Twitter Logo Youtube Circle Icon LinkedIn Icon

United States > Media, technology and telecoms > Technology: data protection and privacy > Law firm and leading lawyer rankings


Index of tables

  1. Technology: data protection and privacy
  2. Leading lawyers

Baker McKenzie LLP’s practice is led by Lothar Determann in Palo Alto and Brian Hengesbaugh in Chicago, and clients applaud the duo for being ‘very knowledgeable and practical’. Ryan Fayhee joined the Washington DC office having previously held a role as a national security prosecutor for the DOJ; he now focuses on compliance issues related to export controls, sanctions, and anti-corruption laws and regulations. Recent work includes advising an IT security company with its global expansion, data privacy compliance, and litigation and M&A transactions.

Kurt Wimmer heads up Covington & Burling LLP’s practice and frequently represents high-profile clients such as the NFL on data security issues. Other notable work includes advising Facebook before the FTC and assisting with a wide range of privacy and security issues in the US. Partner promotions included litigator Alex Berengaut, who focuses on national security and law enforcement compliance issues, including electronic surveillance; Michael Nonaka, who deals with data privacy and security issues; and Lindsey Tonsager, who advises on mitigating data security risks.

DLA Piper LLP (US)takes a practical approach to data breach response, seeking to understand the client’s business risk and concerns’. The group was appointed to the global panel of a leading spirits distributor for assistance on its privacy matters, and has also been appointed counsel to a major auto manufacturer on connected car privacy issues. Thomas Boyd and Jim Halpert are the chairs, both located in Washington DC. Amor Estaban joined the San Francisco office from Shook, Hardy & Bacon LLP and has expertise in e-discovery, records and information management, cloud computing, social media, data privacy, data breach and cyber crimes. Marcia Augsburger and Aravind Swaminathan departed for positions at King & Spalding LLP and Orrick, Herrington & Sutcliffe LLP respectively.

Hogan Lovells US LLP’s Washington DC-based practice ‘is incredibly responsive and its expertise in global privacy laws is unparalleled’, according to one client. Christopher Wolfis an outstanding resource for directional and policy questions’. Scott Loughlin was promoted to the partnership; he ‘is as responsive as he is smart’ and considered a ‘first-stop’ for data privacy questions. Marcy Wilder is a health privacy and health data management expert, and Harriet Pearson has longstanding cybersecurity and data privacy law expertise. Wolf and Wilder lead the team and recently advised a global technology company on HIPAA, HITECH and FTC compliance, state privacy laws, cloud storage, and business associate issues.

Lisa Sotto is head of global privacy and cybersecurity at Hunton & Williams LLP, and Aaron Simpson is a key US partner for privacy matters. The team, which is spread between New York and Washington DC, regularly advises large utility companies, financial institutions, and national retailers on strengthening their network security policies and practices, assessing inventories of sensitive data and networks, and providing cybersecurity and national security updates with regard to policy, regulatory and legislative developments. Phyllis Marcus joined as counsel from the FTC.

Morrison & Foerster LLP’s team ‘has incredibly deep industry knowledge’, according to sources, and is praised for ‘always focusing on pragmatic business answers and never answering academically’. Regulated industries with online aspects is the team’s niche, and team heads Andrew Serwin in San Diego and Miriam Wugmeister in New York have strengths in cybersecurity and privacy class actions respectively. Recent engagements include advising a US manufacturing company on data protection issues relating to its e-commerce site, including cookie compliance and online behavioral advertising.

Sidley Austin LLP’s team has a prominent practice in the financial services sector and has extensive experience acting for telecoms and analytics companies. ‘The privacy team is truly a pleasure to work with - they are well connected with privacy regulators and thought leaders around the world and can bring significant expertise to bear on behalf of the client’. Alan Raul represents clients on federal, state and international privacy issues; Anna Spencer has strengths in health-related privacy and security; Edward McNicholas’ niche is assisting technologically sophisticated companies with regulatory and policy issues; and John Casanova plays an important role in the practice from the Singapore office.

