The Legal 500

Covington & Burling LLP advises on legal, regulatory and legislative matters involving the privacy and security of customer, employee and business information, online advertising, efforts to combat online threats, and related technology and internet law issues. Based in Washington DC, the practice has strong links with government organizations, notably the FTC. Its representation of multinational and global clients is bolstered by its international presence and it is commended for its ‘solutions-oriented approach’ and ‘balancing legal and business considerations’. Supported by excellent connections in the communications and media industry and a strong technology practice, the group advises customers and suppliers in the IT industry and leading players in healthcare and finance. In 2010, practice head Erin Egan advised Facebook on the implications of US and European privacy laws on new Facebook features. Together with telecoms expert Yaron Dori and David Fagan, who specialize in data security, Egan and her team continue to advise longstanding client Microsoft on data protection and compliance matters, including submissions to the FTC and FCC on cloud computing and children’s privacy. The team has a strong foothold in the pharmaceutical and retail sectors, where it has advised multinational clients, notably Procter & Gamble on the privacy implications of cloud computing and online advertising, call interception and recording laws affecting its call center operations in the US and abroad, data security-related matters, and vendor outsourcing arrangements. Other clients include Expedia, Yahoo!, Ann Taylor, King Pharmaceuticals, Schering-Plough and Qualcomm. Dori, who advises TDS telecom on customer data issues, is recommended for his ‘broad expertise’ on data privacy, telecommunications and technology. Mark Plotkin specializes in financial services regulation, IT and national security and foreign inward investment.

DLA Piper LLP’s data protection and privacy group is deeply involved in the evolution of data protection and privacy law at the international, federal and state levels. Its significant Washington DC presence is supported by an extensive national and global footprint. Commended for its ‘practical, actionable, comprehensive guidance’, the group advises on a broad range of privacy issues, assisting with compliance strategies and policies, regulatory investigations and transactional support and litigation. It represents both technology providers and customers, and handles international and cross-border matters, including data transfers and breaches. The group has particular strength in the financial services sector with regulatory and government affairs practice co-chair Thomas Boyd ‘a valuable legal adviser, who is mindful of issues that are important to clients’, providing privacy counsel to the National Business Coalition of leading investors and corporations, as well as advising global financial services organizations, notably Royal Bank of Scotland and Experian, on privacy related issues, including domestic/international data compliance and public policy. The group advises large IT and corporate clients on managing risk and security and dealing with data breaches. Jim Halpert in Washington DC, who is ‘adept at providing guidance about the broader legislative and regulatory landscape’, is counsel to the State Privacy and Security Coalition, the leading technology coalition on privacy, security, consumer protection, marketing, child online safety and internet advertising. Boyd and Heidi Salow, recommended as ‘responsive, helpful and a pleasure to work with’, assist Vanguard with data protection compliance for major global outsourcings, maintaining a privacy-compliant international investigations policy, and employee privacy issues. Litigator Michael O’Neil in Chicago defended one of the three US credit bureaus in a multi-district federal court class litigation challenging the disclosure of information in target marketing lists. Key clients include Alcatel-Lucent, Symantec, Kodak, GE and Verizon.

Hogan Lovells US LLP’s privacy and information management practice group is led by the ‘smart, knowledgeable’ Christopher Wolf and healthcare privacy expert Marcy Wilder in Washington DC. They ‘are always timely, have good industry knowledge and helpful contacts, and provide practical advice’. The practice remains at the forefront of FTC enforcement work and privacy work, handling prominent FTC investigations. Wolf represents leading privacy think tank the Future of Privacy forum, which is focused on emerging privacy challenges in FTC, FCC and NIST regulatory proceedings. The merger with Lovells has significantly extended the group’s global reach, creating the largest privacy practice in the US, which advises high-profile clients including News Corporation, and Wal-Mart on topical issues including behavioral advertising, the Smart Grid, health information privacy and security, and mobile applications. International data transfer privacy specialist Lynda Marshall is recommended. The group maintains a market-leading position in healthcare-related privacy work, advising on HIPAA-related matters and the implications of the Health Information Technology for Economic and Clinical Health Act (HITECH) Act 2009, which addresses privacy and security concerns associated with the electronic transmission of health information. Wilder, who has ‘good contacts with regulators and helps manage incidents’, advises UnitedHealth Group WebMD, the leading provider of personal health records and on-line health information, on data privacy and public policy.

