Kaylee Cox Bankston is a partner in Morrison Foerster’s Privacy + Data Security Group. She advises clients across all industries on complex cybersecurity, privacy, and data matters, including cybersecurity investigations and breach preparation, corporate governance and risk management, regulatory investigations, litigation and class action defense, and other emerging industry issues, such as the use and impacts of Artificial Intelligence (AI). Kaylee was recognized by The Legal 500 US for her work in Cyber law (including data privacy and data protection) in 2023. Kaylee is also a co-author of The International Handbook of AI Law: A Guide to Understanding and Resolving the Legal Challenges of Artificial Intelligence.

• Cybersecurity Investigations and Incident Response Preparedness: Kaylee has extensive experience leading clients in investigations of sophisticated cyberattacks and security breaches conducted by high-profile threat actor groups, including ransomware, data extortion events, and business email compromises. She also counsels clients on incident response programs and preparedness, including developing and conducting cybersecurity simulations and “tabletop” exercises, preparing clients for security assessments, audits, and testing, and advising on post-assessment implementation and risk mitigation strategies. Kaylee also advises clients on cybersecurity information- and intelligence-sharing, data access requests, and related national security matters.

• Regulatory Investigations and Litigation: Kaylee has substantial experience representing clients in privacy and security investigations and related regulatory actions. She has represented companies in cybersecurity and privacy matters before U.S. and international regulators, including the U.S. Federal Trade Commission (FTC), the U.S. Securities and Exchange Commission (SEC), the U.S. Department of Justice (DOJ), the U.S. Department of Health and Human Services, Office of Civil Rights (HHS OCR), New York Department of Financial Services (NYDFS), and state attorneys general, and in litigation matters in various U.S. federal and state courts.

• Public Companies Counseling, Corporate Governance, and Compliance: Kaylee has advised numerous companies in connection with the new SEC Cybersecurity Disclosure Rules, including counseling on disclosure obligations for material cybersecurity incidents and developing annual SEC cybersecurity disclosures for publicly traded companies. Kaylee also counsels executives and boards of directors on cybersecurity and privacy corporate governance and risk management matters. She also regularly advises clients on the development of cybersecurity and privacy programs and compliance with other regulatory requirements and standards, such as the NYDFS Part 500 cybersecurity requirements, the FTC Safeguards Rule, the FTC Act, the California Consumer Privacy Act (CCPA) and state data privacy laws, the Illinois Biometric Information Privacy Act (BIPA), the Children’s Online Privacy Protection Act (COPPA), the Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), and the Payment Card Industry Data Security Standard (PCI DSS).

• Corporate Transactions and Vendor Management: Kaylee counsels clients on vendor management programs, including developing security and privacy contracting frameworks and negotiating data protection agreements. Kaylee also advises clients on privacy and security diligence matters in connection with corporate transactions.

Kaylee is an adjunct professor at Georgetown University Law Center, where she teaches a cybersecurity course. Kaylee is a Certified Information Privacy Professional (CIPP) through the International Association of Privacy Professionals. She previously served on the Center for a New American Security, Technology Policy Lab Working Group for Data Privacy and the Bar Association of the District of Columbia Board of Directors and National Security Steering Committee. She is also a member of Women in CyberSecurity (WiCyS).