Firms To Watch: Cyber law (including data privacy and data protection)

Holland & Knight LLP‘s data strategy, security and privacy group in New York is noted for its recent growth, through the addition of four partners, and for the longstanding experience of its lawyers, including team head Mark Melodia.
Dentons' privacy and cybersecurity is based in Washington DC and Houston and works across the globe on data security incidents, while also advising on compliance with domestic and global regulations.
Based in Washington, DC, Willkie Farr & Gallagher LLP's cybersecurity and privacy team collaborates closely across offices and geographies to provide regulatory and legislative policy and compliance advice, crisis management and incident response, litigation and transaction support, including data transfers.
In New York, Linklaters LLP is highlighted by peers for having formed a solid cyber and privacy team, with Ieuan Jolly and ‘outstanding’ Erez Liebermann as joint co-heads.

Cyber law (including data privacy and data protection) in United States

Akin Gump Strauss Hauer & Feld LLP

Based in San Francisco and Dallas, Akin Gump Strauss Hauer & Feld LLP‘s cybersecurity, privacy and data protection practice particularly stands out for its breadth, and is regularly sought out by companies needing to update their privacy policies in connection to the California Consumer Privacy Act, seeking representation in privacy and cybersecurity disputes, including data breach class actions as well as assistance in government and internal investigations. Regulatory advice and compliance are also strong areas, alongside transactional work. Natasha Kohne in San Francisco is an expert in the retail, health, financial services and energy sectors and co-heads the department together with Michelle Reed in Dallas, who specializes in privacy and security risk assessments and procedures to mitigate privacy and cybersecurity threats. Jo-Ellyn S. Klein is a key contact in Washington DC.

Practice head(s):

Natasha Kohne; Michelle Reed

Other key lawyers:

Jo-Ellyn Sakowitz Klein

Key clients

Altice

Apollo Global Management

Principal and co-founder of BitMEX

BentallGreenOak

CenterPoint Energy

ClearBalance

Eastman Kodak Company

Endava plc

FireEye Inc.

Franciscan Health

Helen of Troy Limited

Hydro Flask

Metro New York

NTT Global Data Centers

RagingWire

Starboard Value Acquisition Corp.

The Vanguard Group

USA Waste-Management Resources, LLC

Vivial

VIZIO

Work highlights

  • Representing Altice USA, Inc. in a putative class action in the Southern District of New York arising from a November 2019 data security incident.
  • Representing ClearBalance in multiple consumer class actions in California state and district courts related to a recent data breach that occurred in March 2021.
  • Representing a national cotton association to assist in the launch of its U.S. Cotton Trust Protocol.

Alston & Bird LLP

Alston & Bird LLP‘s privacy, cyber and data strategy team is highlighted for its cross-border capabilities, recently enhanced through an expansion in Brussels. The Atlanta and Washington DC-based department mainly engages in the implementation of global data protection compliance programs and the analysis of global data privacy laws, as well as forensic investigations and breach-related litigation, including in the healthcare sector. Practice co-heads David Keating and Jim Harvey are based in Atlanta and focus on data protection and GDPR compliance for U.S.-based multinationals, respectively. Cybersecurity attorney Kimberly Peretti is their counterpart in Washington DC. Atlanta-based Senior counsel Peter Swire‘s name is known in connection to the Schrems II case, in which a privacy activist challenged the validity of the European Commission decisions on the transfer of personal data out of the EU pursuant to Standard Contractual Clauses.

Practice head(s):

David Keating; Kimberly Peretti; Jim Harvey

Other key lawyers:

Peter Swire

Key clients

Cross-Border Data Forum

Four Seasons

UPS

T-Mobile

Work highlights

  • Acting as counsel to the Cross Border Data Forum, which publishes about how law enforcement access to evidence should change due to cloud computing and the globalization of criminal evidence.
  • Acting as lead defense counsel to Four Seasons in a consumer class action in California against Four Seasons Hotels Limited following a data breach of a third-party vendor.
  • Advised UPS as lead outside counsel for California Consumer Privacy Act compliance and continue to represent the organization as outside privacy counsel on US and EU data protection matters, including digital privacy, data transfer, and cybersecurity.

BakerHostetler

Baker & Hostetler LLP is well known in the market for having a specialized digital assets and data management group, which particularly stands out in the litigation and class action disputes space, as well as providing a full service around data. The firm particularly stands out in the insurance sector, but the team’s experience also spans to e-commerce platforms, payment service providers, social media players and fintech entities. Incident response, global cybersecurity compliance and tech transactions complete the offering. The practice is led by Theodore Kobus III in New York, whose main clients include Marriott, Abbott and Garmin. Also in New York, associate Nichole Sterling focuses on privacy and data protection, information governance, and emerging technology. In Cincinnati, Craig A. Hoffman is the main contact for security incidents, response preparedness and digital risk advisory work. In May and October 2021, Dallas's Craig Carpenter and Washington DC-based Daniel Kaufman joined the firm from Holland & Knight LLP and the FTC, respectively.

Practice head(s):

Theodore Kobus III

Other key lawyers:

Lynn Sessions; Melinda McLellan; Jeewon Serrato; Craig Hoffman; Nichole Sterling; Craig Carpenter; Daniel Kaufman

Key clients

Mitsubishi

Garmin

Hong Kong Tourism Board

NetJets

Bloomberg

State of Vermont

Bissell

Cyrus One

Silver Car

Hawaii Electric Corporation

BJC Healthcare

The Cleveland Clinic

Health Transformation Alliance (HTA)

Scripps Healthcare

Abbott

Premera Blue Cross

Duke University Health System

Memorial Sloan Kettering Cancer Center

Texas Children’s Hospital

Northwestern Memorial Healthcare

Work highlights

  • Helped companies respond to more than 300 ransomware matters in the past 10 months.

Baker McKenzie LLP

Baker McKenzie LLP‘s data privacy and security team has a large presence in the market and provides advisory assistance in matters and transactions as well as representation during disputes. Crisis management is also a sought out service, especially in relation to data breach incident responses, investigations and cybersecurity matters. Lothar Determann in Palo Alto, Chicago’s Brian Hengesbaugh, and Washington DC-based John Woods share the leadership of the practice. Determann is a recognized data privacy and California privacy law expert; Hengesbaugh particularly stands out for his compliance expertise; while Woods leads investigative and legal response to large cybersecurity incidents and compliance challenges.

Practice head(s):

Lothar Determann; Brian Hengesbaugh; John Woods

Testimonials

They provide worldwide support and understand the constraints businesses pose in structuring compliance programs.’

Buckley LLP

Buckley LLP‘s main focus is the assistance of clients in the financial and fintech industry, in particular in connection to regulation, privacy and information security matters. The Washington DC-based privacy, cyber risk and data security group is co-headed by Elizabeth McGinn, who is also active in New York and is an expert of the New York Department of Financial Services Cybersecurity Regulations as well as security breach notification laws, and Amanda Lawrence, who specializes in litigation, enforcement, and regulatory matters.

Practice head(s):

Elizabeth McGinn; Amanda Lawrence

Testimonials

‘The group has some of the smartest and nicest lawyers one can work with; their events via zoom for non-lawyers are very educational. Beth McGinn is top notch and incredibly responsive, thoughtful, and provides advice that is both practical and efficient.’

Key clients

NYDFS Licensed Mortgage Lenders

Various clients re: general California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) advice

National Football League franchise [New York Jets]

Various clients re: general data security incident responses

General GDPR advice to various financial services clients

Various financial services clients

Trade organization

Financial services company

Financial Services Data Protection Working Group

Winnow Privacy & Cybersecurity module

Work highlights

  • Advised a National Football League franchise, the New York Jets, relating to privacy and data security issues that may arise when handling sensitive consumer payments information.
  • Advised numerous companies on the scope and impact of the CCPA and regarding cyber forensics investigation and vulnerability remediation, cyber insurance, incident response, data breach notification to consumers and regulatory bodies, working with law enforcement, addressing demands in ransomware incidents, and enhancing information security postures to better prevent and mitigate future attacks.
  • Representing financial institutions covered by the New York Department of Financial Services in investigations into compliance with DFS’s cybersecurity regulations.

Cleary Gottlieb Steen & Hamilton LLP

Cleary Gottlieb Steen & Hamilton LLP‘s cybersecurity and privacy practice stands out for representing large technology and financial services companies during investigations and for handling the response to significant multinational cyber and data privacy incidents in financial services, retail, technology, and other industries. The team also includes expert litigators who support clients in data breaches, protection, and privacy disputes, as well as privacy and data transfer aspects of bankruptcies. Jonathan Kolodner and Rahul Mukhi demonstrate ‘deep experience in privacy and cyber issues during their many years as federal prosecutors.’ Daniel Ilan is ‘a premier IT lawyer who has vast experience in assessing merger risk from cybersecurity and privacy issues.’

