Based in San Francisco and Dallas, Akin Gump Strauss Hauer & Feld LLP‘s cybersecurity, privacy and data protection practice particularly stands out for its breadth, and is regularly sought out by companies needing to update their privacy policies in connection to the California Consumer Privacy Act, seeking representation in privacy and cybersecurity disputes, including data breach class actions as well as assistance in government and internal investigations. Regulatory advice and compliance are also strong areas, alongside transactional work. Natasha Kohne in San Francisco is an expert in the retail, health, financial services and energy sectors and co-heads the department together with Michelle Reed in Dallas, who specializes in privacy and security risk assessments and procedures to mitigate privacy and cybersecurity threats. Jo-Ellyn S. Klein is a key contact in Washington DC.
Cyber law (including data privacy and data protection) in United States
Akin Gump Strauss Hauer & Feld LLP
Practice head(s):
Natasha Kohne; Michelle Reed
Other key lawyers:
Jo-Ellyn Sakowitz Klein
Key clients
Altice
Apollo Global Management
Principal and co-founder of BitMEX
BentallGreenOak
CenterPoint Energy
ClearBalance
Eastman Kodak Company
Endava plc
FireEye Inc.
Franciscan Health
Helen of Troy Limited
Hydro Flask
Metro New York
NTT Global Data Centers
RagingWire
Starboard Value Acquisition Corp.
The Vanguard Group
USA Waste-Management Resources, LLC
Vivial
VIZIO
Work highlights
- Representing Altice USA, Inc. in a putative class action in the Southern District of New York arising from a November 2019 data security incident.
- Representing ClearBalance in multiple consumer class actions in California state and district courts related to a recent data breach that occurred in March 2021.
- Representing a national cotton association to assist in the launch of its U.S. Cotton Trust Protocol.
Alston & Bird LLP
Alston & Bird LLP‘s privacy, cyber and data strategy team is highlighted for its cross-border capabilities, recently enhanced through an expansion in Brussels. The Atlanta and Washington DC-based department mainly engages in the implementation of global data protection compliance programs and the analysis of global data privacy laws, as well as forensic investigations and breach-related litigation, including in the healthcare sector. Practice co-heads David Keating and Jim Harvey are based in Atlanta and focus on data protection and GDPR compliance for U.S.-based multinationals, respectively. Cybersecurity attorney Kimberly Peretti is their counterpart in Washington DC. Atlanta-based Senior counsel Peter Swire‘s name is known in connection to the Schrems II case, in which a privacy activist challenged the validity of the European Commission decisions on the transfer of personal data out of the EU pursuant to Standard Contractual Clauses.
Practice head(s):
David Keating; Kimberly Peretti; Jim Harvey
Other key lawyers:
Peter Swire
Key clients
Cross-Border Data Forum
Four Seasons
UPS
T-Mobile
Work highlights
- Acting as counsel to the Cross Border Data Forum, which publishes about how law enforcement access to evidence should change due to cloud computing and the globalization of criminal evidence.
- Acting as lead defense counsel to Four Seasons in a consumer class action in California against Four Seasons Hotels Limited following a data breach of a third-party vendor.
- Advised UPS as lead outside counsel for California Consumer Privacy Act compliance and continue to represent the organization as outside privacy counsel on US and EU data protection matters, including digital privacy, data transfer, and cybersecurity.
BakerHostetler
Baker & Hostetler LLP is well known in the market for having a specialized digital assets and data management group, which particularly stands out in the litigation and class action disputes space, as well as providing a full service around data. The firm particularly stands out in the insurance sector, but the team’s experience also spans to e-commerce platforms, payment service providers, social media players and fintech entities. Incident response, global cybersecurity compliance and tech transactions complete the offering. The practice is led by Theodore Kobus III in New York, whose main clients include Marriott, Abbott and Garmin. Also in New York, associate Nichole Sterling focuses on privacy and data protection, information governance, and emerging technology. In Cincinnati, Craig A. Hoffman is the main contact for security incidents, response preparedness and digital risk advisory work. In May and October 2021, Dallas's Craig Carpenter and Washington DC-based Daniel Kaufman joined the firm from Holland & Knight LLP and the FTC, respectively.
Practice head(s):
Theodore Kobus III
Other key lawyers:
Lynn Sessions; Melinda McLellan; Jeewon Serrato; Craig Hoffman; Nichole Sterling; Craig Carpenter; Daniel Kaufman
Key clients
Mitsubishi
Garmin
Hong Kong Tourism Board
NetJets
Bloomberg
State of Vermont
Bissell
Cyrus One
Silver Car
Hawaii Electric Corporation
BJC Healthcare
The Cleveland Clinic
Health Transformation Alliance (HTA)
Scripps Healthcare
Abbott
Premera Blue Cross
Duke University Health System
Memorial Sloan Kettering Cancer Center
Texas Children’s Hospital
Northwestern Memorial Healthcare
Work highlights
- Helped companies respond to more than 300 ransomware matters in the past 10 months.
Baker McKenzie LLP
Baker McKenzie LLP‘s data privacy and security team has a large presence in the market and provides advisory assistance in matters and transactions as well as representation during disputes. Crisis management is also a sought out service, especially in relation to data breach incident responses, investigations and cybersecurity matters. Lothar Determann in Palo Alto, Chicago’s Brian Hengesbaugh, and Washington DC-based John Woods share the leadership of the practice. Determann is a recognized data privacy and California privacy law expert; Hengesbaugh particularly stands out for his compliance expertise; while Woods leads investigative and legal response to large cybersecurity incidents and compliance challenges.
Practice head(s):
Lothar Determann; Brian Hengesbaugh; John Woods
Testimonials
‘They provide worldwide support and understand the constraints businesses pose in structuring compliance programs.’
Buckley LLP
Buckley LLP‘s main focus is the assistance of clients in the financial and fintech industry, in particular in connection to regulation, privacy and information security matters. The Washington DC-based privacy, cyber risk and data security group is co-headed by Elizabeth McGinn, who is also active in New York and is an expert of the New York Department of Financial Services Cybersecurity Regulations as well as security breach notification laws, and Amanda Lawrence, who specializes in litigation, enforcement, and regulatory matters.
Practice head(s):
Elizabeth McGinn; Amanda Lawrence
Testimonials
‘The group has some of the smartest and nicest lawyers one can work with; their events via zoom for non-lawyers are very educational. Beth McGinn is top notch and incredibly responsive, thoughtful, and provides advice that is both practical and efficient.’
Key clients
NYDFS Licensed Mortgage Lenders
Various clients re: general California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) advice
National Football League franchise [New York Jets]
Various clients re: general data security incident responses
General GDPR advice to various financial services clients
Various financial services clients
Trade organization
Financial services company
Financial Services Data Protection Working Group
Winnow Privacy & Cybersecurity module
Work highlights
- Advised a National Football League franchise, the New York Jets, relating to privacy and data security issues that may arise when handling sensitive consumer payments information.
- Advised numerous companies on the scope and impact of the CCPA and regarding cyber forensics investigation and vulnerability remediation, cyber insurance, incident response, data breach notification to consumers and regulatory bodies, working with law enforcement, addressing demands in ransomware incidents, and enhancing information security postures to better prevent and mitigate future attacks.
- Representing financial institutions covered by the New York Department of Financial Services in investigations into compliance with DFS’s cybersecurity regulations.
Cleary Gottlieb Steen & Hamilton LLP
Cleary Gottlieb Steen & Hamilton LLP‘s cybersecurity and privacy practice stands out for representing large technology and financial services companies during investigations and for handling the response to significant multinational cyber and data privacy incidents in financial services, retail, technology, and other industries. The team also includes expert litigators who support clients in data breaches, protection, and privacy disputes, as well as privacy and data transfer aspects of bankruptcies. Jonathan Kolodner and Rahul Mukhi demonstrate ‘deep experience in privacy and cyber issues during their many years as federal prosecutors.’ Daniel Ilan is ‘a premier IT lawyer who has vast experience in assessing merger risk from cybersecurity and privacy issues.’
Other key lawyers:
Jon Kolodner; Rahul Mukhi; Daniel Ilan
Testimonials
‘Cleary’s cyber law practice is unique in their breadth of expertise and global scope. Their tight-knit team is small but diverse – ranging from privacy and cybersecurity expertise related to IP and M&A, GDPR and other international regulatory regimes, and data breach response. They also have multiple litigators with deep trial experience.’
‘Jon Kolodner and Rahul Mukhi built deep experience in privacy and cyber issues during their many years as federal prosecutors. Daniel Ilan is a premier IT lawyer who has vast experience in assessing merger risk from cybersecurity and privacy issues.’
Key clients
Polychain Labs
ZIM
Giorgio Armani Corporation
FullBeauty Brands
Square/Credit Karma
Bear Carlyle
Lowe’s
Hugo Boss
American Express Company
Work highlights
- Advised Google in connection with the data (including privacy and data security) aspects of its acquisition of multiple companies.
- Advised American Express Company in the data (including cybersecurity) aspects of American Express Global Business Travel’s agreement to acquire Expedia Group’s corporate travel arm.