Hunton & Williams LLP’s dedicated privacy practice is led by ‘recognized expert’ and ‘fantastic lawyer’ Lisa Sotto, who is also managing partner of the firm’s New York office. Widely recognized as ‘the go-to firm for privacy matters’, and underpinned by the firm’s geographic reach, the team counsels clients across a wide range of industry sectors on compliance with international, federal and state statutory requirements, including those arising under the EU Data Protection Directive, HIPAA, GLBA, FCRA, CAN-SPAM, TCPA and state laws and regulations. The firm’s privacy think tank and consulting practice, the center for information policy leadership, which has been in existence for ten years, brings together companies, consumer leaders and senior policy makes to develop global privacy and data security strategies, shape privacy solutions and develop next-generation privacy principles for the digital age. Clients recommend the group as ‘top-rate for quality, efficiency and response time,’ for developing data management policies and avoiding and managing security breaches. Highlights included advising a global financial institution on US and EU data protection compliance issues in connection with new information products across multiple jurisdictions, and internet-related projects; and helping a multinational retailer establish a corporate-wide records management program and a global privacy and data security program. Behavioral advertising is another important area of focus. Recently promoted partner Aaron Simpson helps clients manage large-scale data security incidents and compliance with federal, state and international privacy and data security requirements. The practice represents banks and financial services companies, electronic publishers, retailers, risk management specialists, healthcare providers, telecoms and internet service providers and government agencies. Clients include GE, Polo Ralph Lauren, TJX, MasterCard, Alaska Air, Philips, Macmillan and Farmers.

Morrison & Foerster LLP’s global cross-disciplinary team of over 60 attorneys advise regulators and high-profile clients on prominent privacy, data protection and data security issues, and undertakes transactional and litigation support. The group’s strength is underpinned by the firm’s international presence and strong technology practice. Attorneys are at home with technological innovation and complex regulation and are recommended for their ‘depth of expertise and fast turn around’. Advice in 2010 focused on data security, social media, cloud computing, and the use of data modeling and algorithms to predict consumer behavior. Regulatory advice concentrated on the healthcare, financial and retail sectors. The fact that the group advises multinational companies and data protection authorities on the privacy implications of emerging technologies, notably the collection and use of consumer data for targeted advertising, is testament to its cutting edge expertise. Former FTC staff D Reed Freeman in Washington DC is recommended as ‘a veritable encyclopedia of marketing-privacy law’. Julie O’Neill focuses on state and federal consumer protection law including the review of online and offline advertising, competitor and regulator challenges, sweepstakes, promotions and direct marketing. The ‘knowledgeable, well-informed’ Andrew Smith and Rick Fischer advise banks, insurers, credit bureaus and other financial services providers on regulatory compliance, law enforcement, litigation and transactional matters. William Stern in San Francisco successfully defended Gap in the first identity theft case to be heard by the US Court of Appeals 9th Circuit. David McDowell in Los Angeles is defending Restoration Hardware in a putative class action alleging that it improperly collected personal information in connection with credit and debit card transactions. Practice chair and ‘top privacy practitioner’ Miriam Wugmeister in New York is respected by peers and clients alike. Recommended as ‘highly efficient and therefore economical in providing complex legal advice across jurisdictions’, the group’s prestigious client list includes Bank of America, Capital One Financial, Lexis-Nexis and Visa.

According to clients, WilmerHale’s interdisciplinary team, based in Washington DC, ‘provides the best view into the inner workings of US regulatory agencies’, combining litigation, regulatory, counseling and transactional expertise. E-commerce operators, communications and media companies, financial institutions, health care providers and retailers appreciate attorneys’ ‘business acumen, breadth of industry knowledge, and succinct, cogent advice’. National and cross-border privacy and data security issues are a particular focus as are regulatory proceedings around privacy and security rules, notably the development of a self-regulatory framework for behavioral advertising, the FCC’s customer proprietary network information (CPNI) rules, the FTC’s and Security and Exchange Commission’s document disposal rules, implementation rules for the Gramm-Leach-Bliley Act, and FCC rules regarding electronic surveillance. J Beckwith Burr, who has a valuable FTC background, is widely respected by clients and peers for her internet and online expertise. As well as providing ongoing advice to Facebook in connection with children’s privacy issues, behavioral targeting and European investigations, she advised Google on FTC policy development related to online behavioral advertising, the Department of Commerce/NTIA privacy policy paper and the reform of the Electronic Communications Privacy Act (ECPA). Clients appreciate David Medine’s ‘sensible balance between the regulatory and practical viewpoints’, regarding online, children’s, financial, student, and health privacy and compliance. His clients include online companies, major retailers, and financial services companies. ‘Exceptional lawyer’ Benjamin Powell ‘provides clear guidance on complex technological issues’.