On behalf of newly won client Horizon Healthcare, Arnold & Porter Kaye Scholer LLP obtained the dismissal of a data breach class action following the theft of laptops containing customer information. It secured the same result for Leidos when a putative class action was filed against the government contractor regarding the theft of back-up data tapes containing customer information. Ronald Lee focuses on national security, cybersecurity and government contracts matters; Kenneth Chernof advises on litigation resulting from data breaches; and Marcus Asner has expertise in identity theft, cyber crime and credit card bust-out schemes. Washington DC counsel Nancy Perkins is an expert on COPPA.

The well-regarded Theodore Kobus leads Baker & Hostetler LLP’s team and is recommended for his ‘attentiveness, knowledge of the regulators and ability to provide guidance through all stages of an incident, from discovery to litigation - and everything in between’. Craig Hoffman’s knowledge of the payment card industry is ‘incredible’ and overall the team is praised for its ability to ‘offer immediate and practical advice, including from the most senior partners on the team’. Will Daugherty joined as counsel in the Houston office from an in-house position at GameStop; the Atlanta office welcomed Amy Fouts, who joined from the now defunct McKenna Long & Aldridge along with counsel Vimala Devassy, and brings expertise in HIPAA compliance and incident response; and Paulette Thomas joined the Cincinnati office from her in-house corporate counsel role at Catholic Health Initiatives. Recent work includes acting for GameStop in winning the dismissal of privacy litigation alleging unlawful monitoring of online consumer behavior.

Cooley LLPfields an insightful and responsive practice and provides good advice and good value’. Michael Rhodes ‘gives trustworthy advice’ and Matthew Brown and Randy Sabett play key roles in the 16-partner group. The team is well versed in the telecoms sector, and acts as counsel to a major cable operator, advising on compliance with FCC customer proprietary network information rules and reporting requirements, and on TCPA compliance. Sabett is leading advice to a major gaming organization regarding implementing rules and agreements that allow for cybersecurity information sharing to occur among various industry stakeholders.

Kelley Drye & Warren LLP’s Washington DC-based team ‘knows its stuff, and can help with anything’, according to a client. Jameson Dempsey earns particular praise, and Dana Rosenfeld, who leads the team, represented Verizon in a data security investigation by the FTC. Rosenfeld also assisted Internet database service provider TrueNorth Compliance regarding a data security breach, in which a document containing personal information became accessible. Alysa Hutnik has strengths in mobile payment issues, John Heitmann is experienced in acting for communications service providers and Christopher Loeffler has privacy compliance expertise.

James Taylor and Kenneth Florin co-lead Loeb & Loeb LLP’s practice, which advises clients such as Blackberry, Comcast, Nike, Visa, HBO and Toyota USA. Data optimization is a niche area for the team, as is advising online streaming agencies on how to use sensitive mobile information. Nathan Hole in Chicago and Ieuan Jolly in New York are among key members of the team; Jolly heads up the privacy practice, and recent mandates include advising on a $200m data licensing transaction involving geolocation data, audience augmentation, data matching and predictive analysis for a large international radio programmer.

Clients say of the team at Pillsbury Winthrop Shaw Pittman LLP that the ‘service is A-plus’. Washington DC-based Brian Finch is ‘knowledgeable, available and helpful, and his guidance and good sense help clients reach policy goals every time’. The team represented a financial services holding company and others in connection with the data breach of a national insurer which happened in early 2015. Finch, who is well known for his SAFETY Act expertise, led advice to FireEye in securing SAFETY Act certification for two of the company’s cybersecurity products. Deborah Thoren-Peden leads the group and is an expert on US privacy laws, virtual currencies, and mobile payment issues.

Proskauer Rose LLP’s 13-partner team is led by Kristen Mathews in New York, ‘she has outstanding proficiency in the area and can easily and quickly understand clients’ issues’. Margaret Dale is a key litigator for data breaches, and Sigal Mandelker is very experienced in government-related privacy matters. Recent highlights include creating a data protection program and policy suite for a global solar energy company, and, in another matter for the same client, the team is defending against allegations of misappropriation of customer and other competitive information.

