United States > Media, technology and telecoms > Cyber law (including data privacy and data protection) > Law firm and leading lawyer rankings

Baker McKenzie LLP is ‘outstanding in every aspect’ with ‘advice that offers angle, perspective and knowledge that is substantively unique and instrumentally valuable’. The practice leverages its global footprint to provide international compliance knowledge combined with crisis management, transactional and litigation expertise. Key names in the ‘brilliant’ department include Lothar Determann in Palo Alto, who is recommended for data privacy law compliance; Chicago-based practice head Brian Hengesbaugh, who is ‘incredibly balanced in his legal interpretations’; and David Lashway and John Woods, who are ‘absolutely essential members of the Washington DC team and invaluable to the success of any matter’. Clients also praise the ‘detail-focused’ Michael Egan in Washington DC; New York-based of counsel Harry Valetk, who is ‘highly experienced’; and Amy de La Lama and Jennifer Seale, who were promoted to the partnership and are based in Chicago and Washington DC respectively. Geotab, Hewlett Packard Enterprise, Raytheon and LogMeIn are clients.

Highlights for DLA Piper LLP (US)’s ‘stand-out team’ included advising Pfizer on its General Data Protection Regulation (GDPR) compliance program, assisting T. Rowe Price with issues surrounding the accidental transmission of company records to a vendor and acting for the State Privacy and Security Coalition on halting the implementation of state privacy rules that would have allowed internet service providers to share customer information. Jim Halpert heads the Washington DC-based practice, Chicago-based global co-chair of technology transactions Vincent Sanchez is also a key name and handles transactions involving IP assets and innovative technologies. Former Senator Saxby Chambliss is based in the firm’s Atlanta office and is highly regarded for his cybersecurity experience, including advising on cybersecurity governance, information sharing and intelligence-related matters; Rena Mears in San Francisco is also recommended for her risk assessment, program development and cybersecurity knowledge. Carol Umhoefer in Miami is the main contact for EU privacy compliance and Anna Spencer focuses on data privacy in the healthcare sector.

Hogan Lovells US LLP’s ‘truly great’ team ‘combines exceptional responsiveness, expert knowledge and practical advice’ to ‘stand out as a key name in the field’. Practice co-heads Marcy Wilder and Harriet Pearson are ‘highly creative and proactive’; Pearson recently led advice to The Home Depot following a 2014 data breach which affected over 56 million payment cards and also assisted Salesforce.com with GDPR compliance issues, while Wilder worked with Craig Hoover and Michelle Kisloff to act for Anthem in multiple investigations following a cyber attack. Clients also praise the ‘excellent’ Scott Loughlin, who advised 21st Century Fox on its global vendor agreements to protect the use of its data by third-party vendors, and Bret Cohen, who is one of the lead partners in the group for GDPR compliance work. Former Chairwoman of the Federal Trade Commission (FTC) Edith Ramirez joined the team in 2017, Christopher Wolf is highly recommended and Julie Brill moved in-house at Microsoft. All individuals mentioned are based in Washington DC.

Clients praise Hunton Andrews Kurth LLP as ‘the only firm to use for data privacy matters’ with ‘consistently reliable advice and unmatched service levels across the board’. Department head Lisa Sotto ‘always delivers premium results’; she acted for Yahoo! on all the elements of its response to a cybersecurity attack compromising 3 billion user accounts, and also counts Mastercard, Google and JPMorgan Chase as clients. Aaron Simpson, who divides his time between London and New York, is ‘always responsive and thorough’; senior associate Brittany Bacon is ‘a rising star in the cybersecurity world’; and Paul Tiao and Phyllis Marcus are the key names in the Washington DC office. The department is highly regarded for its cybersecurity expertise, including data breach response and cyber attack prevention and preparation; other areas of expertise include cyber extortion, regulatory and compliance work, international data transfers and the cyber risks associated with blockchain technology.