Baker & McKenzie’s data protection and privacy practice is supported by the firm’s international footprint. Led by Brian Hengesbaugh in Chicago and Lothar Determann in Palo Alto, its global platform and resources enable it to handle major multi-jurisdictional and cross-border mandates, advising global corporates on complex privacy and information management. A prestigious client list features Bank of America, NetSuite, Priceline.com, Sony, Travelex Currency Services, Weatherford International and Yelp!. Bausch & Lomb is a new client. Hengesbaugh has an excellent market reputation for handling regulatory and transactional issues including cross-border data transfers, breach notification obligations, whistle-blower hotlines, e-monitoring, e-discovery and consumer protection. He undertakes sourcing and corporate transactions, global database and technology implementations, as well as privacy-related litigation and government investigations. Determann handles registration of US-based multinational companies for the EU-US Data Privacy Safe Harbor and related data protection and security compliance matters. Michael Mensik wins plaudits for his ‘valued judgment and expertise’ on outsourcing and data protection.

Led by San Diego-based Andrew Serwin, the founding chair of the practice and co-chair of the privacy litigation team, Foley & Lardner LLP is increasingly winning the respect and confidence of the market. Clients appreciate the group’s ‘excellent service, quick response times and terrific advice’. Serwin, who ‘understands business concerns and provides practical, to-the-point advice’, is recognized as a prominent figure in privacy and data security law. Highlights included providing strategic advice to new client eBay on its BCR application, along with ongoing compliance and litigation guidance. Chanley Howell and his team in Jacksonville, Florida provide ongoing privacy and marketing advice to ADT/Tyco. On the contentious side, Serwin successfully represented Carbonite in a putative class action arising from data loss allegations. Financial services represent a key specialism, with clients including Charles Schwab, TD Ameritrade and Barclays International. The practice has particular focus on the healthcare sector, with Serwin and Peter McLaughlin in Boston advising HCA and new client CVS Caremark. Other key clients include Wolters Kluwer, Yahoo!, Facebook and utilities Exelon and Sempra Energy.

Loeb & Loeb LLP’s multi-jurisdictional practice combines the international expertise of group head Ieuan Jolly, who wins praise for his ‘impressive knowledge and friendly and commercial approach’, with the firm’s strength in technology and communications law, outsourcing and interactive media and is commended for keeping ‘ahead of the curve in the quickly changing privacy environment’. The 22-lawyer practice is heavily involved in optimizing data on interactive and mobile platforms and working with clients to develop global privacy compliance strategies and address-related technology and data security issues. Highlights included advising leading telecommunications, cable and network clients on behavioral advertising, targeted and location-based marketing initiatives. The group advises technology and other clients on privacy compliance strategies around the use of enterprise-wide data analytics, customer transactional data and database development and targeting. The team was strengthened by Michelle Gross from Vinson & Elkins L.L.P., Rosa Walker from Dewey & LeBoeuf LLP. Walter Steimel in Washington DC joined from Greenberg Traurig LLP. Regulatory and international compliance work included advising high-profile financial services, leisure and communication clients on domestic and international cross-border data flows, multi-jurisdictional privacy audits and the implementation and management of information security programs. Key clients include Comcast, Canoe Ventures, Facebook, Preferred Hotel Group, Visa and Promotions.com.

Sidley Austin LLP’s global inter-disciplinary team draws support from lawyers across the firm. In the US, it has particular strength in the telecoms, financial services and healthcare sectors. Supported by a strong technology practice, the group is recognized for its data security, data breach and e-discovery expertise. Practice head Alan Charles Raul in Washington DC undertakes litigation and regulatory work, notably representing companies responding to FTC and other investigations and advising on public policy matters. The group is representing several clients in a major FTC data security investigation involving peer-to-peer file sharing and advising on compliance and strategies to combat cybersecurity challenges. Clients recommend Edward McNicholas, who represents leading telecom entities in the National Security Agency Telecommunications Records multi-district litigation in federal court in numerous class-action lawsuits alleging the unlawful disclosure of communications content and records to government agencies. Prominent clients include AT&T and Eli Lily.