- Acting as U.S. cybersecurity counsel to Lowe’s, including providing ongoing cybersecurity and data privacy advice.
Cooley LLP
Cooley LLP is a solid name in the market for cybersecurity, data and privacy law and its name is linked to the assistance of large companies in the healthtech, education, insurtech, fintech, social media and life sciences sectors. The team’s workload notably includes data protection work on IPOs and privacy class actions in the context of social media. Cross-practice expertise in venture capital and emerging companies is also highly appreciated by clients. In San Francisco, Michael Rhodes acts as global chair and Matthew Brown as vice chair. Vice chairs in other offices are Travis LeBlanc in Washington DC, who has ‘broad experience provides business-focused counsel’ and Denver's David Navetta. In Washington DC, associate Charlie Wood stands out for his privacy and data security litigation practice. In June 2021, Lei Shen joined the Chicago-based team from Mayer Brown LLP.
Practice head(s):
Michael Rhodes
Other key lawyers:
Matthew Brown; Travis LeBlanc; David Navetta; Charlie Wood; Lei Shen
Testimonials
‘Travis LeBlanc and Cooley’s team with broad experience provides business-focused counsel. With sound judgment, they bring maximum value and are open to coordinating with our internal legal team to help us manage spend.’
Key clients
Zoom Video Communications
Chan Zuckerberg Initiative
Uber Technologies
Netflix
Coinbase Global
FabFitFun
Goldman Sachs
Instacart
Grindr
Horizon Therapeutics
Intuit
First Data/Fiserv
Metromile
JP Morgan
Meredith Corporation
Foot Locker
Microsoft Corporation
Work highlights
- Advised Zoom on reaching a positive non-monetary settlement with the FTC, resolving its high-profile investigation into Zoom’s user privacy and security representations and practices. data.
- Represented Facebook in the largest privacy class action in US history and the first-ever class action filed under the Illinois Biometric Information Privacy Act.
- Represented an education tech company in a case concerning a 2018 data breach affecting 40 million user accounts, achieving one of the first and most favorable resolutions in one large mass arbitrations in US history.
Davis+Gilbert LLP
Privacy and data security in relation to digital media and interactive advertising is at the center of Davis+Gilbert LLP‘s department focus. The New York-based team is managed by Gary Kibel and Richard Eisert and provides state-wide regulatory advice, including in California on the California Consumer Privacy Act, the Children’s Online Privacy Protection Act (COPPA) and the California Privacy Rights Act (CPRA), among others. Additionally, Kibel leads the team for all breach response matters, while Eisert offers counsel on all aspects of marketing, promoting and selling goods and services. Counsel Oriyan Gitig is also highlighted.
Practice head(s):
Richard Eisert; Gary Kibel
Other key lawyers:
Oriyan Gitig
Key clients
Vistar Media
Tradeswell
Arcspan Media
GPS Trackit
Magellan AI
Forbes
Roofstock
StackAdapt
Actable Data
Ardsley Media
theBalm
Giant Spoon
Work highlights
- Acted as counsel for numerous clients on how best to conduct CRM retargeting and avoid running afoul of the applicable legal limitations, and how best to allocate risks under agreements with CRM retargeting vendors and platforms.
- Regularly counseled numerous agencies, advertisers, operators and developers to ensure that their privacy policies, promotions, websites, mobile apps and connected devices comply with COPPA.
- Advising various clients on the CPRA, CDPA and CPA and the adjustments that they will need to make to ensure their privacy compliance programs are consistent with the new laws.
Debevoise & Plimpton LLP
Debevoise & Plimpton LLP‘s expertise in data strategy and data security is ‘unmatched’. The team stands out for handling complex investigations and privacy incidents, including ransomware attacks. Luke Dembosky in Washington DC focuses on DOJ cyber cases and leads the team alongside New York’s Avi Gesser, ‘an amazing counselor’ and best known for representing international financial services firms, private equity firms, hedge funds and media organizations throughout cybersecurity incidents and civil lawsuits. Risk assessor Jim Pastore is also noted. Counsel Johanna Skrzypczyk joined the team in April 2021 from the New York Attorney General’s office and focuses on data privacy and consumer fairness. The newly opened San Francisco office, established in late 2021 also has cybersecurity capabilities.
Practice head(s):
Luke Dembosky; Avi Gesser
Other key lawyers:
Jim Pastore; Johanna Skrzypczyk
Testimonials
‘The expertise of the lawyers at Debevoise is unmatched. They have some of the most experienced lawyers in the trade.’
‘Luke Dembosky is simply a brilliant, dedicated, extremely talented and yet humble individual. He is a pleasure to work with.’
‘Avi Gesser is an amazing counselor who is able to apply his expertise to provide practical advice addressing the commercial and fiduciary concerns of management responding to a cybersecurity breach.’
‘Robert Maddox is a rising star; Luke Dembosky is fantastic – his experience untouchable.’
Key clients
American Express
Bloomberg L.P.
Capital One
Deloitte
GoDaddy
Morgan Stanley/E*Trade
National Basketball Association
Prudential Financial
Robinhood
Spirit Airlines
SolarWinds
S&P Global
Warner Music Group
WPP Group
Work highlights
- Co-representing SolarWinds in connection with the high-profile nation state cyberattack that impacted the company’s Orion products and internal systems that the company disclosed in December 2020.
- Representing a payment services group against a putative class action complaint filed in the Northern District of California alleging violations of the California Consumer Privacy Act and related claims resulting from a data breach that may have exposed customer data.
Dechert LLP
Dechert LLP is able to attract high-profile clients dealing with significant data breaches and cyber-attacks as well as those seeking strategic advice especially in connection to M&A, financings and commercial transactions due diligence. Brenda Sharton and Karen Neuman head up the practice from Boston and Washington DC; respectively. Sharton is praised as ‘a fantastic partner to any business’ and an expert litigator, arbitrator and often acts on civil government, regulatory and enforcement matters. Neuman specializes, among other matters, in the collection, use, processing and protection of consumer and employee data. Associate Hilary Bonaccorsi in Boston is highlighted for her knowledge of global privacy and cybersecurity laws and frameworks.
Practice head(s):
Brenda Sharton; Karen Neuman
Other key lawyers:
Hilary Bonaccorsi; Timothy Blank
Testimonials
‘The lawyers are extremely knowledgeable on US as well as international laws and the application thereof; are incredibly responsive; are able to present business friendly advice to difficult problems; and have a deep breath of legal experience in the industry.’
‘Hilary Bonaccorsi and Timothy Blank are top-notch lawyers, with expertise on current legal issues, proactive and business-friendly in their advice, super responsive and have a great understanding of the needs of the business and how to seamlessly integrate legal requirements.’
‘Brenda Sharton and the entire Dechert cyber/privacy team is amazing and easy to work with. They are available 24/7, very responsive, and consistently offer insightful and practical guidance. Easy billing arrangements ensure one can tap Dechert’s expertise on minor matters without fear of being nickel-and-dimed.’
‘Brenda Sharton is a fantastic partner to any business. Her experience, pragmatism, and calm have served well for years. Unlike partners at other firms, Brenda genuinely cares about her clients and sees us as more than just a source of billable hours. Colleen Hespeler has been wonderful to work with as well.’
Key clients
Flo Health, Inc.
Moderna, Inc.
Global, Multi-Billion Dollar, Public Transportation Company
Pearson, plc
Macy’s, Inc.
Cano Health, Inc.
Work highlights
- Represented Flo Health in the high-profile FTC settlement relating to its data sharing practice.
- Represented Moderna in connection with the publicized European Medicines Agency (“EMA”) data breach of Covid-19 vaccine information.
- Representing Macy’s in a purported class action litigation in the aftermath of a data breach in October of 2019, involving malware that captured credit card information for retail customers.
DLA Piper LLP (US)
DLA Piper LLP (US) provides global advice across the whole spectrum of breaches, due diligence, privacy litigation, multi-jurisdictional compliance and enforcement matters. San Diego-based Andrew B Serwin leads the team and recently stood out for acting as lead incident response counsel to SolarWinds in their global cybersecurity incident. In Miami, Carol Umhoefer is known for her knowledge of music compliance. Kate Lucente in Seattle advises client on privacy, cybersecurity, data retention and is a specialist of several data protection compliance regimes. The team’s data breaches capability was recently expanded with the arrival in San Diego of partner Justine Phillips, who joined in October 2021 from Sheppard, Mullin, Richter & Hampton LLP. Jim Halpert departed for a position at the Office of the National Cyber Director.
Practice head(s):
Other key lawyers:
Carol Umhoefer; Kate Lucente; Justine Phillips; Chelsea Staskiewicz
Testimonials
‘Value the depth and breadth of the cyber team with the addition of Justine Phillips and her group.’
‘Justine Phillips and Chelsea Staskiewicz are engaging, intelligent, super responsive, available at all hours of the day, days of the week. Able to quickly get to the bottom of issues, amazing connectivity with a network of wonderful service providers. Wonderful ability to explain complex issues to non-cyber folks’
Key clients
SolarWinds
Visa
State Privacy & Security Coalition
ZeniMax Media, Inc.