The ‘superior’ department at Morrison & Foerster LLP fields a team of ‘approachable and practical individuals who are invaluable to clients and the ultimate definition of cyber law experts, which is no easy task in a constantly changing area of law’. Highly regarded ‘cyber law genius’ Miriam Wugmeister and ‘true leader of the field’ Andrew Serwin jointly head the practice from New York and San Diego respectively. Wugmeister’s recent highlights include advising a global pharmaceutical company on the international data protection compliance issues surrounding clinical trials and patient data, and assisting Caterpillar with internet of things (IOT) issues regarding its new enhanced product line. Other work includes Serwin representing CVS Health before the FTC in multiple privacy issues; recently promoted Washington DC partner Julie O’Neill and Los Angeles-based Purvi Patel defending Unity Technologies in a putative class action in which plaintiffs allege that several Disney and Viacom mobile gaming apps which use the client’s technology violate the Children’s Online Privacy Protection Act (COPPA); and Nathan Taylor in Washington DC acting for Target in an investigation following a data breach. The team was also bolstered by the recruitment of John Carlin to the Washington DC office from the Department of Justice; he now heads the firm’s global risk and crisis management team.

Baker & Hostetler LLP has built on its substantial expertise in data breaches and litigation to handle transactions and regulatory work, investigations, incident readiness and emerging technologies, including artificial intelligence and blockchain technology. Practice head Theodore Kobus led advice to Hyatt Hotels on incident response issues following a payment card security breach affecting over 300 properties globally; other work includes acting for Equifax on the payment card aspect of a significant data breach, and representing Chipotle Mexican Grill in a data breach class action against banks relating to a data breach which exposed customers’ names and credit card numbers. The team is also active in the healthcare space; it handled the fallout of a security breach for 21st Century Oncology and acted for Banner Health Care in a Health Insurance Portability and Accountability Act (HIPAA) breach. Will Daugherty and Melinda McLellan are recommended, healthcare and bitcoin specialist Laura Jehl joined the Washington DC-based practice from Sheppard, Mullin, Richter & Hampton LLP, and Seattle-based Andreas Kaltsounis joined from a risk management firm; he handles data breach investigations.

Debevoise & Plimpton LLP’s New York-based group ‘brings great professionalism, expertise and work ethic’ to its compliance and incident response expertise, and ‘takes great pride in understanding clients and creating and tailoring advice to their specific needs’. Jeremy Feigelson and Luke Dembosky jointly lead the group; Feigelson defended Viacom in a multidistrict privacy class action in which plaintiffs allege its Nickelodeon online properties violate the Video Privacy Protection Act (VPPA) by tracking child users’ behavior, and Dembosky assisted a major energy company with an internal cybersecurity investigation. Clients also single out David Sarratt and Jim Pastore, who is ‘an exceptional attorney’ and ‘smart, patient and flexible in his approach’; Pastore acted for Aptos on a cybersecurity incident involving unauthorized access to credit card data. New clients for the department include Citibank, Bloomberg, Smith & Nephew and Prudential Financial Services.

Alexander Southwell heads Gibson, Dunn & Crutcher LLP’s department from New York and is recognized for his investigation, enforcement and litigation expertise; he acted for Facebook in a challenge to a government search and seizure effort, advised MySpace on a data breach involving the theft of 360 million user records, and is representing a behavioral advertising firm in alleged violations of COPPA. Other key names include Kristin Linsley in San Francisco, who is a noted expert in COPPA litigation and advised Expedia on regulatory issues surrounding short-term rental websites and home sharing; Michael Li-Ming Wong, who splits his time between San Francisco and Palo Alto and represented Uber Technologies in litigation arising from a data breach; and Eric Vandevelde in Los Angeles, who is a cybersecurity expert. Richard Cunningham in Colorado made partner in 2018.

Recent highlights for Goodwin include advising Taconic Biosciences on its response to a data breach originating from a phishing email, and assisting Singapore Telecommunications with the privacy due diligence issues relating to a potential acquisition of a digital advertising company. Brenda Sharton led the work and heads the department, which also fields Washington DC-based Karen Neuman, who leads the privacy practice, and healthcare specialist Roger Cohen, who joined the New York office in 2017 from Proskauer Rose LLP. The team also handles regulatory mandates including GDPR preparation, Telephone Consumer Protection Act (TCPA) compliance, Gramm-Leach-Bliley Act issues and COPPA work. Lynne Barr and San Francisco-based Veronica McGregor are the key names for financial services clients. All attorneys, unless otherwise specified, are based in Boston.

At Latham & Watkins LLP, Jennifer Archie in Washington DC, Serrin Turner in New York and Michael Rubin in San Francisco jointly head the department; Archie is the key name for data privacy work, Turner handles cybersecurity matters and Rubin, who joined the firm in 2017 from Wilson Sonsini Goodrich & Rosati, regularly acts for technology companies. Turn and Vizio are clients; Archie represented the latter in an investigation by the FTC regarding new data collection and use practices. Other highlights included Rubin defending LG Electronics in a class action alleging that its smart televisions violate VPPA, Bradley Faris in Chicago advising Aon on its acquisition of cybersecurity firm Stroz Friedberg, and Archie assisting Endurance International Group with its acquisition of emailing marketing firm Constant Contact and subsequent data issues.