Reed Smith LLP’s clients include the likes of Avis Budget Group, NiSource, Practice Fusion, Sterling Infosystems and various financial businesses, and it provides advice in relation to regulatory matters, data policy, transactions and contract drafting. Angela Angelovska-Wilson ‘has wide and detailed knowledge of the industry’. William Cook joined from McGuireWoods LLP in Chicago, and has strengths in privacy projects and information protection in the real estate sector. Work highlights included acting for Zwipe in its partnership with MasterCard for the use of biometric technology in a contactless payment card with an integrated fingerprint sensor.

Heather Egan Sussman in Boston leads Ropes & Gray LLP’s practice along with Rohan Massey in the London office. Sussman is a recent arrival from McDermott Will & Emery LLP and brings longstanding expertise in privacy, information security and consumer protection. The team advises Under Armour on the privacy, security and data management aspects of its connected fitness division and related mobile applications. Deborah Gersh is co-chair of the healthcare practice and led work for Heartland Dental, which involved the discovery of an ongoing, multi-year attack on various websites belonging to the client. The team also advises Service Management Group, a market research and consumer insight company, on its global privacy program, cybersecurity, international data transfers, and on the privacy and security aspects of its mobile application.

WilmerHale provides advice to clients such as State Street on privacy, data security, and consumer protection issues, and is also involved in defending an FTC investigation into Target’s data security practices in the wake of its major data breach in 2013. It also acted for American Express in two mobile payments deals. D Reed Freeman and Benjamin Powell are the co-leaders of the practice and each has expertise in cross-device tracking and targeting, and assisting technology providers in the travel industry with cybersecurity issues.

Buckley Sandler LLP’s Margo Tank ‘is tremendously talented and passionate, she is universally recognized in the industry as one of the go-to experts in the field’. Washington DC-based Tank leads the team with Elizabeth McGinn, who is based in New York, and the pair have expertise in e-commerce, fintech, regulatory examinations and investigations, and FTC compliance in particular. The team advises companies in the telecoms, alternative energy production and financial services sectors on privacy, information security and cybersecurity requirements, and advises on privacy and security risk mitigation and cyber insurance.

Davis & Gilbert LLP’s Gary Kibelis extremely knowledgeable and understanding, and is efficient’. Kibel leads the team along with Richard Eisert, who is knowledgeable in the area of social media data security negotiations. The team has been advising various children’s advertisers and their agencies on COPPA and HIPAA compliance and cross-device tracking, and it has been advising clients on self-regulating procedures within mobile privacy matters.

Debevoise & Plimpton LLP’s Jeremy Feigelson leads the cybersecurity and data privacy practice and he and recently promoted partner David Sarratt are considered ‘thorough and client friendly’. Jim Pastore, who focuses on privacy and cybersecurity, was promoted to the partnership in April 2015; and new hire David O’Neil, who was previously head of the DOJ’s criminal division, joined the Washington DC office bringing strengths in cybersecurity and white-collar and criminal matters. Former chief privacy officer at Fannie Mae Jeewon Kim Serrato joined as litigation and cybersecurity counsel. Bruce Yannett is leading work for Home Depot following its widely reported data breach of 2014, which resulted in the theft of payment card details of millions of customers; the work includes board-level investigation, post-breach remediation strategies and law enforcement compliance.

Foley & Lardner LLP recently welcomed Beni Surpin from Paul Hastings LLP, and Matthew Karlyn rejoined after a stint at Cooley LLP. With a team spread across Jacksonville, Boston, Los Angeles, San Francisco and Chicago, it provides expertise in data privacy and security compliance, software and technology agreements, domain names and social media policies. Chanley Howell led advice to Marriott in regard to compliance with the recent amendments to the Telephone Consumer Protection Act.