MyLife
Southern California Edison
Clorox
CVS/Aetna
Broadridge Financial Solutions, Inc.
AuthenticID
Work highlights
- Advising SolarWinds in a lead incident response in the global cybersecurity incident that gained worldwide attention.
- Advising Visa on cyber and privacy issues, including performing diligence on a number of transactions in the FinTech space, including the attempted acquisition of Plaid and the planned acquisition of Tink, both cutting-edge emerging tech companies.
- Representing a highly effective coalition of 30 communications, media, technology, financial services, health care, automotive and tax preparation companies, played a key role helping to draft the 3 multi-right privacy laws that passed in the US this year.
Eversheds Sutherland
In Washington DC, Eversheds Sutherland‘s cybersecurity and data privacy team advises prominent corporations around the world in numerous industry sectors, notably technology, financial services, healthcare and TMT on a broad spectrum of privacy and data security matters. Leveraging its global practice, the firm specializes in federal and international compliance frameworks and cross-border data transfers, while also excelling in data breach response, litigation and crisis management. Practice head Michael Bahar ‘is a standout practitioner’ with extensive knowledge of the sector and experience as a former deputy legal advisor to the National Security Council at the White House.
Practice head(s):
Michael Bahar
Testimonials
‘Michael Bahar is a standout practitioner. Lots of knowledge and marshals a strong team around him. An incredibly hard worker, he is very strategic in his approach to solving problems.’
‘The cyber team offers personal service and follow through. They assist in getting at an answer and do an amazing job.’
Work highlights
- Represented a global retailer to assist them with privacy and cybersecurity matters in the US and internationally, including helping them with the investigation and analysis of being a victim of data theft to ascertain its reporting and notification responsibilities for customers potentially affected in 38 countries.
Fenwick & West LLP
Fenwick & West LLP is known for representing technology and life sciences companies. Its privacy and cybersecurity team, led by San Francisco-based Tyler Newby, is particularly sought out by leading pharma, biotech and clinical research companies seeking help with digital health and pharma matters, including health analytics, global compliance and data breaches. Finance, gaming and consumer products are also key sectors. Class action litigation and M&A advice complete the offering.
Practice head(s):
Tyler Newby
Key clients
InMobi
Rivian
Coinbase
Cisco
Applovin
Align
Otsuka
Hill International
Transatlantic Reinsurance
CLS Behring
Wayfair
Supercell
Roblox
Instacart
Imperva
Work highlights
- Advising InMobi, based in India, to enhance and further develop it privacy program controls and AdTech compliance under the CCPA, the Interactive Advertising Bureau (IAB) standards and other industry guidelines.
- Advised Coinbase in putting in place key privacy and security policies and procedures, M&A, cyber-attack prevention, incident response and global compliance.
- Advised Rivian to help define its privacy and data sharing practices for its products and services and build a global privacy program.
Gibson, Dunn & Crutcher LLP
Gibson, Dunn & Crutcher LLP‘s privacy, cybersecurity and data innovation department receives praise from the market for the breadth of matters it handles, spanning from regulatory scrutiny, litigation, and law enforcement, and for its remarkable client portfolio, which includes names of the caliber of Facebook, Tencent, Cartoon Network and the New York Times, among others. Technology, advertising and privacy litigation are particular strengths of the team, which is also highlighted for its internal investigation expertise, derived from the presence of lawyers in the team who are former cyber-crime prosecutors. In New York, Alexander Southwell co-chairs the group and is a member, among others, of the white collar defense and investigation practice. His counterpart is Ashlie Beringer in Palo Alto, who focuses on defending technology companies in global regulatory and litigation matters. Eric Vandevelde and Ashley Rogers are also key members of the team.
Practice head(s):
Ashlie Beringer; Alexander Southwell
Key clients
Coinbase
Meta/Facebook
Tencent
New York Times
Cartoon Network
NCTA
Xandr
Binance
Work highlights
Goodwin
Goodwin‘s data, privacy and cybersecurity team is known for assisting clients in the design and implementation of data-driven products and the protection of privacy rights, and during transactions and related agreements. Incident preparedness and response are also at the center of the offering, as are litigation and investigation matters. In October 2021, former vice president and chief knowledge officer at the IAPP Omer Tene joined the firm as partner and is now the firm’s Boston-based practice head alongside his New York counterpart Boris Segalis. In the same locations are, respectively, David Kantrowitz and Jacqueline Klosek, former counsels both promoted to partner in October 2021. Kantowitz received praise for being ‘patient and effective at delivering both good and bad news’ and was described as ‘a top-notch strategic thinker.’
Practice head(s):
Boris Segalis; Omer Tene
Other key lawyers:
David Kantrowitz; Jacqueline Klosek
Testimonials
‘Goodwin has assembled a very strong team that includes diverse background experience, from policy experts from IAPP, to those with in-house experience, and partners who have been practicing privacy at a firm for decades. This enables them to have a very good grasp of both where the winds are blowing, but also practically how companies can implement and interpret various requirements that on their face seem daunting.’
‘They have a relaxed and less stodgy approach that makes it easy to engage them and sort out the path of least resistance to getting the needed guidance or work product. Their flexibility helps to save money, because a quick call with the right internal players is enough to satisfy clients’ needs without having to document formal opinions/guidance. However, in the cases where one needs work product, their responses are comprehensive and prompt.’
‘Responsive, collaborative.’
‘David Kantowitz is patient and effective at delivering both good and bad news. A top-notch strategic thinker who really boosts clients’ confidence.’
Key clients
Binance.US
BitSight
CLEAR
Hopin
Lucid Motors
Metropolitan Transit Authority
Paperless Post
ZoomInfo
Work highlights
Hogan Lovells US LLP
Hogan Lovells US LLP‘s privacy and cybersecurity practices stretches across the Atlantic and is led in the US by Washington DC-based Scott Loughlin. Such global integration, involving Hong Kong and Beijing, is an asset for the team, especially when advising on global privacy and cybersecurity matters and regulations. Compliance with the CCPA, HIPAA and GDPR are a significant part of the firm’s offering, as is the advice in connection to M&A and joint ventures in the healthcare sector. Mark Brennan and Brett Cohen are involved in a matter for Google and are providing advice in connection to cybersecurity and law enforcement surveillance and social media regulation, among other areas, and representing it in class actions. Marcy Wilder, Harriet Pearson and Paul Otto are other key names.
Practice head(s):
Scott Loughlin
Other key lawyers:
Mark Brennan; Brett Cohen; Marcy Wilder; Harriet Pearson; Paul Otto; Peter Marta; Michelle Kisloff
Testimonials
‘The Hogan Lovells privacy and data security practice group has extensive expertise and knowledge of global privacy/security laws, and a robust team with many experts globally that can be relied on to provide clients with deep knowledge and excellent work product.’
‘Scott Loughlin is an exceptional privacy partner with expertise in regulatory, compliance and transactional matters. His ability to quickly assess an issue from a legal perspective, and translate that to practice business advice and recommendations, is extremely valuable both within the firm and to clients.’
‘Knowledgeable, responsive, and aware of business concerns and issues’
‘Michelle Kisloff is a thoughtful, experienced and relentless advocate. Able to understand and appreciate the business context necessary to deliver effective advice. Nathan Salminen is a smart, thoughtful lawyer who helps navigate complex situations calmly and carefully.’
‘Peter Marta is an exceptional legal advisor. For any company facing a data breach, he should be your first call. Peter has deep knowledge of the financial services regulatory environment and has handled countless cyber-incidents. Peter stands out for his calm demeanor, ability to communicate risk to senior management, contacts at law enforcement, and understanding of the cyber-threat environment.’
Key clients
Unum
Equifax, Inc.
Google LLC
Salesforce
Peloton Interactive, Inc.
Fox Corporation
Anthem, Inc.
Advance Publications, Inc.
Globe Life, Inc.
Foundation Medicine, Inc.
Exact Sciences Corporation
Otsuka
Truveta, Inc.
Work highlights
- Advised Unum in response to a data security incident and the New York Department of Financial Services’s investigation into that incident.
- Advising Equifax on a consumer data breach announced by the company in September 2017 – one of the largest and highest profile breaches in U.S. history, affecting approximately 147 million consumers.
- Advising Google’s global government affairs and public policy, legal, and product teams on a broad range of key data privacy, cybersecurity, technology, digital services, and Internet policy matters.
Hunton Andrews Kurth LLP
Hunton Andrews Kurth LLP is widely recognized as a cybersecurity law leader, specializing in complex cybersecurity and data breach events. Recently, the New York-based department has been particularly active advising clients in data breach preparedness, data transfer strategies post-Schrems II and defending major businesses against claims with respect to the CCPA. The practice is led by Lisa J. Sotto, who is also known for her role as chair of the US Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. The team includes Aaron Simpson, who has an established EU data protection practice and provides ‘exceptional commercial perspective and insight.’ Brittany Bacon advises large, multinational companies on large cybersecurity incidents. Associate Danielle Dobrusin has a name as CCPA and CPRA expert.