Key practitioners in Orrick, Herrington & Sutcliffe LLP’s ‘brilliant’ Washington DC-based practice include Antony Kim, who handles privacy compliance, cybersecurity preparation and data breach incident responses; Aravind Swaminathan in Seattle, who focuses on privacy and data security mandates; and Emily Tabatabai, whose expertise includes data security compliance, student data issues and internet commerce work. The group is also highly regarded for its GDPR expertise. In a recent highlight, the team represented Microsoft in the Supreme Court in litigation regarding the US government’s ability to access emails stored on servers in Ireland. The group also assisted Blackboard with privacy and data protection issues at a state, federal and international level; handled an investigation for Acer America into a data breach which affected 35,000 individuals in the US and Canada; and advised Alaska Airlines on cyber and data matters including incident response planning, data retention and bug bounty programs. Apple, the City of Seattle, MGM Resorts and Grubhub are also clients.

Deborah Thoren-Peden and Brian Finch jointly lead Pillsbury Winthrop Shaw Pittman LLP’s team from Los Angeles and Washington DC respectively. Finch is recognized for his cybersecurity and intelligence expertise and Thoren-Peden advises on privacy regulations, data mining and information use in marketing; she recently handled advice to Green Dot on its acquisition of AccountNow, assisted Elance with its merger with oDesk and advises multiple financial institutions on compliance and enforcement issues, including screening programs and voluntary disclosures. Clients also single out Mercedes Tunstall in Washington DC, who advises on mobile and e-commerce initiatives, cybersecurity issues and social networking matters, and senior counsel Catherine Meyer in Los Angeles, who regularly acts for financial institutions.

Proskauer Rose LLP ‘goes above and beyond to help its clients, making it feel more like a colleague than typical outside counsel’ and ‘tailors its advice appropriately to meet the client’s culture and long-term needs’. The team is particularly active in its work for retail, technology and financial services clients; highlights included defending Donna Karan in a consumer class action alleging Fair and Accurate Credit Transactions Act (FACTA) violations, and acting for T-Mobile on the data breach of its vendor, which affected millions of customers’ information. The ‘incredibly practical’ Kristen Mathews leads the department; other noteworthy names include transactional specialist and blockchain expert Jeffrey Neuburger and Margaret Dale, who focuses on privacy-related regulatory investigations and litigation. All attorneys are based in New York.

The ‘highly knowledgeable’ team at Reed Smith LLP is noted for its expertise in litigation, regulation and data breaches. In a recent highlight, New York-based practice co-head Mark Melodia represented a client in a putative class action relating to the alleged tracking and collection of consumer data through smart televisions and the subsequent sale of the data; he also defended another client in a putative class action in which plaintiffs allege that laptops stolen from the defendant contained sensitive customer information. Princeton-based co-head Paul Bond is recommended, as are litigators Anthony Diana and Therese Craparo (both in New York); Washington DC-based Gerard Stegmaier, who advises technology companies; and Bart Huffman in Houston, who joined from Locke Lord LLP in 2017.

As ‘the key name in the market for data breaches’, Ropes & Gray LLP defended Arby’s Restaurant Group against third-party claims arising from a recent payment card breach, advised Hilton Worldwide on two separate data security incidents affecting certain Hilton-branded hotels, and acted for Supervalu on its response, investigation and subsequent litigation relating to cyber attacks on parts of its computer network. Other clients include Jetro Holdings, Target, Terra Firma Capital Partners and The Home Depot. Practice co-head Douglas Meal is the key name for government investigations, enforcement issues and litigation, while fellow co-head Heather Egan Sussman handles regulatory and advisory work. Michelle Visser in San Francisco and Seth Harrington are also recommended. Named attorneys are based in Boston, unless otherwise stated.

