Donna L. Wilson

The red hot area of cybersecurity and data breaches keeps Wilson and her Manatt team busy.

“This is what keeps in-house counsel awake at night,” she said. “Lawyers tend to be people who got straight As but weren’t that great at science and math. I do tend to understand these things better than the average lawyer. You have to grasp computer forensics.”

She leads her firm’s privacy & data security business group and co-chairs its financial services group. She’s also on Manatt’s board of directors and its compensation committee.

“We’re adding technologists to our group to bridge the science gap and to help us look at issues proactively,” she said.

Wilson represented client Aetna Inc. in what is perhaps the largest breach involving HIV-related privacy that any company has faced to date. Trouble began when, as required by the settlement of two potential class actions regarding benefits coverage for members taking HIV medications, letters were sent to about 12,000 members that allegedly allowed personal health information to be visible through an envelope window. Aetna quickly turned to Wilson and colleagues to provide counsel on breach response, litigation and regulatory interactions on the state and federal levels.

Aetna faced government inquiries plus impending class action claims by plaintiffs across the country which were consolidated in the Eastern District of Pennsylvania. Her team ultimately reached a $17 million settlement to avoid protracted litigation, subject to the approval of U.S. District Judge Juan R. Sanchez of Philadelphia. Beckett v. Aetna Inc., 2:17-cv-03864 (E.D. Penn., filed Aug. 28, 2017).

“We’re currently in litigation against the vendor alleged to have caused the incident,” Wilson said, including claims that the vendor owes Aetna indemnity obligations for the cost of the settlement.

Key to her work in such cases is speed and smarts, she said. “The call always seems to come on Friday at 4 p.m., usually before a holiday weekend. You can set your clock by it. Of course, our biggest successes are ones you don’t read about. You reach out, quickly and reasonably, to stave off media attention and regulatory enforcement actions. Some of these things get quite complicated when computer forensics are involved.”

She tries to get ahead of critical events by counseling her clients’ house counsel. “It’s risk avoidance and management at the front end,” she said. “Then it’s crisis management. There’s no real playbook and no case law. If I were a doctor, I’d be working in the ER.”

— John Roemer