Practice head(s):
Lisa Sotto
Other key lawyers:
Aaron Simpson; Brittany Bacon; Danielle Dobrusin
Testimonials
‘Highly skilled and commercial perspectives with quick attention.’
‘Aaron Simpson has exceptional commercial perspective and insight.’
Key clients
Cybereason Inc.
Google Inc.
Herbalife International of America Inc.
iHerb
Kering
MUFG Union Bank
Primo Water Corp.
Silver Lake Technology Management, L.L.C.
TJX Companies, Inc.
TPG Global, LLC
Cybereason Inc.
Google Inc.
Herbalife International of America Inc.
iHerb
Kering
MUFG Union Bank
Primo Water Corp.
Silver Lake Technology Management, L.L.C.
TJX Companies, Inc.
TPG Global, LLC
Work highlights
- Providing global privacy and cybersecurity advice to Kering Americas.
- Advising Silver Lake Technology Management, L.L.C on global privacy and data issues.
- Advising TJX Companies, Inc on global privacy and data issues.
Jones Day
Jones Day‘s ‘cutting-edge’ cybersecurity, privacy and data protection practice ‘can’t be recommended highly enough.’ The globally integrated team is particularly known for its international cyber incident response and forensic investigations capabilities and its ‘exceptionally skilled attorneys.’ Daniel McLoon and Lisa Ropple in Boston jointly lead the group, specializing in consumer class action defense and global cyber incidents, respectively. In Irvine, Edward Chang, who focuses on privacy litigation and regulatory compliance, and cybersecurity expert John Vogt are described as ‘the best in the business’.
Practice head(s):
Daniel McLoon; Lisa Ropple
Other key lawyers:
Edward Chang; John Vogt; Richard Grabowski
Testimonials
‘Cutting-edge practice with partners and associates skilled at providing fast and practical advice on compliance with an ever-changing slate of privacy laws and regulations. Jones Day is a trusted external advisor for significant and complicated legal matters and can’t be recommended highly enough.’
‘Richard Grabowski, Edward Chang and John Vogt are the best in the business. Exceptionally skilled attorneys, highly valued by legal and business teams for their advice and counsel on sophisticated cybersecurity, privacy and data regulatory matters.’
Key clients
Internet Corporation of Assigned Names and Numbers (ICANN)
Allies Against Slavery
Experian Information Solutions, Inc.
Lower My Bills
Kelley Drye & Warren LLP
Clients turn to Kelley Drye & Warren LLP‘s privacy and information security practice for its ability to obtain termination of investigations by government agencies on matters involving consumer data and technology practices. The team focuses on compliance, including to the GDPR and CCPA, privacy and data protection disputes, which are led by litigation co-head Lauri Mazzuchetti from New Jersey, and advertising law. Practice head Alysa Hutnik, based in Washington DC, is particularly strong in the latter area as well as antitrust and consumer protection. In late 2021, Laura VanDruff and Jessica Rich, both with experience working at the FTC, joined the Washington DC team.
Practice head(s):
Alysa Hutnik
Other key lawyers:
Lauri Mazzuchetti; Laura VanDruff; Jessica Rich
Testimonials
‘The team has a depth of experience across industries that is hard to beat. They also communicate in real, practical terms that both we in legal and the business teams find extremely helpful. They are also great at identifying potential issues, and because of their depth of experience, always anticipate executive’s questions and help them understand the situation. Kelley Drye also maintains a billing dashboard where clients can view updated bill information as it’s coming in, so if there are concerns on cost or budget they can immediately weigh in where they’re at.’
‘Overall the team is fantastic for all privacy, advertising, and more and more regulatory matters. The team is universally responsive, and they know our business well in order to give advice that is not only legally correct, but also practical, smart and efficient. Their rates are also very reasonable, and they work with us on billing concerns.’
‘Alysa Hutnik -depth of experience, longtime practitioner in this space – she has seen the regulations and laws from the beginning and their evolution. Also understands our business well and can cut right to the chase instead of driving up cost and actually meaningfully take work off our internal team’s plate. Her billing rate is also extremely reasonable, especially compared to other big firms. She’s smart, practical, easy to work with, and also extremely responsive.’
‘Laura VanDruff is extremely smart, practical, and reasonable. Her long experience at the FTC gives her unique insight, especially into the issues of customer harm that is extremely valuable.’
‘Lauren Myers – very knowledgeable and responsive.’
Key clients
Walt Disney Company
Instacart
Kohl’s Department Stores
LendingTree
Imax Corp.
AmeriFactors Financial Group, LLC
Keurig Dr Pepper
Dollar Shave Club
DISH Network LLC
Five9
Work highlights
- Assisting the Walt Disney Company with numerous verticals to help design and implement a CCPA compliance program for the company across the enterprise.
- Assisted Keurig Dr Pepper to help them establish their CCPA compliance program, including by designing and implementing their privacy rights process, privacy notices, data governance controls, vendor risk assessment, and advising on digital advertising compliance.
King & Spalding LLP
King & Spalding LLP has global data protection, crisis management and response, and litigation capacities. Particularly outstanding is the firm’s data breach class action litigation practice and its knowledge of the finance sector. Phyllis Sumner in Atlanta co-heads the team and has notably acted as lead counsel for Equifax during 2021 in its response to its high-profile data breach. His counterparts are David Balser, also in Atlanta, and Zachary Fardon in Chicago. Washington DC-based Robert Hudock is appreciated for his experience in the technical aspects of data breaches. Scott Ferber left the firm in July 2021. Natasha Moffitt is now retired.
Practice head(s):
Phyllis Sumner; David Balser; Zach Fardon
Other key lawyers:
Robert Hudock
Testimonials
‘Phyllis Sumner leads a top-notch team with deep experience in the full spectrum of data privacy issues, from risk assessment and planning to incident response and representation in investigations and lawsuits.’
‘Phyllis Sumner is at the top of the profession in this area.’
Key clients
Capital One
The Home Depot, Inc.
Equifax, Inc.
SolarWinds
Lyft
Hims & Hers Health
Eaze
Deloitte Consulting
National Western Life Insurance
The Gap, Inc.
Work highlights
- Representing Capital One in over 60 consumer class actions filed in federal courts throughout the country arising from the data breach incident that Capital One announced in July 2019 involving the compromise of personal information of 98 million customers in the United States.
- Representing Home Depot in a putative nationwide class action filed against various retailers and other defendants, alleging violations of the California Consumer Privacy Act (“CCPA”) and California’s Unfair Competition Law (“UCL”), as well as claims for invasion of privacy and unjust enrichment, relating the use of a third-party vendor for fraud mitigation services.
- Represented Home Depot in a putative Florida class action, alleging violations of the Florida Security of Communications Act (“FSCA”), as well as a claim for invasion of privacy, relating to the use of session replay technology for website optimization services.
Latham & Watkins LLP
Latham & Watkins LLP receives high praise for its media, technology and telecoms practice. The team is known for assisting high profile tech companies including Facebook in non-US regulatory investigations and related disputes, Accellion in several class action lawsuits, and Zynga, Inc. in a significant data breach. Based in Washington DC, Jennifer Archie leads up the team and is an expert defending clients in Federal Trade Commission, Department of Health and Human Services, and state attorney general investigations. Michael Rubin stands out for his assistance of global technology companies in data crises matters. Serrin Turner in New York is an experienced trial lawyer. Antony Kim in Washington DC is ‘very knowledgeable in the area of cyber law, and is able to apply that knowledge to get clients to quick decision points.’ EU and US-qualified Robert Blamires in San Francisco has significant cross-border experience. Also in DC, Marissa Boynton was promoted to partner in mid-2022.
Practice head(s):
Jennifer Archie; Antony Kim; Michael Rubin; Serrin Turner
Other key lawyers:
Robert Blamires; Serrin Turner; Marissa Boynton; Mark Mester
Testimonials
‘Tony Kim is the most pragmatic and efficient lawyer. Outstanding client service, timely delivery, expert guidance – what more do you want?’
‘Antony Kim is very knowledgeable in the area of cyber law, and is able to apply that knowledge to get clients to quick decision points. He is also willing and able to assist in many different areas of cyber law, which is different from other large firms that shuffle a client to different specialists within the firm. Tony has gotten several very good results in significant matters.’
‘Mark Mester’s knowledge of complex commercial class action litigation and experience permitted us to obtain a very good result in a complex and significant case.’
‘Jennifer Archie is great at getting to the heart of cyber law issues to assist the client to make quick decisions.’
Key clients
Facebook, Inc.
Accellion
Omni Agent Solutions, Inc.
Intuit
Zynga, Inc.
Varsity Brands
Airbnb, Inc.
Slack Technologies, Inc.
Vivid Seats
The Carlyle Group
Bain Capital
KKR & Co, Inc.
Loeb & Loeb LLP
At Loeb & Loeb LLP in New York, James Taylor acts as head of the advanced media and technology practice, which comprises the privacy, security and data innovations group. The team is co-led by Jessica Lee and recent addition Tanya Forsheit, who joined in September 2021 from Frankfurt Kurnit Klein & Selz PC and is based in Los Angeles. Lee oversees clients launching, marketing and monetizing their digital products and content. Forsheit is a privacy and data security lawyer with longstanding experience in interest-based advertising, privacy policies, mobile apps, cloud computing, smart devices, and data analytics.