Other key lawyers:

Jon Kolodner; Rahul Mukhi; Daniel Ilan

Testimonials

‘Cleary’s cyber law practice is unique in their breadth of expertise and global scope. Their tight-knit team is small but diverse – ranging from privacy and cybersecurity expertise related to IP and M&A, GDPR and other international regulatory regimes, and data breach response. They also have multiple litigators with deep trial experience.’

‘Jon Kolodner and Rahul Mukhi built deep experience in privacy and cyber issues during their many years as federal prosecutors. Daniel Ilan is a premier IT lawyer who has vast experience in assessing merger risk from cybersecurity and privacy issues.’

Key clients

Polychain Labs

Google

ZIM

Giorgio Armani Corporation

FullBeauty Brands

Square/Credit Karma

Bear Carlyle

Lowe’s

Hugo Boss

American Express Company

Work highlights

  • Advised Google in connection with the data (including privacy and data security) aspects of its acquisition of multiple companies.
  • Advised American Express Company in the data (including cybersecurity) aspects of American Express Global Business Travel’s agreement to acquire Expedia Group’s corporate travel arm.
  • Acting as U.S. cybersecurity counsel to Lowe’s, including providing ongoing cybersecurity and data privacy advice.

Cooley LLP

Cooley LLP is a solid name in the market for cybersecurity, data and privacy law and its name is linked to the assistance of large companies in the healthtech, education, insurtech, fintech, social media and life sciences sectors. The team’s workload notably includes data protection work on IPOs and privacy class actions in the context of social media. Cross-practice expertise in venture capital and emerging companies is also highly appreciated by clients. In San Francisco, Michael Rhodes acts as global chair and Matthew Brown as vice chair. Vice chairs in other offices are Travis LeBlanc in Washington DC, who has ‘broad experience provides business-focused counsel’ and Denver's David Navetta. In Washington DC, associate Charlie Wood stands out for his privacy and data security litigation practice. In June 2021, Lei Shen joined the Chicago-based team from Mayer Brown LLP.

Practice head(s):

Michael Rhodes

Other key lawyers:

Matthew Brown; Travis LeBlanc; David Navetta; Charlie Wood; Lei Shen

Testimonials

‘Travis LeBlanc and Cooley’s team with broad experience provides business-focused counsel. With sound judgment, they bring maximum value and are open to coordinating with our internal legal team to help us manage spend.’

Key clients

Facebook

Google

WhatsApp

Zoom Video Communications

Chan Zuckerberg Initiative

Uber Technologies

Netflix

Coinbase Global

FabFitFun

Goldman Sachs

Instacart

Grindr

Horizon Therapeutics

Intuit

First Data/Fiserv

Metromile

JP Morgan

Meredith Corporation

Foot Locker

Microsoft Corporation

Work highlights

  • Advised Zoom on reaching a positive non-monetary settlement with the FTC, resolving its high-profile investigation into Zoom’s user privacy and security representations and practices. data.
  • Represented Facebook in the largest privacy class action in US history and the first-ever class action filed under the Illinois Biometric Information Privacy Act.
  • Represented an education tech company in a case concerning a 2018 data breach affecting 40 million user accounts, achieving one of the first and most favorable resolutions in one  large mass arbitrations in US history.

Davis+Gilbert LLP

Privacy and data security in relation to digital media and interactive advertising is at the center of Davis+Gilbert LLP‘s department focus. The New York-based team is managed by Gary Kibel and Richard Eisert  and provides state-wide regulatory advice, including in California on the California Consumer Privacy Act, the Children’s Online Privacy Protection Act (COPPA) and the California Privacy Rights Act (CPRA), among others. Additionally, Kibel leads the team for all breach response matters, while Eisert offers counsel on all aspects of marketing, promoting and selling goods and services. Counsel Oriyan Gitig is also highlighted.

Practice head(s):

Richard Eisert; Gary Kibel

Other key lawyers:

Oriyan Gitig

Key clients

Vistar Media

Tradeswell

Arcspan Media

GPS Trackit

Magellan AI

Forbes

Roofstock

StackAdapt

Actable Data

Ardsley Media

theBalm

Giant Spoon

Work highlights

  • Acted as counsel for numerous clients on how best to conduct CRM retargeting and avoid running afoul of the applicable legal limitations, and how best to allocate risks under agreements with CRM retargeting vendors and platforms.
  • Regularly counseled numerous agencies, advertisers, operators and developers to ensure that their privacy policies, promotions, websites, mobile apps and connected devices comply with COPPA.
  • Advising various clients on the CPRA, CDPA and CPA and the adjustments that they will need to make to ensure their privacy compliance programs are consistent with the new laws.

Debevoise & Plimpton LLP

Debevoise & Plimpton LLP‘s expertise in data strategy and data security is ‘unmatched’. The team stands out for handling complex investigations and privacy incidents, including ransomware attacks. Luke Dembosky in Washington DC focuses on DOJ cyber cases and leads the team alongside New York’s Avi Gesser‘an amazing counselor’ and best known for representing international financial services firms, private equity firms, hedge funds and media organizations throughout cybersecurity incidents and civil lawsuits. Risk assessor Jim Pastore is also noted. Counsel Johanna Skrzypczyk joined the team in April 2021 from the New York Attorney General’s office and focuses on data privacy and consumer fairness. The newly opened San Francisco office, established in late 2021 also has cybersecurity capabilities.

Practice head(s):

Luke Dembosky; Avi Gesser

Other key lawyers:

Jim Pastore; Johanna Skrzypczyk

Testimonials

‘The expertise of the lawyers at Debevoise is unmatched. They have some of the most experienced lawyers in the trade.’

‘Luke Dembosky is simply a brilliant, dedicated, extremely talented and yet humble individual. He is a pleasure to work with.’

‘Avi Gesser is an amazing counselor who is able to apply his expertise to provide practical advice addressing the commercial and fiduciary concerns of management responding to a cybersecurity breach.’

‘Robert Maddox is a rising star; Luke Dembosky is fantastic – his experience untouchable.’

Key clients

American Express

Bloomberg L.P.

Capital One

Deloitte

GoDaddy

Morgan Stanley/E*Trade

National Basketball Association

Prudential Financial

Robinhood

Spirit Airlines

SolarWinds

S&P Global

Warner Music Group

WPP Group

Work highlights

  • Co-representing SolarWinds in connection with the high-profile nation state cyberattack that impacted the company’s Orion products and internal systems that the company disclosed in December 2020.
  • Representing a payment services group against a putative class action complaint filed in the Northern District of California alleging violations of the California Consumer Privacy Act and related claims resulting from a data breach that may have exposed customer data.

Dechert LLP

Dechert LLP is able to attract high-profile clients dealing with significant data breaches and cyber-attacks as well as those seeking strategic advice especially in connection to M&A, financings and commercial transactions due diligence. Brenda Sharton and Karen Neuman head up the practice from Boston and Washington DC; respectively. Sharton is praised as ‘a fantastic partner to any business’ and an expert litigator, arbitrator and often acts on civil government, regulatory and enforcement matters. Neuman specializes, among other matters, in the collection, use, processing and protection of consumer and employee data. Associate Hilary Bonaccorsi in Boston is highlighted for her knowledge of global privacy and cybersecurity laws and frameworks.

Practice head(s):

Brenda Sharton; Karen Neuman

Other key lawyers:

Hilary Bonaccorsi; Timothy Blank

Testimonials

‘The lawyers are extremely knowledgeable on US as well as international laws and the application thereof; are incredibly responsive; are able to present business friendly advice to difficult problems; and have a deep breath of legal experience in the industry.’

‘Hilary Bonaccorsi and Timothy Blank are top-notch lawyers, with expertise on current legal issues, proactive and business-friendly in their advice, super responsive and have a great understanding of the needs of the business and how to seamlessly integrate legal requirements.’

‘Brenda Sharton and the entire Dechert cyber/privacy team is amazing and easy to work with. They are available 24/7, very responsive, and consistently offer insightful and practical guidance. Easy billing arrangements ensure one can tap Dechert’s expertise on minor matters without fear of being nickel-and-dimed.’

‘Brenda Sharton is a fantastic partner to any business. Her experience, pragmatism, and calm have served well for years. Unlike partners at other firms, Brenda genuinely cares about her clients and sees us as more than just a source of billable hours. Colleen Hespeler has been wonderful to work with as well.’

Key clients

Flo Health, Inc.

Moderna, Inc.

Global, Multi-Billion Dollar, Public Transportation Company

Pearson, plc

Macy’s, Inc.

Cano Health, Inc.

