Lisa M.Ropple

Practice Leader Cybersecurity, Privacy & Data Protection

Boston + 1.617.449.6955

Lisa Ropple is a nationally recognized cybersecurity lawyer and leader of Jones Day's global Cybersecurity, Privacy & Data Protection Practice. She has extensive experience advising companies on cyber incident and ransomware response and has represented clients in some of the largest, highest profile data breaches in history. Applying her litigation experience and crisis management skills, Lisa brings a pragmatic, strategic approach to helping companies effectively respond to incidents while minimizing downstream legal risk. She also advises companies and their boards of directors on cybersecurity risk, governance, and risk mitigation strategies.

Lisa handles the response to all aspects of domestic and global cyber incidents, including directing forensic investigations, supporting internal corporate incident response teams, engaging with law enforcement authorities, developing internal and external communication strategies, and advising on regulatory notification and disclosure obligations under securities, consumer protection, and other laws. She also defends clients in litigation and government investigations that often follow significant cyber incidents, including class action litigation and regulatory investigations by the FTC, SEC, OCR/HHS, state attorneys general, and industry regulators. Lisa has over three decades of experience representing public and private companies in complex litigation matters and government investigations, and she served for many years as head of litigation for Jones Day's Boston Office.

Before joining Jones Day, Lisa was a litigation partner at an AmLaw 25 firm, where she was a founding member of the firm's data breach practice and served as co-chair of the litigation department. She also spent five years as associate general counsel, vice president at a Fortune 125 public company, where she was global head of litigation and government investigations and led the company's response to significant cybersecurity incidents.