Practice head(s):
James Taylor; Jessica Lee; Tanya Forsheit
Key clients
Comcast Cable Communications
Toyota Motor North America
Tyler “Ninja” Blevins
NBCUniversal Media LLC
Comcast Cable Communications
Comcast Cable Communications
Toyota Motor North America
Tyler “Ninja” Blevins
NBCUniversal Media LLC
Comcast Cable Communications
Manatt, Phelps & Phillips, LLP
Manatt, Phelps & Phillips, LLP‘s strengths lie in the corporate data and legal and operational risk space. The offering spans from proactive and reactive cybersecurity to data privacy matters across all sectors but focusing on technology, finance and healthcare. Donna Wilson in Los Angeles and Scott Lashway in Boston co-lead the department. Wilson is appreciated for her crisis management and business strategy skills. Lashway handles privacy and data security-related disputes and incident response investigations. Orange County-based Brandon Reilly and Washington DC's Kaylee Cox Bankston are highlighted.
Practice head(s):
Donna Wilson; Scott Lashway
Testimonials
‘The team provides practical advice along with spot-on legal advice.’
‘Besides being responsive, generous with his time and a joy to work with, Scott Lashway has a unique specialty re privacy and cybersecurity.’
Key clients
Ann & Robert H. Lurie Children’s Hospital
Benefis Health System, Inc.
CVS Health Corporation
Luna Grill Restaurants
Shopify
BMO Harris Bank, N.A.
MassMutual Financial Group
New York eHealth Collaborative
Work highlights
- Represented Ann & Robert H. Lurie Children’s Hospital of Chicago in Jane Doe and Baby Doe v. Ann & Robert H. Lurie Children’s Hospital of Chicago.
- Representing BMO Harris Bank, N.A., in a single plaintiff action involving allegations that senior bank employees accessed and transferred data without authorization in connection with personal matters.
- Representing the New York eHealth Collaborative (NYeC), a non-profit that helps govern public health information exchanges in New York State, regarding policies and procedures, and compliance with new regulatory requirements, such as the federal information blocking rules.
Mayer Brown
Mayer Brown is highlighted for its international capability to act on matters involving cybersecurity threats and global data privacy regulation and developments, including the European Union’s GDPR and the CCPA. Transnational cyber incidents, global data breaches, class actions against technology companies, and autonomous vehicle security issues all belong to the team’s areas of expertise. The department is jointly headed up by Washington DC-based Rajesh De, who ‘has significant high-level government experience’ and provides ‘direct, clear and practical’ advice. Cyber-extortion expert David Simon, also in DC, is further noted. Lei Shen left the firm in June 2021, while the March 2022 arrival of co-head Dominique Shelton Leipzig to the Los Angeles office from Perkins Coie LLP was a significant boost to the firm’s global data and adtech capabilities.
Practice head(s):
Rajesh De; Dominique Shelton Leipzig
Other key lawyers:
David Simon
Testimonials
‘The work is timely, skillful, and demonstrates good judgment and an awareness of business needs, not just legal requirements.’
‘Exceptional level of knowledge, experience and expertise.’
‘The Mayer Brown team brings significant practical experience in government oversight and regulation as well as support for companies proactively addressing cyber and data protection issues and dealing with incidents and their aftermath. When they advise clients, they are calling on real experience, and this matters. There are firms that are building practice groups in this area who don’t have this substantial government and private sector experience.’
‘Raj De has significant high-level government experience and practical experience guiding companies through the minefields in this area of law. His advice is direct, clear, practical. David Simon is an excellent thought partner and advisor with real experience in the trenches helping clients avoid or solve problems in cybersecurity and data protection. He listens to clients, asks the right questions, and gives targeted advice we can implement–all of which gives clients great confidence.’
Key clients
Shutterfly
General Motors
Hallmark
The Carlyle Group
Hyundai Motor America
Gryphon Investors
United Nations
Work highlights
- Representing Shutterfly in a case alleging violations of the Biometric Information Privacy Act
- Representing General Motors in its defense of a putative class action, which invokes state wiretap laws to attack GM’s routine collection using session replay technology of non-substantive, anonymized “mouse clicks” and “keystrokes” for the purpose of improving how their websites function.
- Advising The Carlyle Group, one of the world’s largest and most diversified global investment firms, on a broad range of cybersecurity issues.
McDermott Will & Emery LLP
McDermott Will & Emery LLP works with clients on cybersecurity compliance matters and in the planning of incident response plans. The firm’s worldwide network guarantees competent advice in connection to global regulation frameworks, including CCPA, CPRA, GDPR and regarding international data transfers post-Schrems II. Health data privacy lawyers Ed Zacharias in Boston and Daniel Gottlieb in Chicago, Los Angeles-based cybersecurity and video game technology expert Michael Morgan , and Todd McClelland in Atlanta, who specializes in tech transactions and breach response, jointly lead the team. Jiayan Chen in Washington DC ‘is a rock-star lawyer', while Chicago's Ryan Higgins ‘provides practical, concise constructive and extremely helpful advice.’
Practice head(s):
Michael Morgan; Todd McClelland; Ed Zacharias; Daniel Gottlieb
Other key lawyers:
Jiayan Chen; Ryan Higgins
Testimonials
‘The team proactively reaches out to educate clients and appears to have a deep bench who can address relevant questions across diverse topic areas.’
‘MWE is extremely professional, organized, diligent, and responsive. They are always available to help and provide practical and to-the-point guidance. They are also thought leaders, and prepare excellent webinars and other written materials. They listen well and prepare work product that is closely tailored to the client’s request.’
‘Jiayan Chen is a rock-star lawyer. She is highly competent, professional, engaged, and just an absolute pleasure to work with. She listens well, asks great questions, digs into important details, has command of the healthcare privacy landscape, and prepares outstanding work product. Ryan Higgins provides practice and concise advice. His responses and advice are always constructive and extremely helpful. He is calm and thoughtful and highly professional.’
‘This team is very technology savvy and therefore provides business oriented solutions that work in practice.’
‘Todd McClelland has a special way of treating clients, always kind yet very professional and always focused on the best result for the client.’
Key clients
Vistar Media
Tradeswell
Arcspan Media
GPS Trackit
Magellan AI
Forbes
Roofstock
StackAdapt
Actable Data
Ardsley Media
theBalm
Giant Spoon
American Society of Clinical Oncology (ASCO)
American Urological Association
Athenahealth
Charles Schwab & Co. Inc.
Ciox Health
CoStar
Invitae
iRhythm
Modernizing Medicine
Nuance Communications, Inc.
Premier Inc.
Shell New Energies US LLC
Start.io
Viz.Ai
Voluntis SA
Zocdoc
Work highlights
- Assisting numerous clients on how best to conduct CRM retargeting and avoid running afoul of the applicable legal limitations and how best to allocate risks under agreements with CRM retargeting vendors and platforms.
- Advising numerous agencies, advertisers, operators and developers to ensure that their privacy policies, promotions, websites, mobile apps and connected devices comply with COPPA.
- Assisting numerous clients monitoring and understanding of the potential impact of the various new state laws that will come into effect in 2023 including the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (CDPA) and the Colorado Privacy Act (CPA).
McGuireWoods LLP
Based in Tysons, Andrew Konia manages the data privacy and security offering at McGuireWoods LLP, and is an expert in supporting clients during investigations, data breaches and tech sector M&A, with a particular emphasis on the telecoms sector. Janet Peyton in Richmond, Pittsburgh's Anne Peterson and Rodger Heaton in Chicago are further key names in the team. Emily Voorheis left for an in-house role in early 2021.
Practice head(s):
Andrew Konia
Other key lawyers:
Janet Peyton; Rodger Heaton; Anne Peterson
Testimonials
‘The McGuire Woods team provides incredible knowledge, communication and counsel. Their uniqueness comes from the combination of their knowledge and their ability to provide a clear path forward for their clients in a time of considerable concern. The team is exceedingly clear in what the client’s obligations are and what they must do to ensure a proper response to a data issue. In a room full of lawyers and interests, McGuire Woods is the clearest, smartest and most important voice. A client cannot ask for more.’
‘Anne Peterson not only knows her stuff but listens to and understands her clients’ concerns before providing counsel. When done discussing an issue with Anne you are left understanding the issue and the path forward which leads to a confidence in your situation that you did not have initially. There is incredible value in that and it’s unique.’
‘Top notch knowledge and expertise but also delivered in a way that breaks complexity down and conveys complex legal advice in a way that is easy for non-lawyer clients to understand. The team’s capabilities were phenomenal and really showed a depth of practical experience that allowed them to promote efficient, effective and pragmatic solutions. Very impressive.’
‘Service that went above and beyond. During “crises” they were able to move swiftly. They also made an effort to understand the clients’ risk-appetite and their perspective on issues of concern. They don’t simply advise – they provide context-specific guidance.’
