Overview
Stephen Reynolds (CIPP/US, CISSP) advises some of the largest companies in the world on complex data security and privacy matters.
A former computer programmer and IT analyst, Stephen is uniquely able to use his computer background to the advantage of his clients in matters involving data security, privacy, artificial intelligence and computer forensic investigations. He assists with responding to cybersecurity incidents, such as ransomware attacks, fund transfer fraud, data breaches and business email compromise matters. This work includes helping companies comply with regulatory obligations in the event of these incidents—including Securities and Exchange Commission (SEC) filings for publicly traded companies. Having litigated data security and privacy cases from the trial court level and through the highest levels of appeals, Stephen also represents clients in litigation and regulatory investigations regarding data security, privacy and technology matters.
Stephen has advised multiple publicly traded companies, including technology companies, professional services firms and consumer facing organizations, on compliance with the SEC’s recently adopted requirements for disclosing cybersecurity incidents, risk management and governance within 10-K annual reports. This guidance has included helping clients draft language for SEC reporting obligations and craft internal policies related to SEC disclosure obligations. Additionally, Stephen has helped clients with evaluating the potential need for and in making disclosures of material cybersecurity incidents on Form 8-Ks.
Stephen frequently educates others on data security and privacy at industry conferences and other forums. He is on the board of the International Association of Privacy Professionals (IAPP) and an instructor of the IAPP’s CIPP/US certification. In addition, Stephen is an instructor for the CISSP certification through the ISC(2). He also lectures on Data Security and Privacy Law at Indiana University Robert H. McKinney School of Law.
Results
- Handling cybersecurity response for a global technology company with operations in over 150 countries
- Led response to a significant data security incident involving millions of individuals’ data
- Led response to a ransomware attack with an over $25 million demand from a threat actor that had global implications on the supply chain; oversaw forensics investigation and coordinated work with law enforcement*
- Handled data security incidents for leading technology companies involving coordination with attorneys in over 40 countries*
- Led response to a ransomware incident for a client in the food and agriculture industry with operations around the world, including throughout Europe and North America*
- Handled response to a ransomware attack on a large professional services organization, which resulted in multiple lawsuits*
- Obtained summary judgment on behalf of a client in a privacy lawsuit involving multiple plaintiffs*
*Matter handled prior to joining McDermott
Recognitions
- IAPP Diversity in Privacy Award, Inaugural Recipient, 2023
- Cybersecurity Docket’s Incident Response 50, 2023
- Indianapolis Bar Association, E-Discovery, Information Governance & Cybersecurity Professional of the Year, 2022
- Cybersecurity Docket’s Incident Response 40, 2022
- Best Lawyers in America, Commercial Litigation and Litigation – Health Care, 2021 and 2025
- The Indiana University Maurer School of Law, Distinguished Service Award, 2018
- Savoy Magazine, Most Influential Black Lawyers, 2018
- Indianapolis Business Journal, Forty Under 40, 2017
- Indiana Super Lawyer, Rising Star, 2015 to 2018
- Center for Leadership Development (CLD) Achievement in Professions Award, Finalist, 2012
- Indiana Lawyer’s Leadership in Law, Up & Coming Lawyer Award, 2012
Community
- Southern District of Indiana, member of the Local Rules Advisory Committee
- International Association of Privacy Professionals, member of the Board of Directors
- US Secret Service Chicago Cyber Fraud Task Force, member of the Steering Committee
- InfraGard Indiana, member
- Indiana University Maurer School of Law, member of the Board of Directors
- Indiana University Cybersecurity Advisory Council, member
- Indiana Federal Community Defenders, member of the Board of Directors
- Concord Neighborhood Center, member of the Board of Directors
- Indiana Executive Council on Cybersecurity, advisory member
- Central Indiana – Information Systems Security Association (CI-ISSA), member
- American Bar Association, member
- Seventh Circuit Bar Association, member
- Marion County Bar Association, member
- Indiana State Bar Association, member
- Indianapolis Bar Association, member
- Indianapolis Opera, member of the Board of Directors
- Law360 Privacy/Consumer Protection Editorial Advisory Board, former member
- Leadership Council on Legal Diversity (LCLD), 2017 fellow
Credentials
Education
Indiana University Maurer School of Law, JD, 2008
University of Florida, BA, 2004
Admissions
Indiana
District of Columbia
