Mengyi Xu is an associate in the Litigation Department and a Certified Information Privacy Professional (CIPP/US). As a member of the firm’s interdisciplinary ...
Read Full Biography
Experience
-
- A clinical research company in an investigation by the U.S. Department of Health and Human Services into HIPPA related data-loss.
- A leading financial institution with federal bank supervisory expectations concerning artificial intelligence and data governance.
- A global private equity firm with ongoing regulatory compliance counseling and cybersecurity policy reviews.
- Edward Jones Trust Company on a wide range of cybersecurity matters, from advisory work to incident response.
- Multiple U.S. and global companies across diverse sectors in responding to ransomware attacks, large-scale data thefts, and other cybersecurity incidents.
- A leading technology company in an FTC investigation of its cybersecurity practices.
- A Canadian Financial Company in conducting a racial equity assessment of the company’s various products, services, and practices in response to a shareholder demand.
- A global private equity firm with SEC cybersecurity regulatory compliance counseling.
- Microsoft (as Amicus) in the New Jersey Supreme Court in its successful challenge of U.S. law enforcement requests for nearly contemporaneous communications via search warrants in lieu of wiretap orders.
- A major FinTech company on a broad range of artificial intelligence and data privacy issues concerning its use of machine learning and big data technologies, including related to the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, and the DFS cybersecurity regulation.
- A Global Financial Services firm in several cybersecurity events relating to compromised accounts, phishing attacks, and other attempts to gain unauthorized access to the company’s computer systems.
- A leading private equity firm in an SEC exam focusing on artificial intelligence that ended with a “no findings” letter.
- A leading private equity firm concerning reputational, regulatory, operational, and governance risks related to artificial intelligence.
- A global entertainment company in response to a cybersecurity incident, including associated regulator notifications across Europe, Asia Pacific, and the Americas, regulatory defense and assisting with criminal proceedings.
- A server company in an arbitration regarding a contract dispute with a cryptocurrency company that reneged on a multimillion-dollar contract for server capacity, resulting in a highly favorable settlement for our client after an interim award in our client’s favor.
- SolarWinds Corporation, a software developer, in an investigation related to the December 2020 SUNBURST cyber attack.
Education
- Stanford Law School, 2017, J.D.
- Princeton University, 2014, A.B.