Morgan, Lewis & Bockius LLP
Among Morgan, Lewis & Bockius LLP‘s sector specialisms, data security incident consumer class actions stand out. Notably, a team led by practice co-head Gregory Parks in Philadelphia assisted the Hudson’s Bay Company in a series of class actions arising from a data incident involving payment card information. Class actions relating to the improper use of cookies, CCPA and GDPR matters are also at the heart of the practice, which includes San Francisco-based Reece Hirsch and Mark Krotoski in Silicon Valley as key names.
Practice head(s):
Reece Hirsch; Gregory Parks; Mark Krotoski
Testimonials
‘Gregory Parks is hands down the best attorney we have ever worked with. He is responsive, understands the business urgency and gets us exactly what we need from him. He also is fast to connect us to other teams for different subject areas.’
Key clients
Hudson’s Bay Co.
Miklos Daniel Brody
Xperi
Center for Workplace Compliance
Work highlights
- Representing Hudson’s Bay Co. (HBC) in all class actions arising from its recent data incident involving Saks Fifth Avenue and Lord & Taylor, two of the brand banners that HBC owns.
- Acting as lead counsel to an American chain of convenience stores and gas stations for incident response litigation of 30 class actions filed by consumers, financial institutions and employees, Attorneys General, and other regulator inquiries, and card-brand investigations in an incident reportedly involving more than 30 million payment cards.
- Representing the Center for Workplace Compliance in a civil copyright infringement and Computer Fraud and Abuse Act (CFAA) case against Littler Mendelson.
Morrison & Foerster LLP
Morrison Foerster is particularly well-known for guiding high-profile clients in their response to disruptive data breaches, disputes and compliance. Among the firm’s notable work includes acting as breach counsel to FireEye/Mandiant in the SolarWinds supply-chain compromise, alongside representing other major clients before federal regulators and in other inquiries, class actions and investigations. Highly recognized Miriam Wugmeister acts as global co-chair in New York. Julie O’Neill, who divides their time between Boston and Washington DC, is a privacy and consumer protection law expert. Purvi Patel in Los Angeles has a niche expertise in businesses’ collection of personal information. Christine Lyon left the firm in August 2021. New York’s Kristen Mathews is ‘by far the most knowledgeable data privacy and data protection lawyer one can work with’, demonstrating ‘leading expertise’ in the full spectrum of privacy, data protection, and cybersecurity law. DC-based counsel Melissa Crespo is also highlighted.
Practice head(s):
Miriam Wugmeister
Other key lawyers:
Julie O’Neill; Purvi Patel; Kristen Mathews; Melissa Crespo
Testimonials
‘Kristen Mathews’s knowledge of the law exceeds that of any data privacy or data protection expert. She is able to draft complex consent forms, privacy policies, and data protection addendums within days. She is extremely responsive, yet her work was at the same time extremely thorough. She collaborates deftly with lawyers around the world, helping clients to adapt their policies to different jurisdictions with widely varying data protection laws.’
‘Kristen Mathews is by far the most knowledgeable data privacy and data protection lawyer one can work with. She is a leading expert in the full spectrum of privacy, data protection, and cybersecurity law. But this is far from her only quality. Although her expertise is vast, she has an acute awareness of its limits, knows precisely when it is helpful to involve other partners and external experts. Finally, she has excellent leadership skills and has been an incredible point person for our broader engagement with Morrison & Foerster.’
‘The team is led by Kristen Mathews who is extremely detail oriented and offers tailored solutions based on client needs.’
Key clients
Salesforce
Marriott
Adidas
Samsonite
Unity Technologies
Pfizer
FireEye
American Bankers Association
Prudential
Target
Work highlights
- Represented FireEye/Mandiant in connection with the company’s investigation of and response to the unprecedented SolarWinds compromise that was also used to target key U.S. government and private sector entities.
Norton Rose Fulbright US LLP
Norton Rose Fulbright US LLP stands out in the information governance, privacy, and cybersecurity space with a nationwide team and broad experience in key sectors such as life sciences, retail, telecoms and technology. The practice is focused on cybersecurity incidents response, an area in which the team developed an in house solution involving automated intervention schemes based on pre-defined severity levels and real-time connectivity to Security Operations Centers. Compliance and privacy complete the department’s offering. Will Daugherty in Houston acts as co-practice head together with Chris Cwalina in Washington DC, who focuses on complex cybersecurity attacks and data breach investigations, New York-based duo Andrea D’Ambra and David Kessler, who specialize in addressing litigation readiness and cross border discovery matters, and Steven Roosa , who is also based in New York and oversees the development of the firm’s privacy compliance tool suite, NT Analyzer.
Practice head(s):
Chris Cwalina; Andrea D’Ambra; David Kessler; Steven Roosa; Will Daugherty
Key clients
Abbott Laboratories
Gilead Sciences
GlaxoSmithKline plc
Baker Hughes
LPL Financial
Work highlights
- Representing a global media communications company that suffered a ransomware incident affecting operations in 89 countries.
- Assisting a French marketing agency in a ransomware incident affecting operations in France.
- Acting as lead privacy counsel to Abbott Laboratories regarding CCPA, GDPR and HIPAA compliance.
Orrick, Herrington & Sutcliffe LLP
The highly developed and recognized cyber, privacy and data innovation practice at Orrick, Herrington & Sutcliffe LLP attracts high-profile clients, including, among others, Microsoft, which hired the team for a biometric privacy litigation, and Twitter, which the team represented in a privacy class action. The matters were led by Boston-based practice head Douglas Meal, and by Michelle Visser in San Francisco and Seattle's Aravind Swaminathan, respectively. In the Boston office, cybersecurity compliance and advisory lawyer Heather Egan Sussman co-heads the group. San Francisco's Shannon Yavorsky is dual-qualified in California and the UK and considered a US and European data security and privacy expert. Litigator Seth Harrington in Boston and CCPA and COPPA specialist Emily Tabatabai in Washington DC are also noted. Antony Kim left the firm in June 2021.
Practice head(s):
Douglas Meal; Heather Egan Sussman
Other key lawyers:
Emily Tabatabai; Michelle Visser; Aravind Swaminathan; Shannon Yavorsky; Seth Harrington
Testimonials
‘Orrick’s privacy practice has the unique advantage of not only being legal experts in privacy and data protection, but they also clearly understand the technology and operational constraints outside of the law that can impact how a business should interpret privacy regulations. Their advice is pragmatic and digestible to non-legal resources. Their addition of lawyers who specialize in AdTech and MarTech has been incredibly valuable, as this space is increasingly difficult to navigate.’
‘Emily Tabatabai is incredible. Her understanding of technology and ability to explain complex legal requirements into distillable, easy-to-action decision points makes her stand out in the privacy law space. Emily helps to break down the risks of various decision points and how to make operational decisions, especially as it relates to the CCPA and other US privacy laws. Emily is also fantastic at finding global partners to help support our multinational company and interpreting privacy law outside of the US, as well.’
Key clients
Arby’s Restaurant Group
Chime
Donnelley Financial Services
Hilton Worldwide
Interactive Advertising Bureau (IAB)
Microsoft Corporation
NerdWallet, Inc.
Shopify Inc.
TJX Companies
Zynga
Work highlights
- Representing Microsoft in a biometric privacy class action pending in the Northern District of Illinois alleging that Microsoft violated the Illinois BIPA by failing to get informed consent from Illinois ride sharing drivers before initiating its facial recognition software to collect, store and analyze their biometric data.
- Advising Zynga, a publicly traded mobil entertainment company, on a challenging cybersecurity incident that spanned the globe.
- Advising clients on global regulatory and self-regulatory organization developments, anticipating challenges and suggesting privacy compliance solutions for advertising technology companies and industry trade associations.
Paul Hastings LLP
Paul Hastings LLP covers the full range of privacy and data security matters, including assistance during cross-border transactions. Based in Washington DC, the team includes Behnam Dayanim, who is well respected in matters involving FinTech and payments, as well as advertising and gaming cases, vice-chair Sherrese Smith, who excels at US data privacy and security laws and EU GDPR and CCPA regulations, and lead director Jacqueline Cooney. Robert Silvers moved to the U.S. Department of Homeland Security in August 2021.
Practice head(s):
Behnam Dayanim; Sherrese Smith; Jacqueline Cooney
Other key lawyers:
Aaron Charfoos
Testimonials
‘Aaron Charfoos is very knowledgeable and experienced in handling the security incident that he was assigned to work with us as a client. He handled cases professionally. His timely response and update is appreciated too.’
Key clients
Samsung Electronics America
Barclays
Caesars Entertainment
L’Oreal USA Inc.
Align Technology
Cadent Inc.
Biofire Diagnostics, Inc.
Citadel Enterprise Americas LLC
Spectrum Pharmaceuticals
Work highlights
- Assisted BioFire Diagnostics LLC in a substantial matter filed in The United States District Court for the Northern District of Texas, concerning claims of breach of contract, copyright infringement and theft of BioFire’s software by USMN.
