Industry Associations

  • International Association of Privacy Professionals (IAPP) — Certified Information Privacy Professional, United States (CIPP/US)
  • Information Systems Security Association (ISSA)

Bar & Court Admissions

  • State Bar of California
  • State Bar of Florida
  • State Bar of Tennessee
  • U.S. Court of Appeals for the Eleventh Circuit
  • U.S. District Courts for the Middle, Southern and Northern Districts of Florida
  • U.S. District Court for the Middle District of Tennessee

Professional Affiliations

CompTIA A+ and Security+ certified professional

Certified Information Privacy Technologist (CIPT)

U.S. District Court for the Middle District of Florida — certified mediator

Community Involvement

All Children’s Hospital Foundation Development Council 

Ronald McDonald House Charities of Tampa Bay

Education

Vanderbilt University School of Law, J.D.

Vanderbilt University, M.A.

University of California at Santa Barbara, B.A.

Photo of Scott T. Lyon

Scott T. Lyon

Partner
Orange County
T: 714.557.7990
F: 714.557.7991
Profile
Representative Matters
Newsroom
Upcoming Events
Full Bio

Scott T. Lyon is an M&R partner whose expertise in technology, cybersecurity and data privacy is particularly relevant given today’s business climate. In addition to evaluating and implementing effective information security practices, Scott also manages data breach responses and notifications for his clients, guiding them through the complicated state, federal and international legal obligations that arise when a data breach occurs.

As both a lawyer and IT professional, Scott employs his legal and technical knowledge in counseling a wide range of organizations in an array of industries (including financial services, insurance, advertising, digital media, hospitality, technology and retail) on improving their cybersecurity and data privacy programs and developing policies to quickly mitigate and recover from cyber attacks. While some law firms focus primarily on breach response, Scott and his M&R Cybersecurity & Privacy team leverage their technical expertise to offer the full-spectrum of pre- and post-breach services: assisting clients in performing risk assessments, developing data governance policies, working with vendors and partners to establish third party service provider security policies and contract terms, developing and testing incident response plans, assisting with breach response and notification, defending clients in data breach litigation, and building and implementing comprehensive organization-wide cybersecurity programs. Scott also helps clients comply with rapidly evolving cybersecurity and privacy regulations, including the New York Department of Financial Services (NY DFS) cybersecurity regulations, EU General Data Protection Regulation (GDPR) and others.

In the course of his career, Scott has been awarded numerous security and privacy certifications, including but not limited to CompTIA’s A+ and Security+ certifications, demonstrating technical mastery of the fundamentals of information security. In addition, he has been designated as a Certified Information Privacy Professional, United States (CIPP/US), by the International Association of Privacy Professionals (IAPP). This certification is bestowed upon professionals who have demonstrated knowledge and experience in U.S. privacy and security laws and regulations. On top of this, Scott is a Certified Information Privacy Technologist (CIPT), as named by the IAPP, which reveals his proficiency in the technical implementation of IT and engineering technologies relating to privacy and security.

A reasoned and pragmatic lawyer to his core, Scott is a graduate of the University of South Florida Circuit Court Civil Mediation Training program and serves as a certified mediator for the U.S. District Court for the Middle District of Florida.

Representative Matters

Transactional

  • Assisted California health care provider in data breach investigation and notification.
  • Represented and advised national retailer in multi-state data breach notification resulting from data breach by third party payment processing vendor.
  • Prepared risk assessment policy, cybersecurity program, data governance policy, and third party service provider security policy for Fortune 100 company.
  • Counseled and prepared cybersecurity program policies for international IT development company.
  • Prepared incident response program for major national insurance carrier.
  • Revised privacy policies, terms and conditions and end-user license agreements and assisted with technology-based consumer rights issues on behalf of numerous international retailers.
  • Counseled multiple international retailers on complying with the Telephone Consumer Protection Act (TCPA), CAN-SPAM Act, and state email advertising laws.
  • Negotiated sponsorship agreements between electronic funds transfer management company client and various sponsor banks.
  • Represented multiple information technology consulting clients in acquisition of established IT consulting firms.
  • Drafted vendor and subcontractor agreements for national information technology client, as well as employment agreements, non-competition agreements and various other transactional documents. Drafted and negotiated website and branding design agreements.
  • Obtained federal trademark registration for information technology consulting client despite opposition by international software giant.

Litigation and Regulatory

  • Represented financial service and healthcare providers in investigating and responding to data breach incidents.
  • Represented client in responding to government inquiries regarding product data security.
  • Represented financial services provider in defending against derivative action suit by minority shareholder.
  • Represented national IT consulting firm in breach of contract suit against staffing provider for services performed on behalf of national bank.
  • Represented national IT consulting firm in collection action based on breach of master services agreement by former client. Successfully obtained arbitration award and payment for client in full amount of damages and attorneys’ fees.
  • Represented printing company against allegations of sexual harassment, gender discrimination and hostile work environment claims by former employee. Succeeded in obtaining summary judgment for client after demonstrating numerous inconsistencies in plaintiff’s deposition.
  • Represented national healthcare company in criminal investigation stemming from death of resident following treatment at client’s facility. Successfully settled potential claims after demonstrating insufficient evidence of alleged trauma.
  • Represented regional hospital in suit against document storage company that refused to release stored medical records unless hospital paid an exorbitant “release” fee. Obtained judgment awarding damages against storage company, as well as attorneys’ fees and costs

Publications

Past Speaking Engagements

Upcoming Speaking Engagements