Cameron Carr

15-16 St. Helen’s Place
London EC3A 6DQ, United Kingdom

Office: (267) 930-6597


King’s College London
Master of Arts, Medical Law

King’s College London
Bachelor of Laws


  • England & Wales

Practice Areas

Professional Memberships

  • Law Society of England & Wales
  • Insurance Institute of London
  • Chartered Insurance Institute
  • The Sedona Conference
    • Data Security and Privacy Liability – Working Group 11


  • Diploma in Insurance, Chartered Insurance Institute

Based in London, Cameron Carr is a Partner with Mullen Coughlin who has dedicated his entire legal career to assisting organizations navigate through the ever-changing data privacy and security legal and regulatory landscape. With experience in handling over 250 data privacy and security incidents, Cameron consistently demonstrates his commitment to assisting organizations worldwide in responding to, and investigating, data privacy and security incidents, as well as assisting with compliance challenges.

As a Breach Coach for organizations suffering through a data privacy and security incident, Cameron plays a pivotal role in coordinating the multiple incident response stakeholders. From forensic investigation firms and cyber insurance carriers/brokers to law enforcement and regulatory agencies, he consolidates his expertise to effectively and efficiently navigate sophisticated ransomware incidents, business email compromises (BEC), network intrusions and unauthorized or inadvertent disclosure incidents. His ability to seamlessly manage these complexities has been recognized by his clients as “super knowledgeable” and he is often not only a lawyer for his clients, but also a business partner.

Cameron’s unique insight into insurance claims, gained through his experience working on claims teams for two international insurance carriers as a secondee, supplements his ability to counsel organizations through the cyber claim process after an incident has been identified. His comprehensive understanding of the industry’s nuances allows him to provide strategic counsel that goes beyond mere legal consideration.

Beyond incident response, Cameron extends his experience to supporting organizations with their data privacy and information security Advisory Compliance solutions. He is often tapped to counsel organizations on their compliance with comprehensive consumer data privacy laws in the United Kingdom, as well as across the European Union (EU), in particular with the General Data Protection Regulation (GDPR). His proactive approach ensures that organizations are well-prepared to navigate the evolving landscape of data privacy and information security laws and regulations.

Cameron successfully represents organizations in privacy litigation defense arising from data privacy and security incidents. His technical expertise adds depth to his skill set, allowing him to offer comprehensive strategic guidance to organizations facing legal challenges in the aftermath of a data privacy and security incident.

Cameron’s involvement in the cybersecurity, data privacy and cyber insurance fields extends beyond his legal practice, and he is routinely invited to speak and present at national and international conferences. Additionally, he contributes to shaping industry standards as a member of the Sedona Conference’s “Data Security and Privacy Liability – Working Group 11.” In this capacity, he actively identifies and comments on data privacy and security law trends, ensuring organizations stay informed about prevailing cyber risks and take proactive steps to mitigate operational, financial and reputational effects of data privacy and security incidents.

Cameron also contributes to the development of new cyber professionals including lawyers, insurers and forensic providers. He mentors a number of individuals across the market in addition to working on ‘jargon busters,’ novel training concepts and teaching at a number of universities across the globe.

Prior to joining Mullen Coughlin, Cameron was a core member of his former firm’s Cyber, Privacy and Data Innovation practice group.


Incident Response

  • Facilitated notice in more than 50 countries on behalf of a gaming company, with most all notification efforts occurring within 72 hours
  • Represented a UK public company with the coordination of a complex containment exercise following a sophisticated and complex data privacy and security incident involving a data access broker
  • Represented a large international financial services organization in its response and investigation into a ransomware incident affecting offices/terminals in multiple jurisdictions
  • Represented a UK public entity in the response and investigation, including all internal and external communications, into a ransomware attack affecting large number of data subjects
  • Represented a number of UK secondary schools following a deluge of PYSA ransomware attacks, including notifying data subjects following data exfiltration and publication
  • Represented a construction firm during a ransomware incident involving triple extortion tactics and facilitating relevant ransomware negotiations
  • Represented an educational institution in a successful injunction against a third-party file sharing site in New Zealand following publication of sensitive data
  • Represented a major international insurer in coordinating its global response to an incident involving its data processor including management of local counsel and weekly board reports.
  • Represented hundreds of organizations across all industry sectors in the response to, and investigation of, ransomware, BEC, Payment Card Industry (PCI) and other data privacy and security incidents

Privacy Litigation

  • Represented an international insurance broker in data subject litigation following the inadvertent disclosure of client details
  • Represented a UK-based charity against allegations of breach of GDPR, misuse of private information and breach of confidence following a data privacy and security incident involving a supplies
  • Represented educational institutions following PYSA ransomware incidents and claims from former employees arising from the publication of sensitive data
  • Defended a claim made against an IT provider arising from its management of a major ransomware incident


  • “Challenges Associated with Cyber Claims in the UK/EU for Complex Breaches,” Intelligent Insurer Cyber Risk & Insurance Innovation Europe 2024, London, UK, February 8, 2024
  • “A New Age of Privacy Regulation,” Zywave 2023 Cyber Risk Insights Conference, New York, NY, September 27, 2023
  • “Privacy and Security,” The Sedona Conference Institute, April 2023
  • “Introduction to Cybersecurity,” Microsoft Ready, Set, Scale, March 2, 2023
  • “International Incident Response,” DC Bar, January 2023
  • “Supply Chain Data Breach – Not My Problem?,” Forum of Insurance Lawyers, 2021
  • “Question Time on Silent Cyber,” Forum of Insurance Lawyers, 2021
  • “Expecting Clauses at Christmas – Silent Cyber Risks and Lloyd’s Phase 3,” International Underwriting Association, 2020
  • “The Plight of Ransomware,” NetDiligence Cyber Risk Summit, 2020


  • “The Sedona Conference Incident Response Guide,” Contributor, The Sedona Conference, January 2020


  • “Key Lawyer – Privacy and Cybersecurity,” Legal 500 (2023)