- Acting for ModiFace, Inc., a L’Oréal company, against a consumer class action asserting violations of the Illinois Biometric Privacy Act (“BIPA”).
- Assisted Spectrum Pharmaceutical, Inc. in an internal investigation into a ransomware attack against the company.
Proskauer Rose LLP
Ryan Blaney heads up Proskauer Rose LLP‘s privacy and cybersecurity group in Washington DC, which is known for its cross-practice expertise, including corporate, transactional, counseling and litigation skills in relation to matters of data collection, use, and sharing, marketing and customer outreach, and online advertising and data security. Blaney focuses on regulatory compliance, enforcement, litigation and transactions and is also a member of the health care practice, creating further synergies.
Practice head(s):
Key clients
Ascension
T-Mobile
Church & Dwight
National Football League
Hearst
Capstone Investment Advisors
LA 2028 Olympic Committee
Music Theatre International
Accelya, Inc.
Financial Institutions
New Enterprise Associates
Quinn Emanuel Urquhart & Sullivan, LLP
Quinn Emanuel Urquhart & Sullivan, LLP has a ‘massive’ market share of data privacy litigation, an area where the team, led by Jennifer Barrett in New York and Stephen Broome and Viola Trebicka in Los Angeles, does ‘excellent work’. They represent large, global companies in investigations and lawsuits around cyber law, data privacy and security. The department also stands out for successfully collaborating with the class action litigation, government enforcement and regulatory litigation, as well as intellectual property litigation practice groups.
Practice head(s):
Jennifer Barrett; Stephen Broome; Viola Trebicka
Key clients
Google LLC
Ancestry.com
International Business Machines Corporation
TWC Product and Technology LLC
Little Caesar’s Enterprises
KIK Custom Products, Inc.
Work highlights
- Representing Google in multiple class actions alleging that Google improperly received data related to customers’ use of the Chrome browser on third party websites, including claims based on the California Invasion of Privacy Act; Intrusion Upon Seclusion; Breach of Contract; Breach of Implied Covenant of Good Faith and Fair Dealing; Statutory Larceny; and California Unfair Competition Law.
- Representing IBM in multiple, consolidated, class actions by Illinois residents asserting claims under Biometric Information Privacy Act based on allegations that IBM extracted facial identifiers from photographs uploaded to Flickr.
- Representing TWC Product and Technology LLC, a member of The Weather Channel family of companies, against a privacy class action lawsuit alleging that the company failed to adequately disclose that users’ location data would be used for advertising.
Reed Smith LLP
Reed Smith LLP‘s data protection, privacy and cybersecurity team has a significant track record in advising on transactions, regulation and litigation matters, and particularly stands out for its expertise in the finance, life sciences, energy, transportation and adtech sectors. Clients also appreciate the ‘immense value’ offered through custom technology platforms assisting with digital transformation and collaboration, data and intelligence, document management and automation as well as training, project engineering and legal project management. Key contacts include privacy, information security and consumer protection expert Gerry Stegmaier in Washington DC and ‘knowledgeable and responsive’ Sarah Bruno in San Francisco. New York-based counsel Catherine Castaldo and Houston-based cybersecurity specialist Bart Huffman complete the team. Always in Houston, Wendell Bartnick was promoted to partner in early 2021 and is regularly involved in privacy and data security matters, as well as advising clients on crisis management and data incident response issues. Samuel Cullari left the firm in September 2021.
Other key lawyers:
Gerry Stegmaier; Sarah Bruno; Catherine Castaldo; Bart Huffman; Wendell Bartnick
Testimonials
‘The Reed Smith cybersecurity/privacy team is highly responsive and practical, tailoring its advice to the realities of the business and offering immense value through custom technology platforms. The team’s openness to alternative fee arrangements underscores its commitment to partnership, transparency, and delivering value to its clients.’
‘Sarah Bruno is extremely knowledgeable, responsive, and provides practical, actionable advice on both privacy and cybersecurity matters. She is proactive, providing updates on upcoming laws that could impact our business, and finds way to deliver value above and beyond the actual cost of her services (e.g., leveraging the firm’s technology team to develop a custom database to track data sources).’
Ropes & Gray LLP
Ropes & Gray LLP stands out for its comprehensive data, privacy and cybersecurity offering in the US, paired with cross-Atlantic collaboration with the firm’s London-based team, which is particularly appreciated by clients seeking compliance, advisory, enforcement and litigation aspects pertaining to the collection, storage and processing of company and personal data abroad. Standout mandates for the team include work for Wyndham and LabMD relating to regulatory investigations of cybersecurity incidents. Corporate and data transactions complete the group’s offering. Key contacts include practice heads Edward McNicholas and Fran Faircloth, both in Washington DC.
Practice head(s):
Edward McNicholas
Other key lawyers:
Fran Faircloth
Testimonials
‘The firm translates its global expertise into practical advice at a fair price.’
‘Rohan Massey and Ed McNicholas are both experienced practitioners blessed with integrity, judgment, and the ability to provide clear, practical, implementable advice. They are mindful of the impact of billing. And they are a true pleasure to work with.’
‘The Ropes team is the best of the best. The team is hands-on and practical and as subject matter experts, they deliver high-level practical business advice. Their approach is not buried in unnecessary analysis, but instead is to the point and timely in line with updates in the evolving legal landscape. Their dedication is resolute. Whether on longer term projects or immediate needs, they make themselves available to meet client needs, as collaborators and legal expert counselors. They appreciate the need for working with client about bespoke needs and billing procedures. In sum, they are a go-to counsel of choice.’
‘This team is able to take novel concepts involving multi-stakeholder data sharing and analysis and develop a comprehensive partnership agreement that addresses all parties concerns and needs.’
‘Working with Ropes and Grey, and more specifically Fran Faircloth and team, is the combination of experience in the innovative uses for data, the significant research they conduct to fill any knowledge gaps they may have, their customer service – relationally they are a joy to work with.’
‘They have as much, or more, experience in this area as any firm in the country. Their team is professional and prompt in their attention to these time-critical issues.’
‘Edward McNicholas and Fran Faircloth: despite the pressures of other cases, they were always prompt, knowledgeable, and helpful in addressing our issues.’
Key clients
Kevin Thompson / former CEO of SolarWinds
Advocate Aurora Healthcare
Bombas LLC
The Office of the Privacy Commissioner of Canada
Hilton Worldwide
Invesco
Altimeter Growth Corp
New Mountain Capital LLC
eClinicalWorks LLC
TPG Capital LP
Work highlights
- Representing the former CEO of SolarWinds in a variety of state AG, congressional, and federal investigations, as well as securities litigation in Texas, shareholder derivative litigation in Delaware, and negotiations regarding other threatened cases.
- Represented Advocate Aurora Healthcare in purported state class action litigation arising from a data incident at one of its constituent hospitals involving the employees of the hospital.
- Advised New Mountain Capital LLC regarding the acquisition of a cutting-edge advertising technology company.
Seyfarth Shaw LLP
Seyfarth Shaw LLP‘s global privacy and security practice stands out for its expertise in data security and encryption and is highly appreciated for its commercially-savvy advice, deriving from experience in in-house capacities. The team’s ‘strong understanding’ of the needs of security leaders, risk leaders, senior management and directors gains them particular praise. Scott Carlson ‘is skillful and ensures that messaging is effective, yet balanced for key parties involved.’ Carlson is based in Chicago and co-heads the group together with John Tomaszewski in Houston. Jason Priebe and Bart Lazar in Chicago are noted. Richard Lutkus left the firm.
Practice head(s):
Scott Carlson; John Tomaszewski
Other key lawyers:
Jason Priebe; Bart Lazar
Testimonials
‘They have brought a strong understanding of cyber-risk advisory and relevant experience to the forefront in protecting proprietary information, assisting in the interpretation of results, and communicating assessment results in a most effective manner for security leaders, risk leaders, senior management and directors.’
‘Scott Carlson brings his expert knowledge to his work in providing guidance around the execution of engagements, interpretation of results, and communication of results to audiences of different management levels and knowledge. He is skillful and ensures that messaging is effective, yet balanced for key parties involved.’
Sheppard, Mullin, Richter & Hampton LLP
Sheppard, Mullin, Richter & Hampton LLP is ‘excellent’ at handling privacy regulatory compliance and houses ‘some of the top privacy experts in the field’, including practice co-heads Craig Cardon in Century City and Liisa Thomas in Chicago. The team focuses on advising large retailers, among other clients, in relation to data breaches, where New York's Kari Rollins excels, class action and litigation cases, and technology transactions and privacy counseling. Jonathan Meyer is now a general counsel at the Department of Homeland Security.
Practice head(s):
Craig Cardon; Liisa Thomas
Other key lawyers:
Kari Rollins
Testimonials
‘Excellent at privacy regulatory compliance. They have some of the top privacy experts in the field. Have written extensively on the topic with regular updates.’
‘Lawyers are personable, explain topics in practical and understandable terms, and provides practical and actionable guidance to meet regulatory requirements.’
Key clients
Inspire Brands (fka Sonic Drive-In)
Dick’s Sporting Goods, The TJX Companies and Sephora
Williams-Sonoma Inc.