Recognized as ‘leading experts in the space’, and commended for providing ‘solid and thorough advice and great value for money’, Venable LLP’s 20-attorney team in Washington DC and Tysons Corner advises on traditional privacy and data security issues as well as emerging issues, notably online targeted and behavioral advertising. Practice head Stuart Ingis, praised for his ‘exceptionally thorough knowledge and experience in the data landscape’, represented Turner Broadcasting Service in a lawsuit regarding the collection and use of data in relation to online behavioral advertising. Emilio Cividanes wins credits for ‘his ability to craft expert legal strategy, which is outdone only by his ability to communicate it effectively to his clients’. Ingis and Cividanes presented the Direct Marketing Association and the Interactive Advertising Bureau in connection with proposed privacy legislation. Supported by the firm’s strong marketing, advertising and technology practices, attorneys advise on issues arising from privacy statutes and regulatory engagements for clients across healthcare, telecoms, technology and financial services, regularly defending companies in FTC enforcement actions, litigating privacy issues and occasionally challenging agency regulations. High-profile clients include Reed Elsevier, Time Warner and Experian.

Debevoise & Plimpton’s cross-border, interdisciplinary team offers regulatory counseling in the United States and Europe, defends clients in government enforcement actions, litigates data security and privacy-related matters and supports financial services transactions. Data sharing, data breaches, regulatory investigations and internal data policies are key focus areas. The group has particular strength in publishing, with Bruce Keller leading a team representing members of the Association of American Publishers in connection with the Google Library Project. Clients include John Wiley & Sons, The McGraw-Hill Companies, Pearson Education, Penguin Group (USA), Simon & Schuster and Siemens. Jeffrey Jacobson is representing media conglomerates in a consumer fraud and electronic privacy putative class action relating to the use of zombie cookies. Andrew Ceresney is assisting a US bank with an internal investigation relating to the loss of back-up tapes containing confidential customer information. In Washington DC, Jeffrey Cunard is advising a major sports league on privacy issues relating to the collection, transfer and use of personal data, and websites marketed to children. Satish Kini and Colby Smith are recommended.

John Kennedy at Dewey & LeBoeuf LLP advises on data privacy and security aspects of commercial transactions, M&A deals, outsourcing agreements and software-as-a-service agreements. The group has particular expertise in privacy aspects of acquisitions in the insurance industry, having advised on MetLife’s $16.2bn purchase of AIG’s ALICO. Regulatory work focused on compliance with the new Massachusetts data security regulation and the potential application of the FTC Red Flags Rule. Other work includes advising on data breaches and workplace data privacy issues, including those involving social networking. John Brockland in Silicon Valley is advising Catholic Healthcare West on the data privacy aspects of IT outsourcing and other transactions. Nathan Dee is also recommended.

Edwards Angell Palmer & Dodge LLP’s ‘knowledgeable and responsive’ multi-disciplinary privacy and data protection group includes an on-call breach response team to advise companies on compliance with US and EU legal and regulatory requirements and contractual requirements, and is commended for providing ‘excellent service’. Led by ‘knowledgeable, good communicator’ Mark Schreiber in Boston and co-heads Theodore Augustinosin Hartford and Laurie Kamaiko in New York, it advises multinational corporates, major retailers, financial institutions and data processing entities on multinational data protection protocols and data breach responses.

Fulbright & Jaworski LLP’s 65-attorney e-discovery and information management practice group, chaired by Robert Owen and David Kessler in New York and M Scott Incerto in Austin, represents global organizations involved in complex litigation, providing comprehensive guidance about electronically stored information. Advice covers the privacy and security implications of the collection and use of medical records and other consumer and employee information; security breaches, data leaks and identity theft. Compliance with regulations related to financial services and healthcare is a key focus area. Owen and Kessler provide ongoing advice to Shell Oil, GlaxoSmithKline and MTD Products. Incerto and his team are assisting the Texas Windstorm Insurance Association, Freescale Semiconductor and Farmers Group of Insurance Companies.