Gibson, Dunn & Crutcher LLP has been representing Facebook in its European privacy proceedings. In particular, the Belgian branch of the social media client was accused of breaching Belgian privacy rules by the alleged tracking of non-users through the use of social plug-ins and cookies. For Uber Technologies, the team assisted in defeating a putative class action stemming from a data breach in which the plaintiff alleged that the breach resulted in, among other things, an attempt to open a credit card in his name. Los Angeles-based Debra Wong Yang, New York-based Alexander Southwell and Sean Royall, who splits his time between Dallas and Washington DC, are the co-leaders of the 15-partner practice. Other key representations in the past year included acting for government contractor KeyPoint in relation to an alleged data breach of government personnel records in connection with the high-profile US Office of Personnel Management breach.

Goodwin Procter LLP is particularly well known for its strengths in the financial services and technology sectors, and the Boston-based co-chairs Brenda Sharton and Lynne Barr have experience in representing property companies with computer system breaches, and assisting secure identity management companies with HIPAA compliance policies. William Growney joined the Silicon Valley office from RichRelevance, a technology company based in San Francisco; Cindy McAdam joined the same office from bitcoin wallet Xapo; and the Washington DC office welcomed Michael Flynn from Flagstar Bancorp.

The Jenner & Block LLP practice engages in cross-border data security activities and is led by Washington DC-based Mary Ellen Callahan. Callahan has recent experience advising a national cable provider affected by an international data breach, and also advised the client on FCC regulatory issues. TCPA litigation is among the core strengths, and new hires included Nancy Libin, who joined from Wilkinson Barker Knauer LLP, and special counsel Heidi Wachs, who joined from information technology company Gartner. New clients span the education, mobile technology, and communications sectors, and AEP Energy and Northern Trust are clients.

Jones Day provides counsel to the Internet Corporation for Assigned Names and Numbers on matters such as data protection regulation, domain name registry, and negotiations with various EU data protection authorities regarding data retention requirements. New York-based Mauricio Paez led data protection advice to Cardinal Health throughout its acquisition of the Cordis Corporation and other global assets from Johnson & Johnson. Los Angeles-based Daniel McLoon co-leads the team with Paez, and core strengths include advising on the theft of digital assets, EU-US data transfers, internal cyber crime investigations, and e-health data protection issues.

Latham & Watkins LLP’s practice leader Jennifer Archieis one of the best all-round privacy attorneys - her knowledge is comprehensive across privacy areas, including data breach and preparation work, litigation defense, and enforcement actions’. Ongoing work includes advising Vizio on global data privacy and security matters, including the potential expansion of smart TV sales into foreign markets with explicit data protection laws. For The Carlyle Group, it acted in the acquisition of Novetta Solutions, a provider of data analytics and cybersecurity solutions.

Bart Huffman leads the Locke Lord LLP team, which has experience in advising clients on Safe Harbor compliance, particularly where the FTC is involved. Recent work highlights include an investigation of potential data security incidents involving credit card and other personal information leakages. The client base includes financial institutions, international energy companies, software companies and state authorities.

The unfailingly smart and completely customer-focused’ team at Manatt, Phelps & Phillips, LLP has ‘strong knowledge, expertise, and the ability to facilitate discussions that result in appropriate policy solutions. Practice head Donna Wilson ‘is very smart and extremely diligent, she knows when it makes sense to fight or defend a principle, but can balance that sensibility against the benefit of getting closure on a matter through a quick and favorable settlement’. Particularly notable is the firm’s work defending against customer data collection class action lawsuits in California and Massachusetts, and in individual TCPA claims. The well-regarded Robert Belfort is assisting the New York eHealth Collaborative with the development of a plan to sustain the Statewide Health Information Network of New York.

Rajesh De is the newly appointed leader of Mayer Brown’s cybersecurity and data privacy practice, having previously held a position as general counsel at the NSA. Recent work highlights include representing Spokeo in the Supreme Court in an FCRA class action in which the client - an internet search engine that finds people through aggregating public information - allegedly published inaccurate information about the plaintiff that qualifies as a ‘consumer report’ under FCRA rules. Kendall Burman joined as counsel from the Department of Commerce.