FaceFirst, Inc
FC Dallas
StockX LLC and Stock, Inc.
Arby’s
Papa John’s
Digital Reality Management Services, LLC
Subway
Nestlé Purina PetCare Company
Flanders Corp
ZARA USA
Broder Bros., Co.
Method Products, PBC
NEO Technologies
Work highlights
- Representing in a data breach class action MDL filed by financial institutions that allegedly sustained damages as a result of a 2017 data breach perpetrated against Sonic.
- Represented StockX LLC in securing the dismissal of five consolidated class action lawsuits that were filed against StockX LLC in the aftermath of a 2019 data breach.
- Advising Papa John’s on privacy issues and assisting the company with a variety of compliance projects.
Shook, Hardy & Bacon LLP
Shook, Hardy & Bacon LLP is well known for its incident response, compliance and risk minimization practice, combines with strong capabilities in privacy litigation, whereby an emphasis is put on biometric privacy cases. Based in Miami, practice head Al Saikali is ‘particularly good with helping business, technology, and legal executives prepared to deal with cybersecurity incidents.’ Further team members in Chicago include Melissa Siebert and Matthew Wolfe, who is an expert on BIPA and ‘gives good, direct guidance in that space.’
Practice head(s):
Al Saikali
Other key lawyers:
Melissa Siebert; Matthew Wolfe
Testimonials
‘The lawyers at SHB are very, very cost conscious and drive great value for their clients. They are willing to think globally to try to reduce costs and drive efficiencies in litigation, when possible. Impressive knowledge in pending litigation matters and strategic advice. They keep up on industry trends and have good, broad knowledge on this substantive space. The advice they give is practical and straight-forward.’
‘Al Saikali is a perfect outside counsel to work with. He is funny, engaging and has a great ability to look at issues from the point of view of his clients. On billing issues, he is eminently fair. He is also very good at bringing in team members when it makes sense.’
‘Matthew Wolfe is great at executing against a task. He is good at keeping his client informed and making sure that work is getting done and addressed in a timely fashion. He knows a ton about BIPA and gives good, direct guidance in that space.’
‘Al Saikali and his team have deep expertise on data breach preparedness, mitigation, and response. He has outstanding relationships with his clients and partners – and we trust his and value his experience and expertise. Al is particularly good with helping business, technology, and legal executives prepared to deal with cybersecurity incidents.’
‘Al Saikali and his team of lawyers are pragmatic, experienced, and easy to work with.’
‘This is a firm that produces outstanding work product with competitive rates. They are proactive in keeping clients informed and do terrific work.’
Key clients
Crate&Barrel and CB2
Whirlpool
Biometric Privacy Class Action Lawsuits
Florida Justice Reform Institute
Appgate
GlobeNet
AMN Healthcare
Nextiva
Work highlights
- Represented Crate & Barrel/Whirlpool and achieved dismissals in the first three of more than 45 multimillion dollar class action lawsuits in Florida brought by visitors to websites of companies that use session replay technology.
- Advised Appgate on building a comprehensive privacy compliance program to meet the legal requirements in the multiple jurisdictions in which it operates.
- Advising the Florida Justice Reform Institute to provide background information and testimony to the Florida House of Representatives, Florida Senate, and Florida Governor Ron DeSantis about the potential risks presented by a proposed privacy law.
Venable LLP
Based in Washington DC, Venable LLP distinguishes itself through its engagement in government and regulatory issues, and in particular policy and investigations. Stuart P Ingis co-heads the department and as privacy counsel is especially appreciated by trade associations and coalitions. He is also singled out for being ‘extremely knowledgeable of different industries and the regulatory landscape’. The team is also led by Emilio Cividanes, who has longstanding experience as a privacy lawyer. Reed Freeman Jr is an authority in privacy matters in relation to mobile devices, social media, and connected devices. Julia Kernochan Tama 'is very knowledgeable and always able to provide accurate advice', while Michael Signorelli is ‘fantastic on a whole host of privacy, security, and incident response matters.’ Kelly DeMarchis Bastide is also noted.
Practice head(s):
Emilio Cividanes; Stuart Ingis
Other key lawyers:
Reed Freeman Jr; Julia Kernochan Tama; Michael Signorelli; Kelly DeMarchis Bastide; Grant Schneider; Tara Potashnik; Robert Hartwell;
Testimonials
‘The Venable team is always willing and able to engage on thorny privacy and security concerns, and excels at working through complex questions with their client’s stakeholders. Ability to help make sense of how regulators are thinking about emerging privacy and security issues.’
‘The Venable team is extremely responsive and always willing to make time for their clients no matter the time or day an issue hits. In particular, Mike Signorelli and Milo Cividanes are fantastic partners on a whole host of privacy, security, and incident response matters, and Grant Schneider’s insights and experience have been invaluable to my team as we think through the increasingly complex regulatory landscape.’
‘This is the top firm in privacy and cybersecurity. It has a talented bench of professionals that includes not just senior partners, but also access to the top cybersecurity think tank at the Center for Cybersecurity Policy and Law. Venable has the ability to provide top legal services and also integrate that into a policy and lobbying campaign.’
‘A tremendous knowledge of what is happening behind the scenes in the administration and Congress.’
‘Venable’s team is very knowledgeable in regulatory matters. They understand the business well, and always provide advice tailored to the business. They are also creative, and help you find solutions to difficult issues.’
‘Julia Tama is very knowledgeable, and provides an excellent service. She is always able to provide accurate advice, while also finding creative solutions to difficult issues. Stu Ingis is extremely knowledgeable of different industries and the regulatory landscape.’
‘Stuart Ingis, Emilio Cividanes, Tara Potashnik, Robert Hartwell: each of these individuals are experts on Data Privacy and Data Security. They have a wonderful “can-do” spirit and show a willingness to roll up their sleeves and do the hard work and analysis with us. Robert, in particular, is very helpful and really feels like part of the team!’
Key clients
Privacy for America
Digital Advertising Alliance (DAA)
Self-Driving Coalition for Safer Streets
Partnership for Responsible Addressable Media (PRAM)
Center for Cybersecurity Policy and Law
Comscore
Association of National Advertisers (ANA)
Network Advertising Initiative (NAI)
American Association of Advertising Agency (4A’s)
Interactive Advertising Bureau (IAB)
Early Warning Services
Zscaler
Lidar Coalition
Work highlights
- Advised Privacy for America and engaged in dialogue with Senate and House staff and other regulators to discuss developments advancing comprehensive data privacy legislation in the United States.
- Advising the PPL WG on privacy, legal, policy, and other areas relevant to developing new standards for addressable media across the Internet.
- Acting as counsel to a coalition of advertising trade associations seeking to harmonize data standards that are being rolled out across states.
WilmerHale
WilmerHale has a recognized cybersecurity and privacy practice that stands out for its skills in handling data breaches, its experience with government investigations and regulation and its technical knowledge. Privacy, corporate governance, national security, litigation, and other focus areas all combine and contribute towards the success of the Washington DC-based cyber incidents team, led by Kirk Nahra and Benjamin Powell: Powell advises companies on significant cybersecurity incidents and incident preparedness across multiple sectors, while Nahra’s practice involves implementing the requirements of privacy and data security laws across the country and internationally. Jason Chipman is particularly active in corporate due diligence for transactions involving data security and privacy issues.
Practice head(s):
Benjamin Powell; Kirk Nahra
Other key lawyers:
Jason Chipman
Testimonials
‘The communication and support provided are greatly appreciated. ‘
Winston & Strawn LLP
Winston & Strawn LLP‘s global privacy and data security practice offers counseling in privacy, data protection, data security by design, litigation, trade secret audits, and investigation matters. The team is led by former federal prosecutors Sheryl Falk and Steven Grimes, who sit in Houston and Chicago, respectively, and former federal privacy regulator Alessandra Swanson, also in Chicago. Other key contacts in Chicago include Sean Wieber, who recently stood out for acting in a class action filed under the CCPA’s new private right of action, and associate Eric Shinabarger, who focuses on privacy counseling, data breach response, and regulatory compliance.
Practice head(s):
Sheryl Falk; Steve Grimes; Alessandra Swanson
Testimonials
‘Competency, collaboration, and expert advice that combine to form the basis of exceptional service from a team of subject-matter experts.’
‘Experience to lead clients through the most challenging of global data protection and privacy issues. Better than most in the field.’
‘Client first and foremost.’
Key clients
LandPoint LLC
Sunshine Behavioral Health
Silva International, Inc.
MAAC Machinery Company, Inc.
Work highlights
- Represented LandPoint and employees, defendants in a Trade Secret claim and TRO brought by Plaintiff, Transglobal Services, LLC, in the District Court of Tarrant County, Texas.
- Representing Silva International, Inc. in connection with a BIPA class action in the Circuit Court of Cook County.
- Represented Sunshine Behavioral Health in the nation’s first class action filed under the CCPA’s new private right action in the Central District of California, where plaintiff sought to represent a class of individuals alleging that the client did not adequately protect the personally identifying information of the proposed class members.