Steptoe & Johnson LLP is ‘the go-to firm for blockchain and bitcoin knowledge’; it recently assisted with the formation of the Blockchain Alliance, a forum aimed at reducing bitcoin and blockchain crime, and advised on the formation of the Digital Assets Tax Policy Coalition (DATPC), which will develop tax policies for the virtual currency markets. Jason Weinstein led both matters, while New York-based practice head Michael Vatis acted for VTech Electronics on its response to the hacking of its customer information and subsequent regulatory enforcement investigations. Clients also single out Stewart Baker, who focuses on regulatory issues, and of counsel Alan Cohn, who is co-chair of the firm’s blockchain and digital currency practice. The practice also benefited from the recruitment of seven litigators into its San Francisco office. All attorneys, unless otherwise specified, are based in Washington DC.

As ‘a strong player in the US market’, Venable LLP’s ‘practical and honest’ department in Washington DC fields practice co-heads Stuart Ingis and Emilio Cividanes, and privacy and internet specialist Michael Signorelli. The team’s experience covers compliance counseling, crisis management, investigations, litigation and regulatory advice, and it regularly acts for coalitions; highlights included Ingis and Ari Schwartz advising the Coalition for Cybersecurity Policy and Law on various policy issues, Ingis and Signorelli handling enforcing guidance on cross-device linking for the Digital Advertising Alliance, and regulatory specialist David Strickland assisting the Self-Driving Coalition for Safer Streets with legislative matters regarding autonomous vehicles. Shannon Yavorsky joined the San Francisco office in 2017 from Kirkland & Ellis LLP and is a key name for US and European data privacy compliance. In May 2018, Thomas Boyd joined from DLA Piper LLP (US).

WilmerHale is ‘top notch in terms of response time, business acumen and industry knowledge’ with ‘advice that is always spot on, practical and user friendly’. The ‘terrific, smart and balanced’ D Reed Freeman and Benjamin Powell jointly lead the group and focus on privacy and cybersecurity issues respectively. Freeman’s recent work includes advising Foursquare on international privacy compliance and defending Tapad in a putative class action relating to Vizio’s alleged violation of VPPA through the collection of consumer viewing history by its smart televisions. Heather Zachary, who ‘is a pleasure to work with’, is co-chair of the firm’s big data practice and regularly acts for financial institutions; her recent work includes acting for Hasbro on the data elements of its potential acquisition of an online gaming company, assisting Boeing with its global privacy policy and handling financial privacy issues for TIAA. Barclays, Panera Bread and Adobe Systems are also clients. Robert Mueller, Aaron Zebley and Jeannie Rhee left to lead the investigation into the connection between Russia and the recent presidential election.

Natasha Kohne and Michelle Reed jointly lead Akin Gump Strauss Hauer & Feld LLP’s department from San Francisco and Dallas respectively; Kohne focuses on post-data breach investigations, class action lawsuits and regulatory actions, while Reed handles privacy and security risk assessments and policy advice. Apollo Global Management and Vizio are clients; Kohne defended the latter in a data privacy class action relating to VPPA and the Electronic Communications Privacy Act (ECPA). Kohne also advised Alpha Industries on notifying its customers following a data breach. Reed’s work includes acting for SevenTwenty Strategies on an investigation following a hack by white hat hacker Chris Vickery and handling an investigation and regulatory negotiations for Honza following a data breach. David Turetsky is now a professor.

Key practitioners in Arnold & Porter’s Washington DC-based department include national security, cybersecurity and government contract specialist Ronald Lee, data breach and cybercrime expert Marcus Asner in New York and litigator Kenneth Chernof. Recent highlights include defending Brooks Brothers in a data breach class action, defending Barnes & Noble in a class action brought by customers who allege that third parties accessed payment card information from the store’s PIN pad devices, and advising multiple telecoms clients on TCPA compliance. Sabre, Adobe and Horizon Blue Cross Blue Shield of New Jersey are also clients. Senior counsel Adam Golodner and counsel Nancy Perkins are also recommended; Golodner is a member of the firm’s government contracts group and Perkins provides regulatory advice on data protection issues at a state and federal level.

Buckley Sandler LLP is highly regarded for its advice to financial services and fintech clients on information sharing requirements, regulatory issues, data breaches and investigations. Noteworthy names include Elizabeth McGinn, who handles regulatory investigations; Chicago-based counsel James Shreve, who advises on cybersecurity incidents, information sharing limits, data disposal requirements and identity theft matters; and regulatory specialist Jeffrey Naimon. Antonio Reynolds made partner in 2017, and former practice head Margo Tank joined DLA Piper LLP (US) in 2018.

