Megan M. Kayo

About Megan M. Kayo

Megan specializes in cybersecurity and privacy issues. She has worked on hundreds of data breach incidents, including investigations, notifications and interactions with regulators and affected consumers. She represents clients in regulatory investigations of their information security programs and their responses to data breaches and security incidents.

Megan also helps her clients with information security governance, including risk assessment and management, breach mitigation, business continuity and disaster recovery planning, oversight of third-party service providers, due diligence in corporate transactions, and board of director advice and counseling.  

In addition, Megan works closely with clients from startups to Fortune 500 companies to accomplish their strategic objectives with respect to processing and monetizing data. She helps her clients develop practical strategies and procedures to collect, use, share, and sell data in compliance with privacy and data protection laws, regulations, standards, and contractual obligations.

Prior to joining the firm, Megan was a partner at Wilson Sonsini, where she acted as lead counsel on global data breaches affecting millions of records and helped clients develop information security programs in line with market practices. Prior to that, Megan was an associate at an international law firm, where she practiced insurance coverage law with a specialization in cybersecurity, privacy, and data breaches. She counseled clients regarding coverage in connection with investigating and responding to data breach incidents and developing strategy to defend companies in data breach class actions and investigations brought by regulators.

During law school, Megan served as a judicial extern to the Honorable Eric C. Taylor of the Los Angeles Superior Court.

Recent work

• Serve as the standing cybersecurity advisor to multiple companies on cybersecurity incidents and on developing information security programs and risk management programs
• Acted as lead counsel on multiple global data breaches affecting millions of user accounts, including a data breach that affected over 150 million user accounts
• Advised several companies on ransomware attacks, business email compromises, and other cyber attacks
• Advised multiple companies on responses and mitigation to open-source vulnerabilities, including Log4j
• Conducted an internal investigation regarding alleged foreign agent insider threats for a semiconductor company
• Served as lead attorney on assessment and compliance for several public companies, including Fortune 50 company on the SEC’s Cybersecurity Rule