Work highlights

  • Represented Flo Health in the high-profile FTC settlement relating to its data sharing practice.
  • Represented Moderna in connection with the publicized European Medicines Agency (“EMA”) data breach of Covid-19 vaccine information.
  • Representing Macy’s in a purported class action litigation in the aftermath of a data breach in October of 2019, involving malware that captured credit card information for retail customers.

DLA Piper LLP (US)

DLA Piper LLP (US) provides global advice across the whole spectrum of breaches, due diligence, privacy litigation, multi-jurisdictional compliance and enforcement matters. San Diego-based Andrew B Serwin leads the team and recently stood out for acting as lead incident response counsel to SolarWinds in their global cybersecurity incident. In Miami, Carol Umhoefer is known for her knowledge of music compliance. Kate Lucente in Seattle advises client on privacy, cybersecurity, data retention and is a specialist of several data protection compliance regimes. The team’s data breaches capability was recently expanded with the arrival in San Diego of partner Justine Phillips, who joined in October 2021 from Sheppard, Mullin, Richter & Hampton LLP. Jim Halpert departed for a position at the Office of the National Cyber Director.

Practice head(s):

Andrew B Serwin

Other key lawyers:

Carol Umhoefer; Kate Lucente; Justine Phillips; Chelsea Staskiewicz

Testimonials

‘Value the depth and breadth of the cyber team with the addition of Justine Phillips and her group.’

‘Justine Phillips and Chelsea Staskiewicz are engaging, intelligent, super responsive, available at all hours of the day, days of the week. Able to quickly get to the bottom of issues, amazing connectivity with a network of wonderful service providers. Wonderful ability to explain complex issues to non-cyber folks’

Key clients

SolarWinds

Visa

State Privacy & Security Coalition

ZeniMax Media, Inc.

MyLife

Southern California Edison

Clorox

CVS/Aetna

Broadridge Financial Solutions, Inc.

AuthenticID

Work highlights

  • Advising SolarWinds in a lead incident response in the global cybersecurity incident that gained worldwide attention.
  • Advising Visa on cyber and privacy issues, including performing diligence on a number of transactions in the FinTech space, including the attempted acquisition of Plaid and the planned acquisition of Tink, both cutting-edge emerging tech companies.
  • Representing a highly effective coalition of 30 communications, media, technology, financial services, health care, automotive and tax preparation companies, played a key role helping to draft the 3 multi-right privacy laws that passed in the US this year.

Eversheds Sutherland

In Washington DC, Eversheds Sutherland‘s cybersecurity and data privacy team advises prominent corporations around the world in numerous industry sectors, notably technology, financial services, healthcare and TMT on a broad spectrum of privacy and data security matters. Leveraging its global practice, the firm specializes in federal and international compliance frameworks and cross-border data transfers, while also excelling in data breach response, litigation and crisis management. Practice head Michael Baharis a standout practitioner’ with extensive knowledge of the sector and experience as a former deputy legal advisor to the National Security Council at the White House.

Practice head(s):

Michael Bahar

Testimonials

‘Michael Bahar is a standout practitioner. Lots of knowledge and marshals a strong team around him. An incredibly hard worker, he is very strategic in his approach to solving problems.’

‘The cyber team offers personal service and follow through. They assist in getting at an answer and do an amazing job.’

Work highlights

  • Represented a global retailer to assist them with privacy and cybersecurity matters in the US and internationally, including helping them with the investigation and analysis of being a victim of data theft to ascertain its reporting and notification responsibilities for customers potentially affected in 38 countries.

Fenwick & West LLP

Fenwick & West LLP is known for representing technology and life sciences companies. Its privacy and cybersecurity team, led by San Francisco-based Tyler Newby, is particularly sought out by leading pharma, biotech and clinical research companies seeking help with digital health and pharma matters, including health analytics, global compliance and data breaches. Finance, gaming and consumer products are also key sectors. Class action litigation and M&A advice complete the offering.

Practice head(s):

Tyler Newby

Key clients

InMobi

Rivian

Coinbase

Cisco

Applovin

Align

Otsuka

Hill International

Transatlantic Reinsurance

CLS Behring

Wayfair

Supercell

Roblox

Instacart

Imperva

Work highlights

  • Advising InMobi, based in India, to enhance and further develop it privacy program controls and AdTech compliance under the CCPA, the Interactive Advertising Bureau (IAB) standards and other industry guidelines.
  • Advised Coinbase in putting in place key privacy and security policies and procedures, M&A, cyber-attack prevention, incident response and global compliance.
  • Advised Rivian to help define its privacy and data sharing practices for its products and services and build a global privacy program.

Gibson, Dunn & Crutcher LLP

Gibson, Dunn & Crutcher LLP‘s privacy, cybersecurity and data innovation department receives praise from the market for the breadth of matters it handles, spanning from regulatory scrutiny, litigation, and law enforcement, and for its remarkable client portfolio, which includes names of the caliber of Facebook, Tencent, Cartoon Network and the New York Times, among others. Technology, advertising and privacy litigation are particular strengths of the team, which is also highlighted for its internal investigation expertise, derived from the presence of lawyers in the team who are former cyber-crime prosecutors. In New York, Alexander Southwell co-chairs the group and is a member, among others, of the white collar defense and investigation practice. His counterpart is Ashlie Beringer in Palo Alto,  who focuses on defending technology companies in global regulatory and litigation matters. Eric Vandevelde   and Ashley Rogers are also key members of the team.

Practice head(s):

Ashlie Beringer; Alexander Southwell

Key clients

Coinbase

Meta/Facebook

Tencent

New York Times

Cartoon Network

NCTA

Xandr

Binance

Work highlights

    Goodwin

    Goodwin‘s data, privacy and cybersecurity team is known for assisting clients in the design and implementation of data-driven products and the protection of privacy rights, and during transactions and related agreements. Incident preparedness and response are also at the center of the offering, as are litigation and investigation matters. In October 2021, former vice president and chief knowledge officer at the IAPP Omer Tene joined the firm as partner and is now the firm’s Boston-based practice head alongside his New York counterpart Boris Segalis. In the same locations are, respectively, David Kantrowitz and Jacqueline Klosek, former counsels both promoted to partner in October 2021. Kantowitz received praise for being ‘patient and effective at delivering both good and bad news’ and was described as ‘a top-notch strategic thinker.’ 

    Practice head(s):

    Boris Segalis; Omer Tene

    Other key lawyers:

    David Kantrowitz; Jacqueline Klosek

    Testimonials

    ‘Goodwin has assembled a very strong team that includes diverse background experience, from policy experts from IAPP, to those with in-house experience, and partners who have been practicing privacy at a firm for decades. This enables them to have a very good grasp of both where the winds are blowing, but also practically how companies can implement and interpret various requirements that on their face seem daunting.’

    ‘They have a relaxed and less stodgy approach that makes it easy to engage them and sort out the path of least resistance to getting the needed guidance or work product. Their flexibility helps to save money, because a quick call with the right internal players is enough to satisfy clients’ needs without having to document formal opinions/guidance. However, in the cases where one needs work product, their responses are comprehensive and prompt.’

    ‘Responsive, collaborative.’

    ‘David Kantowitz is patient and effective at delivering both good and bad news. A top-notch strategic thinker who really boosts clients’ confidence.’

    Key clients

    Binance.US

    BitSight

    CLEAR

    Hopin

    Lucid Motors

    Metropolitan Transit Authority

    Paperless Post

    ZoomInfo

    Work highlights

      Hogan Lovells US LLP

      Hogan Lovells US LLP‘s privacy and cybersecurity practices stretches across the Atlantic and is led in the US by Washington DC-based Scott Loughlin. Such global integration, involving Hong Kong and Beijing, is an asset for the team, especially when advising on global privacy and cybersecurity matters and regulations. Compliance with the CCPA, HIPAA and GDPR are a significant part of the firm’s offering, as is the advice in connection to M&A and joint ventures in the healthcare sector. Mark Brennan and Brett Cohen are involved in a matter for Google and are providing advice in connection to cybersecurity and law enforcement surveillance and social media regulation, among other areas, and representing it in class actions. Marcy Wilder, Harriet Pearson and Paul Otto are other key names.

      Practice head(s):

      Scott Loughlin

      Other key lawyers:

      Mark Brennan; Brett Cohen; Marcy Wilder; Harriet Pearson; Paul Otto; Peter Marta; Michelle Kisloff

      Testimonials

      ‘The Hogan Lovells privacy and data security practice group has extensive expertise and knowledge of global privacy/security laws, and a robust team with many experts globally that can be relied on to provide clients with deep knowledge and excellent work product.’