Scott Carlson in Chicago and John Tomaszewski in Houston chair Seyfarth Shaw LLP’s practice, which recently saw the arrival of two senior counsels; M. James Daley and Patrick Burke. Chicago-based Daley has experience in EU-US data transfer matters, and New York-based Burke focuses on cross-border electronic discovery and disclosure. US-headquartered staffing agency Kelly Services is a client, as are First Point, a telecoms and network hardware reseller, and data privacy management company True Ultimate Standards Everywhere. Julia Jacobson joined the Boston office from McDermott Will & Emery LLP in February 2016.

The Sheppard, Mullin, Richter & Hampton LLP practice handles data breach responses and investigations, and is led by Craig Cardon, who clients say ‘is smart, practical, easy to work with, and tough when he needs to be’, and Brian Anderson, who is also well regarded by clients and has strengths in cross-border data transfers and in advising technology companies with data-related compliance, transactions and security. Cardon is based in Century City and sometimes San Francisco, and Anderson splits his time between San Francisco and Silicon Valley. Benjamin Mulcahy, who splits his time between Century City and New York, handles international privacy compliance for a global beverage company and specializes in data-related issues.

Stuart Ingis and Emilio Cividanes lead Venable LLP’s Washington DC-based practice, and recent work highlights include developing and advising on the implementation of self-regulatory principles for the collection of data on mobile websites for the Digital Advertising Alliance (DAA). Other areas recently advised upon include data security and breach notification, cybersecurity information sharing, the Internet of Things, and geolocation matters. Former senator Mark Pryor joined in early 2015, bringing expertise in cybersecurity and internet privacy; and Ari Schwartz joined as managing director of cybersecurity services, after serving as a member of the White House National Security Council. Cybersecurity expert Erik Jones also joined after holding a position as deputy general counsel and chief investigative counsel to the US Senate Committee on Commerce.

Winston & Strawn LLP advises Fortune Brands and its subsidiaries with their respective privacy obligations, and assists with the updating of the companies’ privacy disclosures and with general privacy compliance matters, including the launch of a new mobile app. Chicago-based Liisa Thomas leads the practice and is an expert on data breach notifications, and new arrivals included Scott Landau, who joined the New York office in March 2015 from Pillsbury Winthrop Shaw Pittman, LLP, and Kobi Brinson, who joined the Charlotte office from Bank of America, where she served as assistant general counsel.

The practice at McDermott Will & Emery LLP is led by Chicago-based Daniel Gottlieb, whose areas of expertise include health privacy, mobile apps, e-commerce, text messaging and other digital law issues. In the health space, the team acted for a major healthcare services company in securing international data protection approvals, and provides advice on HIPAA compliance.

Norton Rose Fulbright US LLP fields ‘a responsive, practical and expert team’, which is led by ‘an extremely strong duo’. David Navetta in Denver is a security expert, and Boris Segalis in New York is strong on the privacy side. ‘Navetta’s major strength is his analytical skills; he can quickly provide gut reactions and then be able to dive deeper for a more thorough analysis, if needed’. The team acts for clients from the financial services, pharmaceutical, life sciences, retail, insurance and energy sectors, and is experienced in payment card breaches, cloud computing issues, data hub relocation projects and HIPAA compliance.

Orrick, Herrington & Sutcliffe LLP’s team is co-led by Antony Kim in Washington DC, Mark Mermelstein in Los Angeles and Aravind Swaminathan, who joined the Seattle office from DLA Piper LLP (US). The trio is applauded for being ‘extremely responsive and client focused, and succeeding at meeting the needs of both in-house counsel and tech-savvy business clients’. The team advises an online dating company on data collection issues and data usage across its social network and mobile brands, and, for the City of Seattle, it worked with its privacy team to plan and develop an internal privacy toolkit to educate its employees on privacy and security objectives and compliance, and to create umbrella data protection and privacy documents to assist with the client’s vendor contracts.

Paul Hastings LLP’s practice saw James Koenig’s arrival in the New York office in September 2015. Koenig previously built and led the global privacy, incident response and data management practices at PwC and Booz Allen Hamilton. Thomas Counts and Behnam Dayanim co-chair the practice; Counts focuses on technology-related litigation, and Dayanim has expertise in regulatory compliance, internal and regulatory investigations, and data breach response. Areas of expertise include fintech, healthcare, pharmaceuticals and mobile-related matters. Samsung, JPMorgan Chase, and Pfizer are among its new client wins.

