick, Heather previously served as global head of the Strategic Advisory & Government Enforcement Business Unit and former chair of the unit’s Cyber, Privacy & Data Innovation Group.
“Beyond the often-severe disruption to business operations, cybersecurity breaches bring with them the potential for serious legal, financial, and reputational impact. Businesses negotiating this complex legal terrain turn to our firm to help mitigate these risks and respond swiftly and effectively to cyber events,” said Firm Chair Jami McKeon. “With extensive experience helping companies to develop and mobilize security breach response strategies, Heather and Hannah will immediately enhance our ability to fortify clients’ defenses, develop tactical incident response plans, provide real-time crisis counseling, and ensure compliance with fast-changing regulations.”
Heather, resident in Boston, helps clients prevent and mitigate privacy and cybersecurity incidents; provides comprehensive crisis management support; and assists in the response to catastrophes, investigations, and government probes involving employee, contractor, and third-party conduct. Her work for clients includes building global privacy compliance programs for multinational businesses, handling comprehensive cybersecurity and privacy assessments, vetting risks in corporate transactions, conducting data incident–related internal investigations, and drafting and negotiating contracts for data-related vendors and arrangements. Heather also counsels businesses on mitigating the risks associated with the collection, use, retention, disclosure, transfer, and disposal of personal data.
Hannah, resident in Washington, DC, has a multifaceted privacy and cybersecurity practice, which includes defending clients in investigations and enforcement actions by the Federal Trade Commission (FTC), state Attorneys General, and other federal and state regulators related to cybersecurity incidents, data use, and consumer protection issues. She also advises companies across diverse industries, including healthcare, financial services, and technology, on cybersecurity incident preparedness and incident response, and she conducts internal investigations related to cybersecurity incidents and privacy concerns about the use of personal data. Beyond this work, Hannah counsels on all aspects of privacy and cybersecurity compliance and risk mitigation.
“Heather and Hannah’s experience and national reputation for helping clients successfully navigate high-profile data security incidents will further strengthen our capabilities in this critical space,” said Troy Brown, leader of the firm’s global litigation practice. “These incidents are of immediate urgency to companies and can often lead to long-term challenges across the legal landscape including investigations, litigation, and regulatory inquiries—at all levels and across global jurisdictions. Heather and Hannah’s talent, focus, and experience align with our services guiding clients through both immediate crises and long-term challenges. We’re very excited to welcome our new colleagues and know that their client-focused, collaborative approach will help ensure that they succeed and thrive in our unique culture.”
Their arrival follows that of partner Vishnu Shankar, who joined Morgan Lewis in October 2023 after serving as head of legal (regulatory enforcement) at the Information Commissioner’s Office, the United Kingdom’s lead privacy and cybersecurity regulator.