      ‘Scott Loughlin is an exceptional privacy partner with expertise in regulatory, compliance and transactional matters. His ability to quickly assess an issue from a legal perspective, and translate that to practice business advice and recommendations, is extremely valuable both within the firm and to clients.’

      ‘Knowledgeable, responsive, and aware of business concerns and issues’

      ‘Michelle Kisloff is a thoughtful, experienced and relentless advocate. Able to understand and appreciate the business context necessary to deliver effective advice. Nathan Salminen is a smart, thoughtful lawyer who helps navigate complex situations calmly and carefully.’

      ‘Peter Marta is an exceptional legal advisor. For any company facing a data breach, he should be your first call. Peter has deep knowledge of the financial services regulatory environment and has handled countless cyber-incidents. Peter stands out for his calm demeanor, ability to communicate risk to senior management, contacts at law enforcement, and understanding of the cyber-threat environment.’

      Key clients

      Unum

      Equifax, Inc.

      Google LLC

      Salesforce

      Peloton Interactive, Inc.

      Fox Corporation

      Anthem, Inc.

      Advance Publications, Inc.

      Globe Life, Inc.

      Foundation Medicine, Inc.

      Exact Sciences Corporation

      Otsuka

      Truveta, Inc.

      Work highlights

      • Advised Unum in response to a data security incident and the New York Department of Financial Services’s investigation into that incident.
      • Advising Equifax on a consumer data breach announced by the company in September 2017 – one of the largest and highest profile breaches in U.S. history, affecting approximately 147 million consumers.
      • Advising Google’s global government affairs and public policy, legal, and product teams on a broad range of key data privacy, cybersecurity, technology, digital services, and Internet policy matters.

      Hunton Andrews Kurth LLP

      Hunton Andrews Kurth LLP is widely recognized as a cybersecurity law leader, specializing in complex cybersecurity and data breach events. Recently, the New York-based department has been particularly active advising clients in data breach preparedness, data transfer strategies post-Schrems II and defending major businesses against claims with respect to the CCPA. The practice is led by Lisa J. Sotto, who is also known for her role as chair of the US Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. The team includes Aaron Simpson, who has an established EU data protection practice and provides ‘exceptional commercial perspective and insight.’ Brittany Bacon advises large, multinational companies on large cybersecurity incidents. Associate Danielle Dobrusin has a name as CCPA and CPRA expert.

      Practice head(s):

      Lisa Sotto

      Other key lawyers:

      Aaron Simpson; Brittany Bacon; Danielle Dobrusin

      Testimonials

      ‘Highly skilled and commercial perspectives with quick attention.’

      ‘Aaron Simpson has exceptional commercial perspective and insight.’

      Key clients

      Cybereason Inc.

      Google Inc.

      Herbalife International of America Inc.

      iHerb

      Kering

      MUFG Union Bank

      Primo Water Corp.

      Silver Lake Technology Management, L.L.C.

      TJX Companies, Inc.

      TPG Global, LLC

      Cybereason Inc.

      Google Inc.

      Herbalife International of America Inc.

      iHerb

      Kering

      MUFG Union Bank

      Primo Water Corp.

      Silver Lake Technology Management, L.L.C.

      TJX Companies, Inc.

      TPG Global, LLC

      Work highlights

      • Providing global privacy and cybersecurity advice to Kering Americas.
      • Advising Silver Lake Technology Management, L.L.C on global privacy and data issues.
      • Advising TJX Companies, Inc on global privacy and data issues.

      Jones Day

      Jones Day‘s ‘cutting-edge’ cybersecurity, privacy and data protection practice ‘can’t be recommended highly enough.’ The globally integrated team is particularly known for its international cyber incident response and forensic investigations capabilities and its ‘exceptionally skilled attorneys.’ Daniel McLoon and Lisa Ropple in Boston jointly lead the group, specializing in consumer class action defense and global cyber incidents, respectively. In Irvine, Edward Chang, who focuses on privacy litigation and regulatory compliance, and cybersecurity expert John Vogt are described as ‘the best in the business’.

      Practice head(s):

      Daniel McLoon; Lisa Ropple

      Other key lawyers:

      Edward Chang; John Vogt; Richard Grabowski

      Testimonials

      ‘Cutting-edge practice with partners and associates skilled at providing fast and practical advice on compliance with an ever-changing slate of privacy laws and regulations. Jones Day is a trusted external advisor for significant and complicated legal matters and can’t be recommended highly enough.’

      ‘Richard Grabowski, Edward Chang and John Vogt are the best in the business. Exceptionally skilled attorneys, highly valued by legal and business teams for their advice and counsel on sophisticated cybersecurity, privacy and data regulatory matters.’

      Key clients

      Internet Corporation of Assigned Names and Numbers (ICANN)

      Allies Against Slavery

      Experian Information Solutions, Inc.

      Lower My Bills

      Kelley Drye & Warren LLP

      Clients turn to Kelley Drye & Warren LLP‘s privacy and information security practice for its ability to obtain termination of investigations by government agencies on matters involving consumer data and technology practices. The team focuses on compliance, including to the GDPR and CCPA, privacy and data protection disputes, which are led by litigation co-head Lauri Mazzuchetti from New Jersey, and advertising law. Practice head Alysa Hutnik, based in Washington DC, is particularly strong in the latter area as well as antitrust and consumer protection. In late 2021, Laura VanDruff and Jessica Rich, both with experience working at the FTC, joined the Washington DC team. 

      Practice head(s):

      Alysa Hutnik

      Other key lawyers:

      Lauri Mazzuchetti; Laura VanDruff; Jessica Rich

      Testimonials

      ‘The team has a depth of experience across industries that is hard to beat. They also communicate in real, practical terms that both we in legal and the business teams find extremely helpful. They are also great at identifying potential issues, and because of their depth of experience, always anticipate executive’s questions and help them understand the situation. Kelley Drye also maintains a billing dashboard where clients can view updated bill information as it’s coming in, so if there are concerns on cost or budget they can immediately weigh in where they’re at.’

      ‘Overall the team is fantastic for all privacy, advertising, and more and more regulatory matters. The team is universally responsive, and they know our business well in order to give advice that is not only legally correct, but also practical, smart and efficient. Their rates are also very reasonable, and they work with us on billing concerns.’

      ‘Alysa Hutnik -depth of experience, longtime practitioner in this space – she has seen the regulations and laws from the beginning and their evolution. Also understands our business well and can cut right to the chase instead of driving up cost and actually meaningfully take work off our internal team’s plate. Her billing rate is also extremely reasonable, especially compared to other big firms. She’s smart, practical, easy to work with, and also extremely responsive.’

      ‘Laura VanDruff  is extremely smart, practical, and reasonable. Her long experience at the FTC gives her unique insight, especially into the issues of customer harm that is extremely valuable.’

      ‘Lauren Myers – very knowledgeable and responsive.’

      Key clients

      Walt Disney Company

      Instacart

      Kohl’s Department Stores

      LendingTree

      Imax Corp.

      AmeriFactors Financial Group, LLC

      Keurig Dr Pepper

      Dollar Shave Club

      DISH Network LLC

      Five9

      Work highlights

      • Assisting the Walt Disney Company with numerous verticals to help design and implement a CCPA compliance program for the company across the enterprise.
      • Assisted Keurig Dr Pepper to help them establish their CCPA compliance program, including by designing and implementing their privacy rights process, privacy notices, data governance controls, vendor risk assessment, and advising on digital advertising compliance.

      King & Spalding LLP

      King & Spalding LLP has global data protection, crisis management and response, and litigation capacities. Particularly outstanding is the firm’s data breach class action litigation practice and its knowledge of the finance sector. Phyllis Sumner in Atlanta co-heads the team and has notably acted as lead counsel for Equifax during 2021 in its response to its high-profile data breach. Her counterparts are David Balser, also in Atlanta, and Zachary Fardon in Chicago. Washington DC-based Robert Hudock is appreciated for his experience in the technical aspects of data breaches. Scott Ferber left the firm in July 2021. Natasha Moffitt is now retired.

      Practice head(s):

      Phyllis Sumner; David Balser; Zach Fardon

      Other key lawyers:

      Robert Hudock

      Testimonials

      ‘Phyllis Sumner leads a top-notch team with deep experience in the full spectrum of data privacy issues, from risk assessment and planning to incident response and representation in investigations and lawsuits.’

      ‘Phyllis Sumner is at the top of the profession in this area.’

      Key clients

      Capital One

      The Home Depot, Inc.

      Equifax, Inc.

      SolarWinds

      Lyft

      Hims & Hers Health

      Eaze

      Deloitte Consulting

      National Western Life Insurance

      The Gap, Inc.