Jones Day’s global interdisciplinary practice is recognized for its ‘depth of knowledge and excellent business advice’. Recent mandates include working with Smart Grid to protect customer data, advising health information exchanges and other organizations on the implications of the HITECH Act and the FTC’s Red Flag rules around identity theft protocols and data protection and privacy issues connected with cloud computing. ‘Outstanding’ practice head Kevin Lyles, in Columbus, and his team assisted Oklahoma Gas and Electric Company with the development of an identity theft prevention program in compliance with the Red Flag Rules and advised Xcel Energy on customer and employee data protection and privacy and security concerning Smart Meter programs. Other clients include Yale-New Haven Health Services. Mauricio Paez in New York, whose longstanding clients include Nokia, is singled out for praise.

The Washington DC-based privacy practice of Kelley Drye & Warren LLP is led by Dana Rosenfeld, former assistant director at the FTC’s Bureau of Consumer Protection. Former FTC staff Jodie Bernstein and William MacLeod augment the group’s expertise in handling government enforcement and compliance matters and privacy and data security litigation. The group’s regulatory strength and its synergies with the firm’s advertising and market practice are supported by John Villafranco, who advises on privacy, data security, electronic commerce, dietary supplement labeling, promotions and marketing, fair credit reporting, debt collection practices, health and safety claims, environmental marketing and standard certification. John Heitmann represents telecoms and broadband service providers and users in privacy-related matters. Data privacy and security specialist Alysa Hutnik and Gonzalo Mon, who advises on social media, mobile marketing and behavioral advertising, were elected partners. Operating at the intersection between advertising and consumer protection, the practice advises blue-chip companies in the hospitality and telecom sector and national and international retailers, notably in relation to behavioral advertising and online profiling. Other clients include internet and technology companies and financial services providers. Highlights included successfully representing Pre-Paid Legal Services, the largest provider of pre-paid legal plans in the country, in relation to an FTC investigation. An impressive client list includes Foot Locker, Walgreen Co., Saks Fifth Avenue, One Communications, XO Communications and Altria Group.

Latham & Watkins LLP’s multidisciplinary practice is led by Jennifer Archie and Kevin Boyle in Washington DC. Boyle leads the security and privacy committee, which is responsible for the firm’s global information security and privacy compliance program across its 27 offices. The group counsels US and multinational clients regarding compliance with federal and state privacy and information management laws and regulations and regulations in the EU and other non-US jurisdictions, and advises EU companies setting up in the US. Key issues include global e-mail and HR policies and strategies for breach disclosures. Archie specializes in online privacy matters, with mandates including advising leading social games providers on global data policy matters and defending MyLife.com in litigation concerning the purchase, collection and resale of consumer personal information. Brian Smith and Angela Angelovska-Wilson focus on privacy and data security matters affecting financial services, advising traditional bank providers and online payments systems and retailers on global payments and regulatory issues. Andrew Gantt has particular expertise in advising healthcare and life sciences companies on compliance HIPAA requirements. Clients include Guthy Renker, Aon, Ashoka and USA Mobility.

Mayer Brown’s multi-disciplinary privacy practice is supported by the firm’s international footprint and specialist expertise. Its experienced attorneys focus on financial services regulatory, intellectual property and technology outsourcing, handling the privacy and data security aspects of transactions as well as assisting stand-alone clients seeking specific advice on data protection, global data transfer and privacy. 2010 saw an increase in labor law and social media matters, a focus on regulations and proposed regulations around cross-border data transfers, cloud computing and e-discovery. New York-based John Mancini and his colleagues in the litigation department defended clients in class actions, private lawsuits, and FTC investigations relating to privacy issues and data breach response. In Washington DC, Jeffrey Taft advises financial institutions on compliance and privacy matters. Chicago-based Rebecca Eisner combines outsourcing and data privacy expertise. Highlights included representing educational publisher Houghton Mifflin Harcourt on outsourcing projects, global data transfers and data privacy matters pertaining to electronic products and services. Other high-profile clients include AXA Equitable, Harrah’s Entertainment, Dow Chemicals and Mead Johnson.

McDermott Will & Emery LLP’s group, led by Daniel Gottlieb in Chicago and Heather Egan Sussman in Boston, draws on the skills of lawyers from corporate and litigation, as well as the firm’s strength in employment, healthcare and intellectual property. Supported by a strong national and global footprint and recognized for its leading expertise in healthcare, the group advises on HIPAA and HITECH act matters as well as assisting clients from all business sectors with managing sensitive data, assessing and mitigating risks involving stored information, data transfers and preventing and dealing with data breaches. In 2010, Gottlieb and John Kocoras represented Emergency Healthcare Physicians following the theft of a hard drive containing health information about more than 175,000 hospital emergency department patients, including the defense of a consumer privacy class action. Jorge Arciniega and his team in Los Angeles advises longstanding client Univision on data collection, behavioral advertising, COPPA and breach of security issues.

