NT Analyzer expands privacy forensics capabilities as litigation risk and regulatory scrutiny increase

Global law firm Norton Rose Fulbright today announced that NT Analyzer, the firm's proprietary privacy testing tool, has expanded its product capabilities with advanced privacy forensics designed for an era of heightened regulatory enforcement and increasingly sophisticated privacy litigation.

These enhancements enable Norton Rose Fulbright's Global Cyber and Privacy team to provide meaningful and practical privacy assessments of client websites and mobile applications based on objective forensic evidence. Using NT Analyzer, the team can identify the root cause of detected issues and translate technical findings into actionable guidance, helping mitigate litigation and regulatory risk.

As part of this expanded approach, NT Analyzer uses network traffic analysis, runtime execution evidence and static code analysis to map the data collection footprint of companies' digital assets, identifying legal risks such as data leakage, form-scraping, non-working opt-outs and unknown third parties.

"Privacy risk has reached a critical inflection point across industries as regulators tighten oversight and litigation exposure accelerates," said Jeff Cody, Norton Rose Fulbright's Global and US Managing Partner. "Organizations that fully understand their systems will be better positioned to manage risk, respond to scrutiny and operate with resilience in this high-stakes environment."

Norton Rose Fulbright's 2026 Annual Litigation Trends Survey indicates that cybersecurity and data privacy remains one of the key concerns for US corporate counsel facing increasingly sophisticated threats emboldened by AI. Nearly 40 percent of survey respondents said their business's exposure to cybersecurity and data privacy disputes deepened over the past 12 months, making it the leading area of increased exposure.

The enhanced NT Analyzer platform helps organizations meet this moment head-on. Lawyers at Norton Rose Fulbright use the tool to support clients by delivering evidence-based privacy risk assessments grounded in actual technical artifacts. These findings provide a factual foundation that can support required risk assessments, regulatory engagement and litigation defense.

"When something goes wrong, knowing that it happened is no longer enough," said Steven Roosa, Norton Rose Fulbright's US Head of Digital Analytics and Technology Assessment Platform. "We need to know the how and why so we can empower organizations to take complete control of their digital privacy footprint."

Building on these enhanced forensic capabilities, Norton Rose Fulbright is also refining how NT Analyzer assessments are delivered to clients through a fixed-fee approach based on the number and complexity of the website or mobile applications being examined.

"As privacy risk grows more complex and consequential, companies are focused on greater certainty around both outcomes and cost," said David Kessler, Norton Rose Fulbright's Global Head of eDiscovery and Information Governance as well as its US Head of Privacy. "By introducing enhanced assessments under a fixed-fee structure, we're delivering the transparency and predictability our clients expect."

NT Analyzer's enhanced platform enables organizations to:

• Test websites and applications live or in beta to prevent privacy failures before public launch
• Perform periodic snapshots of websites and apps to detect and remediate risks before they are seized on by regulators or plaintiffs' attorneys
• Uncover technical facts following a dispute to inform defenses, including arguments relevant to reducing liability and defeating class certification
• Provide chief privacy officers and in-house counsel with direct sight into the technical facts that drive privacy outcomes
• Generate documentation that can serve as the core foundation of legally required privacy risk assessments

Norton Rose Fulbright's global cybersecurity and data privacy practice is composed of more than 100 lawyers based in many of the world's key jurisdictions, helping clients manage legal and regulatory risks related to cybersecurity, privacy, information governance, eDiscovery, information technology, eCommerce and intellectual property. As an integrated, cross-border group, the team provides clients with a seamless worldwide service.