      Work highlights

      • Representing Capital One in over 60 consumer class actions filed in federal courts throughout the country arising from the data breach incident that Capital One announced in July 2019 involving the compromise of personal information of 98 million customers in the United States.
      • Representing Home Depot in a putative nationwide class action filed against various retailers and other defendants, alleging violations of the California Consumer Privacy Act (“CCPA”) and California’s Unfair Competition Law (“UCL”), as well as claims for invasion of privacy and unjust enrichment, relating the use of a third-party vendor for fraud mitigation services.
      • Represented Home Depot in a putative Florida class action, alleging violations of the Florida Security of Communications Act (“FSCA”), as well as a claim for invasion of privacy, relating to the use of session replay technology for website optimization services.

      Latham & Watkins LLP

      Latham & Watkins LLP receives high praise for its media, technology and telecoms practice. The team is known for assisting high profile tech companies including Facebook in non-US regulatory investigations and related disputes, Accellion in several class action lawsuits, and Zynga, Inc. in a significant data breach. Based in San Francisco, Michael Rubin heads up the team and stands out for his assistance of global technology companies in data crises matters. In Washington DC, Jennifer Archie is an expert defending clients in Federal Trade Commission, Department of Health and Human Services, and state attorney general investigations. Serrin Turner in New York is also an experienced trial lawyer. Antony Kim in Washington DC is ‘very knowledgeable in the area of cyber law, and is able to apply that knowledge to get clients to quick decision points.’ EU and US-qualified Robert Blamires in San Francisco has significant cross-border experience. Also in DC, Marissa Boynton was promoted to partner in mid-2022.

      Practice head(s):

      Jennifer Archie; Antony Kim; Michael Rubin; Serrin Turner

      Other key lawyers:

      Robert Blamires; Serrin Turner; Marissa Boynton; Mark Mester

      Testimonials

      ‘Tony Kim is the most pragmatic and efficient lawyer. Outstanding client service, timely delivery, expert guidance – what more do you want?’

      ‘Antony Kim is very knowledgeable in the area of cyber law, and is able to apply that knowledge to get clients to quick decision points. He is also willing and able to assist in many different areas of cyber law, which is different from other large firms that shuffle a client to different specialists within the firm. Tony has gotten several very good results in significant matters.’

      ‘Mark Mester’s knowledge of complex commercial class action litigation and experience permitted us to obtain a very good result in a complex and significant case.’

      ‘Jennifer Archie is great at getting to the heart of cyber law issues to assist the client to make quick decisions.’

      Key clients

      Facebook, Inc.

      Accellion

      Omni Agent Solutions, Inc.

      Intuit

      Zynga, Inc.

      Varsity Brands

      Airbnb, Inc.

      Slack Technologies, Inc.

      Vivid Seats

      The Carlyle Group

      Bain Capital

      KKR & Co, Inc.

      Loeb & Loeb LLP

      At Loeb & Loeb LLP in New York, James Taylor acts as head of the advanced media and technology practice, which comprises the privacy, security and data innovations group. The team is co-led by Jessica Lee and recent addition Tanya Forsheit, who joined in September 2021 from Frankfurt Kurnit Klein & Selz PC and is based in Los Angeles. Lee oversees clients launching, marketing and monetizing their digital products and content.  Forsheit is a privacy and data security lawyer with longstanding experience in interest-based advertising, privacy policies, mobile apps, cloud computing, smart devices, and data analytics.

      Practice head(s):

      James Taylor; Jessica Lee; Tanya Forsheit

      Key clients

      Comcast Cable Communications

      Toyota Motor North America

      Tyler “Ninja” Blevins

      NBCUniversal Media LLC

      Comcast Cable Communications

      Comcast Cable Communications

      Toyota Motor North America

      Tyler “Ninja” Blevins

      NBCUniversal Media LLC

      Comcast Cable Communications

      Manatt, Phelps & Phillips, LLP

      Manatt, Phelps & Phillips, LLP‘s strengths lie in the corporate data and legal and operational risk space. The offering spans from proactive and reactive cybersecurity to data privacy matters across all sectors but focusing on technology, finance and healthcare. Donna Wilson in Los Angeles and Scott Lashway in Boston co-lead the department. Wilson is appreciated for her crisis management and business strategy skills. Lashway handles privacy and data security-related disputes and incident response investigations. Orange County-based Brandon Reilly and Washington DC's Kaylee Cox Bankston are highlighted.

      Practice head(s):

      Donna Wilson; Scott Lashway

      Testimonials

      ‘The team provides practical advice along with spot-on legal advice.’

      ‘Besides being responsive, generous with his time and a joy to work with, Scott Lashway has a unique specialty re privacy and cybersecurity.’

      Key clients

      Ann & Robert H. Lurie Children’s Hospital

      Benefis Health System, Inc.

      CVS Health Corporation

      Luna Grill Restaurants

      Shopify

      BMO Harris Bank, N.A.

      MassMutual Financial Group

      New York eHealth Collaborative

      Work highlights

      • Represented Ann & Robert H. Lurie Children’s Hospital of Chicago in Jane Doe and Baby Doe v. Ann & Robert H. Lurie Children’s Hospital of Chicago.
      • Representing BMO Harris Bank, N.A., in a single plaintiff action involving allegations that senior bank employees accessed and transferred data without authorization in connection with personal matters.
      • Representing the New York eHealth Collaborative (NYeC), a non-profit that helps govern public health information exchanges in New York State, regarding policies and procedures, and compliance with new regulatory requirements, such as the federal information blocking rules.

      Mayer Brown

      Mayer Brown is highlighted for its international capability to act on matters involving cybersecurity threats and global data privacy regulation and developments, including the European Union’s GDPR and the CCPA. Transnational cyber incidents, global data breaches, class actions against technology companies, and autonomous vehicle security issues all belong to the team’s areas of expertise. The department is jointly headed up by Washington DC-based Rajesh De, who ‘has significant high-level government experience’  and provides ‘direct, clear and practical’ advice. Cyber-extortion expert David Simon, also in DC, is further noted. Lei Shen left the firm in June 2021, while the March 2022 arrival of co-head Dominique Shelton Leipzig to the Los Angeles office from Perkins Coie LLP was a significant boost to the firm’s global data and adtech capabilities.

      Practice head(s):

      Rajesh De; Dominique Shelton Leipzig

      Other key lawyers:

      David Simon

      Testimonials

      ‘The work is timely, skillful, and demonstrates good judgment and an awareness of business needs, not just legal requirements.’

      ‘Exceptional level of knowledge, experience and expertise.’

      ‘The Mayer Brown team brings significant practical experience in government oversight and regulation as well as support for companies proactively addressing cyber and data protection issues and dealing with incidents and their aftermath. When they advise clients, they are calling on real experience, and this matters. There are firms that are building practice groups in this area who don’t have this substantial government and private sector experience.’

      ‘Raj De has significant high-level government experience and practical experience guiding companies through the minefields in this area of law. His advice is direct, clear, practical. David Simon is an excellent thought partner and advisor with real experience in the trenches helping clients avoid or solve problems in cybersecurity and data protection. He listens to clients, asks the right questions, and gives targeted advice we can implement–all of which gives clients great confidence.’

      Key clients

      Shutterfly

      General Motors

      Hallmark

      The Carlyle Group

      Hyundai Motor America

      Gryphon Investors

      United Nations

      Work highlights

      • Representing Shutterfly in a case alleging violations of the Biometric Information Privacy Act
      • Representing General Motors in its defense of a putative class action, which invokes state wiretap laws to attack GM’s routine collection using session replay technology of non-substantive, anonymized “mouse clicks” and “keystrokes” for the purpose of improving how their websites function.
      • Advising The Carlyle Group, one of the world’s largest and most diversified global investment firms, on a broad range of cybersecurity issues.

      McDermott Will & Emery LLP

      McDermott Will & Emery LLP works with clients on cybersecurity compliance matters and in the planning of incident response plans. The firm’s worldwide network guarantees competent advice in connection to global regulation frameworks, including CCPA, CPRA, GDPR and regarding international data transfers post-Schrems II. Health data privacy lawyers Ed Zacharias in Boston and Daniel Gottlieb in Chicago, Los Angeles-based cybersecurity and video game technology expert Michael Morgan , and Todd McClelland in Atlanta, who specializes in tech transactions and breach response, jointly lead the team. Jiayan Chen in Washington DC ‘is a rock-star lawyer', while Chicago's Ryan Higgins provides practical, concise constructive and extremely helpful advice.’

      Practice head(s):

      Michael Morgan; Todd McClelland; Ed Zacharias; Daniel Gottlieb

      Other key lawyers:

      Jiayan Chen; Ryan Higgins

      Testimonials

      ‘The team proactively reaches out to educate clients and appears to have a deep bench who can address relevant questions across diverse topic areas.’