Pillsbury Winthrop Shaw Pittman LLP’s practice, led by Deborah Thoren-Peden in Los Angeles, provides multinational clients with ‘timely, cost effective and practical advice’ on data privacy, data collection and information management, including cross-border issues, data breaches and compliance, focusing on the healthcare sector and specialist financial services providers. The team was strengthened by health information technology experts Gerry Hinkley and Allen Briskin in San Francisco from Davis Wright Tremaine LLP, and insurance litigator Rene Siemens in Los Angeles from Proskauer Rose LLP. Thoren-Peden is outside counsel to Blackhawk Network Services, the largest provider of third-party prepaid cards, advising on regulatory matters, notably compliance with state, federal and international laws and regulations, including new laws enacted in 2010 such as the CARD Act and the Dodd Frank Act. In New York, e-discovery expert Wayne Matus assisted Dun & Bradstreet to develop a comprehensive e-discovery plan. Along with Catherine Meyer, ‘a leader in the field of privacy nationally and internationally’, Matus is assisting Meridian Knowledge Solutions following a data breach by a computer hacker. Other clients include Netspend, Euronet, Best Buy and Carnival Corporation.

Proskauer Rose LLP’s cross-departmental practice group is headed by Kristen Mathews, who is recognized as a ‘leading expert in notification obligations and liability management’. Commended for its ‘exceptional knowledge and valuable practical experience’, the group handles a broad range of privacy and data security-related matters, notably representing clients across the financial, retail, media and hospitality industries in high-profile issues. Instructions in 2010 included advisory, transactional and litigation work and the group saw an increase in global privacy projects, data security assessments and data breaches across all industries. On the litigation side, the group represented the American Bar Association regarding the FTC’s Red Flags Rule to prevent consumer identity theft, and defended Bank of New York Mellon in a class action. Other clients include Sony BMG Music Entertainment, Pershing LLC, Michael Kors, Hermes of Paris and Barneys. Jeffrey Neuburger brings valuable technical expertise and an excellent market reputation.

Reed Smith LLP’s 14-partner data security, privacy and management group, led by Mark Melodia in Princeton, comprises attorneys based in seven US offices who regularly advises on the issues that arise from actual and potential breaches of personal information. The team frequently defends clients against class actions, commonly regarding the use of customer information and data theft incidents, and represents them in government, state and federal investigations. Melodia and data security and compliance specialist Paul Bond successfully represented West Publishing and Countrywide/Bank of America. Non-contentions work focuses on regulatory compliance and the development and implementation of company-wide policies, often with an international dimension. Gina Cavalier in Washington DC wins industry recognition for her work in the healthcare sector. Together with Melodia, she advised CVS Caremark in respect of an investigation into its healthcare privacy practices led by the Office for Civil Rights – the HIPAA regulator – and the FTC, and information security best practices going forward. Data transfer and e-discovery are increasingly important as are emerging issues relating to social media use. In 2010, the team was strengthened by Christopher Cwalina from Intersections Inc, an identity theft services and global background screening company, and new media and computer games expert Patrick Sweeney in Century City from Nixon Peabody LLP.

At Skadden, Arps, Slate, Meagher & Flom LLP, Ivan Schlager in Washington DC leads a ‘professional, customer-focused and pragmatic’ team which assists in the development of successful legislative and regulatory strategies for major M&A transactions and provides counsel on structuring, negotiating and documenting transactions to address regulatory issues. Recommended as ‘extremely knowledgeable about industry and government regulations’, clients appreciate Schlager’s ‘timely, comprehensive and on the mark’ advice. Mick Tuesley is also recommended.

Supported by the firm’s strength in advertising and marketing and attorneys specializing in labor and employment, healthcare and financial services, Liisa Thomas at Winston & Strawn LLP has developed a ‘superb’ advertising and privacy law practice representing major consumer brands, advertising agencies and consumer research companies. According to clients, she is ‘remarkably perceptive, responsive and always considers our business environment’. Key areas of focus online privacy, interactive advertising by text, email and fax. Thomas regularly helps clients develop data protection programs under US laws, including Massachusetts law and the FTC Red Flag Rules and manage compliance audits and internal and external investigations.