With ‘brilliant industry knowledge and considered advice’, Cooley LLP’s ‘responsive and dependable team’ was recently bolstered by the recruitment of Boris Segalis in New York and Colorado-based David Navetta from Norton Rose Fulbright US LLP and Washington DC-based special counsel Anthony Jannotta from Dentons. Michael Rhodes, who is ‘simply the best’, and Matthew Brown, both in San Francisco, jointly lead the department, which also includes Washington DC-based vice-chair Randy Sabett and Charles Haley in San Diego, who was recently promoted to the partnership. Rhodes and Brown successfully represented Facebook in a multidistrict litigation relating to its alleged use of browser cookies, while Sabett’s recent work includes advising a virtual reality company on compliance issues and assisting a nonprofit organization with its response to a data breach.

Davis & Gilbert LLP leverages its position as ‘an unmatched firm in the advertising arena’ with ‘unparalleled business acumen and business knowledge’ to assist advertisers and marketers with big data issues and mandates relating to privacy policies, websites, mobile apps and marketing promotions. Richard Eisert is advising several leading media and advertising agencies on issues surrounding data onboarding and is also assisting various ad tech and e-commerce companies with the drafting of privacy policies. Eisert and Gary Kibel jointly lead the New York-based group, which also includes ‘impassioned and tireless’ counsel Oriyan Gitig, who ‘can guide clients through any issue thanks to her vast knowledge of legal trends and market changes’. The team is also noted for its COPPA expertise and handles data collection, crisis management, regulatory matters and privacy-related disputes. Clients include Fanatics, Neo@Ogilvy, Millennial Media, Crisp Media and Evoke Neuroscience.

Nancy Libin heads the department at Jenner & Block LLP following the departure of former head Mary Ellen Callahan to an in-house position at the Walt Disney Company. The Washington DC-based group also expanded through the recruitment of David Bitkower and Andrew Irwin from the Department of Justice and Steptoe & Johnson LLP respectively. Libin’s recent work includes representing CTIA in a Federal Communications Commission (FCC) broadband privacy proceeding; Bitkower is a key name for cybercrime and cybersecurity advice; and Irwin focuses on regulatory matters. Special counsel Heidi Wachs is also singled out for incident response assistance and information governance; she advised Brunswick on a comprehensive global privacy policy and created an incident response exercise for AltSchool.

Kelley Drye & Warren LLP is ‘a strong team for government investigations and regulatory work’; recent highlights include defending Dish Network in litigation alleging violations of the TCPA; representing multiple companies, including Kohl’s, Terminix and ServiceMaster, in a consumer class action lawsuit alleging TCPA violations; and advising Take-Two Interactive on privacy audits, policy reviews, data transfer issues and breach preparation and response. Crius Energy, the Walt Disney Company, Dollar Shave Club and Imax are also clients. Dana Rosenfeld leads the department, which also includes ‘stand-out adviser’ Alysa Hutnik, who ‘delivers thorough and incisive guidance that is always on point’; John Heitmann, who advises communications service providers; TCPA expert Lauri Mazzuchetti; Jeffrey Jacobson in New York, who focuses on investigations; and New York-based senior associate Jameson Dempsey, who is ‘a guru of cyber law’ and is noted for his regulatory and enforcement expertise. All attorneys mentioned, unless otherwise specified, are based in Washington DC.

Under the leadership of New York-based attorneys Kenneth Florin and James Taylor, Loeb & Loeb LLP also counts deputy chair Nathan Hole in Chicago, New York-based Ieuan Jolly, Melanie Howard in Los Angeles and Brian Nixon in the Washington DC office as key names to note. The practice is highly regarded for its work with advertising and marketing clients and risk management advice alongside big data and IOT issues, cybersecurity data breaches and national and international regulatory matters. Florin is a key name for the data elements of advertising and promotions, Taylor handles behavioral targeted marketing and data protection policies and Jolly advises on the intersection between data and technology transactions. Clients include Charter Communications, iHeartMedia, Time, Comcast Cable Communications and Toyota Motor North America.

Rajesh De heads Mayer Brown’s group; his expertise encompasses security breach preparation and response, data privacy litigation, regulatory and compliance issues, and supply chain and vendor management. The practice also leverages its global footprint to advise clients on the new GDPR requirements and other international regulatory matters. David Simon is a key name for cybersecurity, regularly advising the victims of state-sponsored cyber activity, and Chicago-based Rebecca Eisner handles global data transfers and e-commerce issues. All attorneys, unless otherwise specified, are based in Washington DC.