      ‘MWE is extremely professional, organized, diligent, and responsive. They are always available to help and provide practical and to-the-point guidance. They are also thought leaders, and prepare excellent webinars and other written materials. They listen well and prepare work product that is closely tailored to the client’s request.’

      ‘Jiayan Chen is a rock-star lawyer. She is highly competent, professional, engaged, and just an absolute pleasure to work with. She listens well, asks great questions, digs into important details, has command of the healthcare privacy landscape, and prepares outstanding work product. Ryan Higgins provides practice and concise advice. His responses and advice are always constructive and extremely helpful. He is calm and thoughtful and highly professional.’

      ‘This team is very technology savvy and therefore provides business oriented solutions that work in practice.’

      ‘Todd McClelland has a special way of treating clients, always kind yet very professional and always focused on the best result for the client.’

      Key clients

      Vistar Media

      Tradeswell

      Arcspan Media

      GPS Trackit

      Magellan AI

      Forbes

      Roofstock

      StackAdapt

      Actable Data

      Ardsley Media

      theBalm

      Giant Spoon

      American Society of Clinical Oncology (ASCO)

      American Urological Association

      Athenahealth

      Charles Schwab & Co. Inc.

      Ciox Health

      CoStar

      Google

      Invitae

      iRhythm

      Modernizing Medicine

      Nuance Communications, Inc.

      Premier Inc.

      Shell New Energies US LLC

      Start.io

      Viz.Ai

      Voluntis SA

      Zocdoc

      Work highlights

      • Assisting numerous clients on how best to conduct CRM retargeting and avoid running afoul of the applicable legal limitations and how best to allocate risks under agreements with CRM retargeting vendors and platforms.
      • Advising numerous agencies, advertisers, operators and developers to ensure that their privacy policies, promotions, websites, mobile apps and connected devices comply with COPPA.
      • Assisting numerous clients monitoring and understanding of the potential impact of the various new state laws that will come into effect in 2023 including the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (CDPA) and the Colorado Privacy Act (CPA).

      McGuireWoods LLP

      Based in Tysons, Andrew Konia manages the data privacy and security offering at McGuireWoods LLP, and is an expert in supporting clients during investigations, data breaches and tech sector M&A, with a particular emphasis on the telecoms sector. Janet Peyton in Richmond, Pittsburgh's Anne Peterson and Rodger Heaton in Chicago are further key names in the team. Emily Voorheis left for an in-house role in early 2021.

      Practice head(s):

      Andrew Konia

      Other key lawyers:

      Janet Peyton; Rodger Heaton; Anne Peterson

      Testimonials

      ‘The McGuire Woods team provides incredible knowledge, communication and counsel. Their uniqueness comes from the combination of their knowledge and their ability to provide a clear path forward for their clients in a time of considerable concern. The team is exceedingly clear in what the client’s obligations are and what they must do to ensure a proper response to a data issue. In a room full of lawyers and interests, McGuire Woods is the clearest, smartest and most important voice. A client cannot ask for more.’

      ‘Anne Peterson not only knows her stuff but listens to and understands her clients’ concerns before providing counsel. When done discussing an issue with Anne you are left understanding the issue and the path forward which leads to a confidence in your situation that you did not have initially. There is incredible value in that and it’s unique.’

      ‘Top notch knowledge and expertise but also delivered in a way that breaks complexity down and conveys complex legal advice in a way that is easy for non-lawyer clients to understand. The team’s capabilities were phenomenal and really showed a depth of practical experience that allowed them to promote efficient, effective and pragmatic solutions. Very impressive.’

      ‘Service that went above and beyond. During “crises” they were able to move swiftly. They also made an effort to understand the clients’ risk-appetite and their perspective on issues of concern. They don’t simply advise – they provide context-specific guidance.’

      Morgan, Lewis & Bockius LLP

      Among Morgan, Lewis & Bockius LLP‘s sector specialisms, data security incident consumer class actions stand out. Notably, a team led by practice co-head Gregory Parks in Philadelphia assisted the Hudson’s Bay Company in a series of class actions arising from a data incident involving payment card information. Class actions relating to the improper use of cookies, CCPA and GDPR matters are also at the heart of the practice, which includes San Francisco-based Reece Hirsch and Mark Krotoski in Silicon Valley as key names.

      Practice head(s):

      Reece Hirsch; Gregory Parks; Mark Krotoski

      Testimonials

      Gregory Parks is hands down the best attorney we have ever worked with. He is responsive, understands the business urgency and gets us exactly what we need from him. He also is fast to connect us to other teams for different subject areas.’

      Key clients

      Hudson’s Bay Co.

      Miklos Daniel Brody

      Xperi

      Center for Workplace Compliance

      Work highlights

      • Representing Hudson’s Bay Co. (HBC) in all class actions arising from its recent data incident involving Saks Fifth Avenue and Lord & Taylor, two of the brand banners that HBC owns.
      • Acting as lead counsel to an American chain of convenience stores and gas stations for incident response litigation of 30 class actions filed by consumers, financial institutions and employees, Attorneys General, and other regulator inquiries, and card-brand investigations in an incident reportedly involving more than 30 million payment cards.
      • Representing the Center for Workplace Compliance in a civil copyright infringement and Computer Fraud and Abuse Act (CFAA) case against Littler Mendelson.

      Morrison & Foerster LLP

      Morrison Foerster is particularly well-known for guiding high-profile clients in their response to disruptive data breaches, disputes and compliance. Among the firm’s notable work includes acting as breach counsel to FireEye/Mandiant in the SolarWinds supply-chain compromise, alongside representing other major clients before federal regulators and in other inquiries, class actions and investigations. Highly recognized Miriam Wugmeister acts as global co-chair in New York. Julie O’Neill, who divides their time between Boston and Washington DC, is a privacy and consumer protection law expert. Purvi Patel in Los Angeles has a niche expertise in businesses’ collection of personal information. Christine Lyon  left the firm in August 2021. New York’s Kristen Mathews is ‘by far the most knowledgeable data privacy and data protection lawyer one can work with’, demonstrating ‘leading expertise’ in the full spectrum of privacy, data protection, and cybersecurity law. DC-based counsel Melissa Crespo is also highlighted.

      Practice head(s):

      Miriam Wugmeister

      Other key lawyers:

      Julie O’Neill; Purvi Patel; Kristen Mathews; Melissa Crespo

      Testimonials

      ‘Kristen Mathews’s knowledge of the law exceeds that of any data privacy or data protection expert. She is able to draft complex consent forms, privacy policies, and data protection addendums within days. She is extremely responsive, yet her work was at the same time extremely thorough. She collaborates deftly with lawyers around the world, helping clients to adapt their policies to different jurisdictions with widely varying data protection laws.’

      ‘Kristen Mathews is by far the most knowledgeable data privacy and data protection lawyer one can work with. She is a leading expert in the full spectrum of privacy, data protection, and cybersecurity law. But this is far from her only quality. Although her expertise is vast, she has an acute awareness of its limits, knows precisely when it is helpful to involve other partners and external experts. Finally, she has excellent leadership skills and has been an incredible point person for our broader engagement with Morrison & Foerster.’

      ‘The team is led by Kristen Mathews who is extremely detail oriented and offers tailored solutions based on client needs.’

      Key clients

      Salesforce

      Marriott

      Adidas

      Samsonite

      Unity Technologies

      Pfizer

      FireEye

      American Bankers Association

      Prudential

      Target

      Work highlights

      • Represented FireEye/Mandiant in connection with the company’s investigation of and response to the unprecedented SolarWinds compromise that was also used to target key U.S. government and private sector entities.

      Norton Rose Fulbright US LLP

      Norton Rose Fulbright US LLP stands out in the information governance, privacy, and cybersecurity space with a nationwide team and broad experience in key sectors such as life sciences, retail, telecoms and technology. The practice is focused on cybersecurity incidents response, an area in which the team developed an in house solution involving automated intervention schemes based on pre-defined severity levels and real-time connectivity to Security Operations Centers. Compliance and privacy complete the department’s offering. Will Daugherty in Houston acts as co-practice head together with Chris Cwalina in Washington DC, who focuses on complex cybersecurity attacks and data breach investigations, New York-based duo Andrea D’Ambra and David Kessler, who specialize in addressing litigation readiness and cross border discovery matters, and Steven Roosa , who is also based in New York and oversees the development of the firm’s privacy compliance tool suite, NT Analyzer.