International comparative guides

Giving the in-house community greater insight to the law and regulations in different jurisdictions.

Select Practice Area

The Legal 500 United States - Events

GC Magazine

GC Powerlist -
United States

Press releases

The latest news direct from law firms. If you would like to submit press releases for your firm, send an email request to

Legal Developments worldwide

Legal Developments and updates from the leading lawyers in each jurisdiction. To contribute, send an email request to
  • New Industrial Property Law

    The Industrial Property Law abrogating the patchwork of decrees that governed intellectual and industrial property rights has been published in the Official Gazette and entered into force on January 10, 2017.
  • Cross-shareholding Rules and Dividend Tax Exemptions Clarified

    19 Apr 2017 at 04:00
  • Labour E-Contract

    On 13 December 2016, the Ministry of Administrative Development, Labor and Social Affairs (MADLS) of the State of Qatar Read more..
  • Privatization of Domestic Coal-Fired Power Plants in Turkey

    The privatization tender of Çayırhan-2 coal reserve area and the construction of a coal-fired power plant project (“Çayırhan-2 Project ”) was concluded on February 6, 2017, which has been the first of the new wave of privatization of coal reserves and construction of lignite coal-fired power plants in Turkey in line with the recent incentives regarding utilization of domestic coal reserves for electricity generation. This client alert outlines the main novelties in relation to this new wave of lignite-fired power plant tenders, which is expected to continue with several other privatizations in 2017 as explained below.
  • Important Changes to the Electricity Market Licensing Regulation

    On February 24, 2017, the Energy Market Regulatory Authority (“EMRA ”) published a Regulation (“Amending Regulation ”) containing important changes to the Electricity Market Licensing Regulation (“Licensing Regulation ”), including the removal of the share transfer restriction at the pre-license period for transfers to foreign companies and foreign-capital companies, and changes related to the Renewable Energy Resource Areas (“YEKA ”). Highlights of major changes are as follows:
  • The New ICC Arbitration Rules

    As of 1 March 2017, the new Arbitration Rules of the International Chamber of Commerce (“New ICC Rules ”) have come into effect and superseded the former version of the ICC arbitration rules, which have been in effect since 2012.
  • Information law for company participants – the search for a balance of interests

    At the present time, in various legal relationships there exists the acute problem of observing a balance of interests concerning the parties involved in these legal relationships, their legal rights, and their mutual economic needs. Judicial practice, when considering disputes between these kinds of parties, takes into consideration not only the formal requirements of legislation, but also the real economic and legal goals and interests of the participants.
  • Cyprus: Changes To The Inheritance Process Under European Succession Regulation 650/2012

    The growing importance of cross border successions within the European Union and the difficulties and complications resulting from the diversity of succession and private international law rules relating to succession, prompted the European Commission to examine the possibility of introducing a Regulation that would facilitate and streamline cross border successions.
  • A fight against corruption by the proposed introduction of Criminal Record Certificates for Companie

    Due to existing problems with regards to companies competing for the undertaking of public projects, on the 28 th  September 2015 the Cabinet decided to give an end to the scandals involving the squander of millions of public money by approving an amendment Bill, which would add to the conditions for public tenders, the requirement of providing a Criminal Record Certificate for legal entities. Until today, this was not required due to gaps and loopholes in the existing Law. Provided this Bill will be passed into Law by its publication at the Official Gazette of Cyprus, companies applying for public tender will be asked to produce a certificate that would show they have a clean criminal record.
  • Innovation & Thailand 4.0: Value Creation for Business using Trade Secrets

    Thailand 4.0 stands for the new stage to transform the country currently relying on heavy industries (3.0 stage) into a creativity and innovation-driven economy. Trade secrets are definitively value-based and could help pursing Thailand 4.0.

Press Releases worldwide

The latest news direct from law firms. If you would like to submit press releases for your firm, send an email request to