McGuireWoods LLP’s sector expertise lies in financial services, energy and healthcare, where the team handles incident response work, TCPA litigation, information governance and data privacy issues. Tysons-based Andrew Konia leads the team, which recently recruited Michael Adams into its Charlotte office; Adams heads the financial services and government contacts teams in the data group and is a key name for cyber threats. Richmond-based healthcare specialist Nathan Kottkamp focuses on HIPAA compliance; he advised KPMG on the development of its HIPAA policies and acted for Ideal Image on issues relating to HIPAA and information breaches.

Highlights for Seyfarth Shaw LLP included advising Daniel J. Edelman on the international privacy and security compliance surrounding its new multinational research study and promotion involving collecting biometric information from drivers and the factors that impact their driving habits; successfully defending First Advantage Background Services in a class action lawsuit relating to its alleged failure to obtain certification of its Fair Credit Reporting Act (FCRA) compliance; and assisting a Japan-based global car manufacturer with the creation of a joint venture which will utilize automotive telematics data. Kelly Services and Pekin Insurance are also clients. Chicago-based litigator Scott Carlson and John Tomaszewski in Houston jointly lead the department, which has expertise in compliance programs, data privacy litigation, cross-border mandates and innovative technologies, including IOT, big data and behavioral insurance. Senior counsel M James Daley, Bart Lazar and Richard Lutkus are all key names in the Chicago office; Lutkus is also a member of the San Francisco team.

Winston & Strawn LLP’s ‘responsive, fully resourced and compassionate’ team is jointly led by ‘true incident response expert’ Sheryl Falk in Houston and Steven Grimes and Robert Newman in the Chicago office; Grimes rejoined the firm in 2017 from an in-house role. The firm’s recently formed global privacy and data security task force handles privacy and data security counseling, trade secret protection, cyber investigations, class action litigation and international data protection, and also builds on the firm’s ‘exceptional’ marketing practice to advise a variety of brands and agencies. In a recent highlight, Falk defended a former employee of Apache in an investigation alleging insider data theft; she also acted for an insurance company in a data breach claim and advised a healthcare client on establishing privacy policies and data breach response procedures. Newman’s work includes creating policies and procedures for a startup and assisting a golf company with GDPR compliance. Liisa Thomas joined Sheppard, Mullin, Richter & Hampton LLP in 2017.

Technology boutique Fenwick & West LLP expanded its privacy and cybersecurity practice in 2017 with the recruitment of James Koenig into the New York office from Paul Hastings LLP. Koenig is co-chair of the team and handles global privacy compliance, cybersecurity issues, data use policies and regulatory investigations; he recently represented Memorial Health System in a corrective action plan relating to HIPAA violations and advised Facebook on its compliance with its Privacy Shield self-certification. The department also includes co-head and litigator Tyler Newby in San Francisco and Mountain View-based of counsel Hanley Chew, who focuses on cybersecurity preparation and data breach response. Vizio, Credit Karma and Quintiles are also clients.

Jones Day ‘has a strong team with extensive experience in handling cyber incidents with highly responsive, practical and solution-oriented advice that always puts the client’s needs front and center’. Los Angeles-based Daniel McLoon heads the department; he represented Experian Information Solutions in a class action alleging it violated the FCRA. New York-based Mauricio Paez and Atlanta-based Todd McClelland are also names to note; Paez recently advised Cardinal Health on the data elements of an acquisition and also handled its implementation of a global data protection compliance program, while McClelland assisted Micron Technology with a global privacy assessment. Clients also single out Lisa Ropple in Boston, who is ‘a brilliant strategist and is regularly at ground zero for clients experiencing cyber incidents’, and Irvine-based Richard Grabowski, who is ‘highly strategic and deals with the opposing side with great style’. Litigator Aaron Charfoos joined the Chicago office from Dykema Gossett PLLC.

Clients ‘receive an excellent service’ from Locke Lord LLP’s ‘impressive’ practice, which ‘provides great guidance and direction throughout the process’ that is ‘thoughtful, prompt and tailored to the situation at hand’. Ted Augustinos and Molly McGinnis Stine jointly lead the team from Hartford and Chicago respectively; Augustinos’ ‘subject area expertise, experience, practicality and demeanor make him an excellent fit for any client’ and Stine is ‘a top-drawer practitioner’. Clients also praise Chicago-based Thomas Smedinghoff, who ‘consistently delivers knowledgeable advice that is always brilliant’. Highlights included advising Amica Mutual Insurance on the revision of its privacy and data protection policies and assisting Boston Mutual Insurance with cybersecurity compliance and incident preparation. Laura Ferguson in Houston made partner in 2018; she is ‘highly experienced and dedicated’.

