Sami Martin Qureshi

Sami’s experience includes advising:

• Meta (formerly Facebook) in connection with various multi-jurisdictional and high-profile data breaches and data protection regulatory inquiries, including (amongst other major inquiries) advising on regulatory inquiry and associated litigation in relation to data transfers from the European Union to the United States following the CJEU’s decision in Schrems II
• A global cryptocurrency coin exchange in relation to various global cyber security and data privacy challenges, tactical hardening of security posture, and response to a series of targeted account take-overs, identity and financial fraud, and cyberattacks
• A global group of industry-leading restaurant brands and franchises with crisis response and related regulatory and litigation issues arising in connection with a serious ransomware attack impacting multiple geographies and causing significant systems down-time
• A multinational enterprise software company in response to major cross-border Lockbit 3.0 supply chain cyberattack and service outage
• A market-leading identity verification and fraud prevention company on compulsory investigation by the UK ICO following an industry-wide appraisal of the "data broking" sector
• A US-headquartered non-fungible token (NFT) marketplace in response to cyberattack, data theft, and ransom demand
• A US-based, industry-leading artificial intelligence developer in connection with regulatory scrutiny and investigation by UK and US law enforcement agencies following complaints of bias and inappropriate content in language response generation
• The UK ICO on all elements of strategy, investigation, and enforcement flowing from Operation Cederberg*
• A major Credit Reference Agency in connection with an industry-wide audit of the data-broking sector by the UK ICO*
• The UK ICO by providing written submissions and attending an expert panel advising on the issue of “explainability” in artificial intelligence / deep learning / machine learning technologies and supporting the ICO’s drafting of regulatory guidance on these issues*
• A leading UK/European stock exchange with respect to a cyberattack and incident response arising out of vulnerabilities identified within the systems of a recently acquired subsidiary company and following conclusion of the highly valuable and widely reported acquisition*
• A global brewery / beverage retail group of companies in relation to a major REvil cyberattack and data breach following deployment of ransomware within the organization*
• A global credit reference agency with respect to an extremely high volume of data subject access requests purportedly brought on behalf of individual consumers by a claims management firm (which targets financial services companies and banks)*
• An international group of laboratories headquartered in Luxembourg with respect to two highly impactful and widely publicized cyberattacks and related data breaches*
• A multi-billion dollar US-based aerospace industry manufacturer with respect to corporate data theft, including forensic investigation, evidence analysis, suspect interviews, and liaison with data protection regulators and law enforcement agencies*

*Matter handled prior to joining Latham