A compromised entity is often required to self-report to certain regulators an event impacting the security of its data or information systems. Additionally, certain laws permit regulators to launch investigations into the security of an organization, its data, and its systems even when the organization has not experienced a data security event. These investigations can take years, involve voluminous and pointed requests, require the production of large volumes of data, and result in lengthy and sometimes tense negotiations with regulators. The Mullen Coughlin team is experienced in representing organizations with matters before state, federal, and international regulators, including: attorneys general; state agencies; the FTC; HHS; OCR; and FDIC. Mullen Coughlin has provided such defense services to hundreds of organizations. Mullen Coughlin has also represented many clients with large credit card compromises, assisting with the response to the complex and often lengthy investigation done by the Payment Card Industry.