Manatt, Phelps & Phillips, LLP’s ‘excellent’ practice builds on the firm’s ‘excellent healthcare expertise’ and advertising knowledge to advise clients on HIPAA compliance, TCPA issues and cyber breaches; the team recently advised New York eHealth Collaborative on its shift towards electronic health records and its work with the state’s Substance Abuse and Mental Health Services Administration relating to its new rule on substance use disorder confidentiality, and represented Survey Sampling International in a class action alleging TCPA violations. The group is also highly regarded for its experience in the vehicle space, with recent work including assisting Kia Motors with its compliance with Global Automakers’ consumer privacy protection principles. Litigator Donna Wilson leads the department from Los Angeles. Jesse Brody and Christine Reilly are also recommended; Reilly is an ‘excellent communicator and has superior TCPA knowledge’.

McDermott Will & Emery LLP’s ‘greatest strength is its client service’ with ‘an impressive team of practitioners who really care about achieving the best outcome for their clients’. Mark Schreiber, Michael Morgan and Daniel Gottlieb jointly lead the team from Boston, Los Angeles and Chicago respectively. Schreiber’s strength lies in international data protection and Privacy Shield issues, Morgan is a key name for cybersecurity mandates and is ‘a leader in autonomous vehicle law’, and the ‘honest, thoughtful and extremely smart’ Gottlieb is ‘outstanding in the healthcare space’. Recent highlights include advising Pacific Alliance Medical Center on its response to a ransomware incident, assisting Modernizing Medicine with transactional and regulatory work, and acting for Change Healthcare on the development and marketing of its de-identified health data business. Pentagon Federal Credit Union, Agendia and WTC Captive Insurance are also clients.

Morgan, Lewis & Bockius LLP divides its work into three separate areas: compliance management, transaction management and data breach advice. In a recent highlight, Gregory Parks and Ezra Church (both in Philadelphia) defended Aramark in a class action alleging violations of FACTA pertaining to credit card details on paper receipts; other work includes San Francisco-based W Reece Hirsch advising Blink Health on healthcare regulatory and privacy issues relating to its healthcare app, and Church and Chicago-based Elizabeth Herrington representing McDonald’s in a class action alleging the company’s timekeeping system violated the Illinois Biometric Information Privacy Act. Parks and Hirsch jointly lead the team, which also fields cybersecurity expert Mark Krotoski, who splits his time between Silicon Valley and Washington DC.

Behnam Dayanim heads the department at Paul Hastings LLP, which has been notably active in the technology space; Dayanim advised Align Technology on cybersecurity issues and regulatory compliance, while Thomas Brown in San Francisco assisted Upstart Network with issues relating to its use of alternative data in its machine learning underwriting and credit pricing model. Nexar, Samsung Electronics, Caesars Entertainment and Howard University Hospital are also clients. Sherrese Smith is recommended for GDPR compliance advice and FCC knowledge, while Robert Silvers focuses on global internal investigations, enforcement proceedings and other cybersecurity mandates; Silvers joined the team in 2017 from the Department of Homeland Security. All attorneys, unless otherwise specified, are based in Washington DC.

Sheppard, Mullin, Richter & Hampton LLP’s practice saw substantial expansion in 2017 following the recruitment of Chicago-based practice co-head Liisa Thomas and contentious specialist Kari Rollins in New York from Winston & Strawn LLP. Thomas is experienced in cross-border mandates, with recent highlights including advising Volvo Financial Services on the movement of data internationally, assisting a New York-based media company on the revision of its global website privacy policy, and handling the establishment of privacy and security policies and procedures for a multinational food manufacturer. Rollins regularly handles internal investigations; she recently acted for a major consumer brand in a civil investigative demand from the FTC regarding the security of some of its products. Other noteworthy individuals include Century City-based practice co-chair Craig Cardon, who leads the privacy litigation work and regularly acts for blue chip brands and retailers; Brian Anderson in San Francisco, who focuses on cross-border data transfers and data compliance issues; and Shannon Petersen, who leads the TCPA class action defense team.