Sami Qureshi is an associate in the Litigation & Trial and Connectivity, Privacy & Information Practices of Latham & Watkins’ London office.
Mr. Qureshi assists global corporations across all market sectors with high-profile contentious data protection and cybersecurity issues, including litigation, regulatory enforcement, and cybersecurity / major incident response matters.
Mr. Qureshi advises many of the world’s leading companies on their most challenging, complex, and impactful data protection issues and cyber incidents.
Mr. Qureshi frequently advises his clients on:
- Data breach response
- Regulatory inquiries, enforcement, and appeals
- Cyber incident response, forensic investigation, negotiation, and disaster recovery
- Data privacy litigation
Mr. Qureshi has substantial experience working with the UK Information Commissioner’s Office, including acting as legal counsel to the Commissioner on "Operation Cederberg" – the largest data privacy investigation of its kind –which involved investigating the activity of numerous entities and individuals including Cambridge Analytica, Global Science Research, global social media companies, and various UK/US based political parties, with respect to suspected data misuse in the context of political campaigns.
Mr. Qureshi’s experience with the UK Information Commissioner’s Office also includes assisting with developing elements of the Investigation division’s processes and procedures.
Mr. Qureshi's experience includes advising:
- Facebook in various data protection regulatory inquiries
- A US-based, industry-leading Artificial Intelligence developer in connection with regulatory scrutiny and investigation by UK and US law enforcement agencies
- The UK Information Commissioner's Office, on all elements of strategy, investigation, and enforcement flowing from "Operation Cederberg"*
- A major Credit Reference Agency in connection with an industry-wide audit of the “data-broking” sector by the UK Information Commissioner’s Office*
- A major European stock exchange with respect to a cyberattack and major incident response arising out of vulnerabilities identified within the systems of a recently acquired subsidiary company and following conclusion of the highly valuable and widely reported acquisition*
- A global brewery / beverage retail group of companies in relation to a major cyberattack and data breach following deployment of ransomware within the organization*
- A major Credit Reference Agency with respect to an extremely high volume of Data Subject Access Requests purportedly brought on behalf of individual consumers by a claims management firm (which targets financial services companies and banks)*
- An international group of laboratories headquartered in Luxembourg with respect to two highly impactful and widely publicized cyberattacks and related data breaches*
- A multi-billion dollar US-based Aerospace industry manufacturer with respect of a corporate data theft, including conduct of a forensic investigation, analysis of evidential materials, identification and interview of suspect employees, liaison with data protection regulators and law enforcement agencies*
- The non-profit wing of a global financial services corporation / payment card scheme in relation to a multi-jurisdictional personal data breach*
- The UK Information Commissioner’s Office through ‘expert panel’ responding to a ‘citizen-jury’ report examining the issue of “explainability” in artificial intelligence / machine-learning models and automated decision-making*
- An international brewing company in response to a series of alleged data breaches and connected legal claims.*
- A UK healthcare provider with respect to alleged data breach*
- A UK consumer credit company with respect to claims brought for alleged breach of data protection law*
- A UK City Council with respect to repelling contentious Freedom of Information Act requests which sought to expose sensitive commercial information about a large scale city infrastructure project*
*Matter handled prior to joining Latham