      Practice head(s):

      Chris Cwalina; Andrea D’Ambra; David Kessler; Steven Roosa; Will Daugherty

      Key clients

      Abbott Laboratories

      Gilead Sciences

      GlaxoSmithKline plc

      Baker Hughes

      LPL Financial

      Work highlights

      • Representing a global media communications company that suffered a ransomware incident affecting operations in 89 countries.
      • Assisting a French marketing agency in a ransomware incident affecting operations in France.
      • Acting as lead privacy counsel to Abbott Laboratories regarding CCPA, GDPR and HIPAA compliance.

      Orrick, Herrington & Sutcliffe LLP

      The highly developed and recognized cyber, privacy and data innovation practice at Orrick, Herrington & Sutcliffe LLP attracts high-profile clients, including, among others, Microsoft, which hired the team for a biometric privacy litigation, and Twitter, which the team represented in a privacy class action. The matters were led by Boston-based practice head Douglas Meal, and by Michelle Visser in San Francisco and Seattle's Aravind Swaminathan, respectively. In the Boston office, cybersecurity compliance and advisory lawyer Heather Egan Sussman co-heads the group. San Francisco's Shannon Yavorsky is dual-qualified in California and the UK and considered a US and European data security and privacy expert. Litigator Seth Harrington in Boston and CCPA and COPPA specialist Emily Tabatabai in Washington DC are also noted. Antony Kim left the firm in June 2021.

      Practice head(s):

      Douglas Meal; Heather Egan Sussman

      Other key lawyers:

      Emily Tabatabai; Michelle Visser; Aravind Swaminathan; Shannon Yavorsky; Seth Harrington

       

      Testimonials

      ‘Orrick’s privacy practice has the unique advantage of not only being legal experts in privacy and data protection, but they also clearly understand the technology and operational constraints outside of the law that can impact how a business should interpret privacy regulations. Their advice is pragmatic and digestible to non-legal resources. Their addition of lawyers who specialize in AdTech and MarTech has been incredibly valuable, as this space is increasingly difficult to navigate.’

      ‘Emily Tabatabai is incredible. Her understanding of technology and ability to explain complex legal requirements into distillable, easy-to-action decision points makes her stand out in the privacy law space. Emily helps to break down the risks of various decision points and how to make operational decisions, especially as it relates to the CCPA and other US privacy laws. Emily is also fantastic at finding global partners to help support our multinational company and interpreting privacy law outside of the US, as well.’

      Key clients

      Arby’s Restaurant Group

      Chime

      Donnelley Financial Services

      Hilton Worldwide

      Interactive Advertising Bureau (IAB)

      Microsoft Corporation

      NerdWallet, Inc.

      Shopify Inc.

      TJX Companies

      Zynga

      Work highlights

      • Representing Microsoft in a biometric privacy class action pending in the Northern District of Illinois alleging that Microsoft violated the Illinois BIPA by failing to get informed consent from Illinois ride sharing drivers before initiating its facial recognition software to collect, store and analyze their biometric data.
      • Advising Zynga, a publicly traded mobil entertainment company, on a challenging cybersecurity incident that spanned the globe.
      • Advising clients on global regulatory and self-regulatory organization developments, anticipating challenges and suggesting privacy compliance solutions for advertising technology companies and industry trade associations.

      Paul Hastings LLP

      Paul Hastings LLP covers the full range of privacy and data security matters, including assistance during cross-border transactions. Based in Washington DC, the team includes Behnam Dayanim, who is well respected in matters involving FinTech and payments, as well as advertising and gaming cases, vice-chair Sherrese Smith, who excels at US data privacy and security laws and EU GDPR and CCPA regulations, and lead director Jacqueline Cooney. Robert Silvers moved to the U.S. Department of Homeland Security in August 2021.

      Practice head(s):

      Behnam Dayanim; Sherrese Smith; Jacqueline Cooney

      Other key lawyers:

      Aaron Charfoos

      Testimonials

      ‘Aaron Charfoos is very knowledgeable and experienced in handling the security incident that he was assigned to work with us as a client. He handled cases professionally. His timely response and update is appreciated too.’

      Key clients

      Facebook

      Samsung Electronics America

      Barclays

      Caesars Entertainment

      L’Oreal USA Inc.

      Align Technology

      Cadent Inc.

      Biofire Diagnostics, Inc.

      Citadel Enterprise Americas LLC

      Spectrum Pharmaceuticals

      Work highlights

      • Assisted BioFire Diagnostics LLC in a substantial matter filed in The United States District Court for the Northern District of Texas, concerning claims of breach of contract, copyright infringement and theft of BioFire’s software by USMN.
      • Acting for ModiFace, Inc., a L’Oréal company, against a consumer class action asserting violations of the Illinois Biometric Privacy Act (“BIPA”).
      • Assisted Spectrum Pharmaceutical, Inc. in an internal investigation into a ransomware attack against the company.

      Proskauer Rose LLP

      Ryan Blaney heads up Proskauer Rose LLP‘s privacy and cybersecurity group in Washington DC, which is known for its cross-practice expertise, including corporate, transactional, counseling and litigation skills in relation to matters of data collection, use, and sharing, marketing and customer outreach, and online advertising and data security. Blaney focuses on regulatory compliance, enforcement, litigation and transactions and is also a member of the health care practice, creating further synergies.

      Practice head(s):

      Ryan Blaney

      Key clients

      Ascension

      T-Mobile

      Church & Dwight

      National Football League

      Hearst

      Capstone Investment Advisors

      LA 2028 Olympic Committee

      Music Theatre International

      Accelya, Inc.

      Financial Institutions

      New Enterprise Associates

      Quinn Emanuel Urquhart & Sullivan, LLP

      Quinn Emanuel Urquhart & Sullivan, LLP has a massive’ market share of data privacy litigation, an area where the team, led by Jennifer Barrett in New York and Stephen Broome and Viola Trebicka in Los Angeles, does ‘excellent work’. They represent large, global companies in investigations and lawsuits around cyber law, data privacy and security. The department also stands out for successfully collaborating with the class action litigation, government enforcement and regulatory litigation, as well as intellectual property litigation practice groups.

      Practice head(s):

      Jennifer Barrett; Stephen Broome; Viola Trebicka

      Key clients

      Google LLC

      Ancestry.com

      International Business Machines Corporation

      TWC Product and Technology LLC

      Little Caesar’s Enterprises

      KIK Custom Products, Inc.

      Work highlights

      • Representing Google in multiple class actions alleging that Google improperly received data related to customers’ use of the Chrome browser on third party websites, including claims based on the California Invasion of Privacy Act; Intrusion Upon Seclusion; Breach of Contract; Breach of Implied Covenant of Good Faith and Fair Dealing; Statutory Larceny; and California Unfair Competition Law.
      • Representing IBM in multiple, consolidated, class actions by Illinois residents asserting claims under Biometric Information Privacy Act based on allegations that IBM extracted facial identifiers from photographs uploaded to Flickr.
      • Representing TWC Product and Technology LLC, a member of The Weather Channel family of companies, against a privacy class action lawsuit alleging that the company failed to adequately disclose that users’ location data would be used for advertising.

      Reed Smith LLP

      Reed Smith LLP‘s data protection, privacy and cybersecurity team has a significant track record in advising on transactions, regulation and litigation matters, and particularly stands out for its expertise in the finance, life sciences, energy, transportation and adtech sectors. Clients also appreciate the ‘immense value’ offered through custom technology platforms assisting  with digital transformation and collaboration, data and intelligence, document management and automation as well as training, project engineering and legal project management. Key contacts include privacy, information security and consumer protection expert Gerry Stegmaier in Washington DC and ‘knowledgeable and responsive’ Sarah Bruno in San Francisco. New York-based counsel Catherine Castaldo and Houston-based cybersecurity specialist Bart Huffman complete the team. Always in Houston, Wendell Bartnick was promoted to partner in early 2021 and is regularly involved in privacy and data security matters, as well as advising clients on crisis management and data incident response issues. Samuel Cullari left the firm in September 2021.

      Other key lawyers:

      Gerry Stegmaier; Sarah Bruno; Catherine Castaldo; Bart Huffman; Wendell Bartnick

      Testimonials

      ‘The Reed Smith cybersecurity/privacy team is highly responsive and practical, tailoring its advice to the realities of the business and offering immense value through custom technology platforms. The team’s openness to alternative fee arrangements underscores its commitment to partnership, transparency, and delivering value to its clients.’

      ‘Sarah Bruno is extremely knowledgeable, responsive, and provides practical, actionable advice on both privacy and cybersecurity matters. She is proactive, providing updates on upcoming laws that could impact our business, and finds way to deliver value above and beyond the actual cost of her services (e.g., leveraging the firm’s technology team to develop a custom database to track data sources).’

