Raj De serves on Mayer Brown’s global Management Committee. He was previously the Managing Partner of Mayer Brown's Washington DC office, which is comprised of more than two hundred lawyers. He leads the firm's global Cybersecurity & Data Privacy practice, as well as the firm’s National Security practice, and serves as a member of the firm’s Congressional Investigations & Crisis Management team. After nearly two decades in private practice and public service across all three branches of the United States government, Raj is one of the most trusted voices in Washington. He has held senior appointments in the White House, the Department of Justice (DOJ) and the Department of Defense (DOD). Raj returned to Mayer Brown in 2015 after serving as General Counsel at the United States National Security Agency (NSA). Since returning to the firm, Raj has received numerous recognitions, including by American Lawyer (“Lateral All-Star”), Washingtonian magazine (“Top Lawyer”), The National Law Journal (“Cybersecurity and Data Privacy Trailblazer”), and Cybersecurity Docket (“Incident Response 30”).

Raj focuses his practice on cutting-edge legal and policy issues at the nexus of technology, national security, law enforcement and privacy. He advises clients, including management teams and boards of directors, in connection with crisis management, government and internal investigations, high-stakes litigation, regulatory enforcement matters, and congressional inquiries. Raj provides clients with strategic counseling and practical legal advice, drawing upon a wealth of experience in government service and private practice.

Read Raj's full bio.

On March 6, 2024, New Hampshire Governor Chris Sununu signed SB 255 into law, making the Granite State the latest to enact a comprehensive privacy law—the 15th state, if you count Florida’s privacy law of narrower applicability.

New Hampshire’s privacy law goes into effect January 1, 2025 and applies to persons that conduct business in

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) finalized the amendment to its cybersecurity regulation (the “Amendment”). The Amendment expands cybersecurity requirements across many areas—from governance to incident response to access controls.

The Amendment follows the three published drafts: two proposals published for formal notice and comment in November 2022 and

On October 30, 2023, President Joe Biden issued an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intellence (the “AI EO”). Directing numerous actions by federal agencies, the AI EO reflects the Biden Administration’s intent to employ a range of legal and policy tools to promote US leadership on artificial

Recent high-profile cyber incidents involving exploitation of software vulnerabilities—such as the SolarWinds and MOVEit incidents—have increased scrutiny of the security of the software upon which corporate and government customers rely. Though phishing and social engineering continue to be leading causes of cyber incidents, there is growing potential legal exposure for companies from security vulnerabilities in

Today, the UK Department for Science, Innovation and Technology announced further details on the new transatlantic data flow mechanism for UK-to-US personal data transfers. In particular, the UK Secretary of State for Science, Innovation, and Technology today laid new adequacy regulations before the UK Parliament to give effect to the proposed arrangement. The deal, announced

On August 8, 2023, the National Institute of Standards and Technology (“NIST”) released a draft of The NIST Cybersecurity Framework (CSF) 2.0,1 (the “CSF” or “Framework”) along with a Discussion Draft of the Implementation Examples.2 This draft makes the most significant changes to the Framework since its initial release in 2014.

On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC”) issued a release, adopting final rules (the “Final Rules”) aimed at standardizing and enhancing disclosure relating to cybersecurity incidents and risk management processes. The SEC had proposed rules (the “Proposed Rules”) on March 9, 2022. The Final Rules reflect the considerable comments received

On July 18, 2023, the Biden-Harris Administration announced its “U.S. Cyber Trust Mark” initiative.1 Under this program, the Federal Communications Commission (FCC) will establish a voluntary certification and labeling program to guide and inform consumers purchasing Internet of Things (IoT) devices such as “smart refrigerators, smart microwaves, smart televisions, smart climate control systems, smart

On July 19, 2023, the Office of the National Cyber Director (ONCD) issued a request for information (RFI) on cybersecurity regulatory harmonization.1 The RFI is intended to be a step toward the Biden Administration’s goal, as stated in the National Cybersecurity Strategy, to “harmonize not only regulations and rules, but also assessments and audits