      Ropes & Gray LLP

      Ropes & Gray LLP stands out for its comprehensive data, privacy and cybersecurity offering in the US, paired with cross-Atlantic collaboration with the firm’s London-based team, which is particularly appreciated by clients seeking compliance, advisory, enforcement and litigation aspects pertaining to the collection, storage and processing of company and personal data abroad. Standout mandates for the team include work for Wyndham and LabMD relating to regulatory investigations of cybersecurity incidents. Corporate and data transactions complete the group’s offering. Key contacts include practice heads Edward McNicholas and Fran Faircloth, both in Washington DC.

      Practice head(s):

      Edward McNicholas

      Other key lawyers:

      Fran Faircloth

      Testimonials

      ‘The firm translates its global expertise into practical advice at a fair price.’

      ‘Rohan Massey and Ed McNicholas are both experienced practitioners blessed with integrity, judgment, and the ability to provide clear, practical, implementable advice. They are mindful of the impact of billing. And they are a true pleasure to work with.’

      ‘The Ropes team is the best of the best. The team is hands-on and practical and as subject matter experts, they deliver high-level practical business advice. Their approach is not buried in unnecessary analysis, but instead is to the point and timely in line with updates in the evolving legal landscape. Their dedication is resolute. Whether on longer term projects or immediate needs, they make themselves available to meet client needs, as collaborators and legal expert counselors. They appreciate the need for working with client about bespoke needs and billing procedures. In sum, they are a go-to counsel of choice.’

      ‘This team is able to take novel concepts involving multi-stakeholder data sharing and analysis and develop a comprehensive partnership agreement that addresses all parties concerns and needs.’

      ‘Working with Ropes and Grey, and more specifically Fran Faircloth and team, is the combination of experience in the innovative uses for data, the significant research they conduct to fill any knowledge gaps they may have, their customer service – relationally they are a joy to work with.’

      ‘They have as much, or more, experience in this area as any firm in the country. Their team is professional and prompt in their attention to these time-critical issues.’

      ‘Edward McNicholas and Fran Faircloth: despite the pressures of other cases, they were always prompt, knowledgeable, and helpful in addressing our issues.’

      Key clients

      Kevin Thompson / former CEO of SolarWinds

      Advocate Aurora Healthcare

      Bombas LLC

      The Office of the Privacy Commissioner of Canada

      Hilton Worldwide

      Invesco

      Altimeter Growth Corp

      New Mountain Capital LLC

      eClinicalWorks LLC

      TPG Capital LP

      Work highlights

      • Representing the former CEO of SolarWinds in a variety of state AG, congressional, and federal investigations, as well as securities litigation in Texas, shareholder derivative litigation in Delaware, and negotiations regarding other threatened cases.
      • Represented Advocate Aurora Healthcare in purported state class action litigation arising from a data incident at one of its constituent hospitals involving the employees of the hospital.
      • Advised New Mountain Capital LLC regarding the acquisition of a cutting-edge advertising technology company.

      Seyfarth Shaw LLP

      Seyfarth Shaw LLP‘s global privacy and security practice stands out for its expertise in data security and encryption and is highly appreciated for its commercially-savvy advice, deriving from experience in in-house capacities. The team’s ‘strong understanding’ of the needs of security leaders, risk leaders, senior management and directors gains them particular praise. Scott Carlson  ‘is skillful and ensures that messaging is effective, yet balanced for key parties involved.’ Carlson is based in Chicago and co-heads the group together with John Tomaszewski in Houston. Jason Priebe and Bart Lazar  in Chicago are noted. Richard Lutkus left the firm.

      Practice head(s):

      Scott Carlson; John Tomaszewski

      Other key lawyers:

      Jason Priebe; Bart Lazar

      Testimonials

      ‘They have brought a strong understanding of cyber-risk advisory and relevant experience to the forefront in protecting proprietary information, assisting in the interpretation of results, and communicating assessment results in a most effective manner for security leaders, risk leaders, senior management and directors.’

      ‘Scott Carlson brings his expert knowledge to his work in providing guidance around the execution of engagements, interpretation of results, and communication of results to audiences of different management levels and knowledge. He is skillful and ensures that messaging is effective, yet balanced for key parties involved.’

      Sheppard, Mullin, Richter & Hampton LLP

      Sheppard, Mullin, Richter & Hampton LLP is ‘excellent’ at handling privacy regulatory compliance and houses ‘some of the top privacy experts in the field’, including practice co-heads Craig Cardon in Century City and Liisa Thomas in Chicago. The team focuses on advising large retailers, among other clients, in relation to data breaches, where New York's Kari Rollins excels, class action and litigation cases, and technology transactions and privacy counseling. Jonathan Meyer is now a general counsel at the Department of Homeland Security.

      Practice head(s):

      Craig Cardon; Liisa Thomas

      Other key lawyers:

      Kari Rollins

      Testimonials

      ‘Excellent at privacy regulatory compliance. They have some of the top privacy experts in the field. Have written extensively on the topic with regular updates.’

      ‘Lawyers are personable, explain topics in practical and understandable terms, and provides practical and actionable guidance to meet regulatory requirements.’

      Key clients

      Inspire Brands (fka Sonic Drive-In)

      Dick’s Sporting Goods, The TJX Companies and Sephora

      Williams-Sonoma Inc.

      FaceFirst, Inc

      FC Dallas

      StockX LLC and Stock, Inc.

      Arby’s

      Papa John’s

      Digital Reality Management Services, LLC

      Subway

      Nestlé Purina PetCare Company

      Flanders Corp

      ZARA USA

      Broder Bros., Co.

      Method Products, PBC

      NEO Technologies

      Work highlights

      • Representing in a data breach class action MDL filed by financial institutions that allegedly sustained damages as a result of a 2017 data breach perpetrated against Sonic.
      • Represented StockX LLC in securing the dismissal of five consolidated class action lawsuits that were filed against StockX LLC in the aftermath of a 2019 data breach.
      • Advising Papa John’s on privacy issues and assisting the company with a variety of compliance projects.

      Shook, Hardy & Bacon LLP

      Shook, Hardy & Bacon LLP is well known for its incident response, compliance and risk minimization practice, combines with strong capabilities in privacy litigation, whereby an emphasis is put on biometric privacy cases. Based in Miami, practice head Al Saikali is ‘particularly good with helping business, technology, and legal executives prepared to deal with cybersecurity incidents.’ Further team members in Chicago include Melissa Siebert and Matthew Wolfe, who is an expert on BIPA and ‘gives good, direct guidance in that space.’

      Practice head(s):

      Al Saikali

      Other key lawyers:

      Melissa Siebert; Matthew Wolfe

      Testimonials

      ‘The lawyers at SHB are very, very cost conscious and drive great value for their clients. They are willing to think globally to try to reduce costs and drive efficiencies in litigation, when possible. Impressive knowledge in pending litigation matters and strategic advice. They keep up on industry trends and have good, broad knowledge on this substantive space. The advice they give is practical and straight-forward.’

      ‘Al Saikali is a perfect outside counsel to work with. He is funny, engaging and has a great ability to look at issues from the point of view of his clients. On billing issues, he is eminently fair. He is also very good at bringing in team members when it makes sense.’

      ‘Matthew Wolfe is great at executing against a task. He is good at keeping his client informed and making sure that work is getting done and addressed in a timely fashion. He knows a ton about BIPA and gives good, direct guidance in that space.’

      ‘Al Saikali and his team have deep expertise on data breach preparedness, mitigation, and response. He has outstanding relationships with his clients and partners – and we trust his and value his experience and expertise. Al is particularly good with helping business, technology, and legal executives prepared to deal with cybersecurity incidents.’

      ‘Al Saikali and his team of lawyers are pragmatic, experienced, and easy to work with.’

      ‘This is a firm that produces outstanding work product with competitive rates. They are proactive in keeping clients informed and do terrific work.’

      Key clients

      Crate&Barrel and CB2

      Whirlpool

      Biometric Privacy Class Action Lawsuits

      Florida Justice Reform Institute

      Appgate

      GlobeNet

      AMN Healthcare

      Nextiva

      Work highlights

      • Represented Crate & Barrel/Whirlpool and achieved dismissals in the first three of more than 45 multimillion dollar class action lawsuits in Florida brought by visitors to websites of companies that use session replay technology.
      • Advised Appgate on building a comprehensive privacy compliance program to meet the legal requirements in the multiple jurisdictions in which it operates.
      • Advising the Florida Justice Reform Institute to provide background information and testimony to the Florida House of Representatives, Florida Senate, and Florida Governor Ron DeSantis about the potential risks presented by a proposed privacy law.

      Venable LLP

      Based in Washington DC, Venable LLP distinguishes itself through its engagement in government and regulatory issues, and in particular policy and investigations. Stuart P Ingis co-heads the department and as privacy counsel is especially appreciated by trade associations and coalitions. He is also singled out for being ‘extremely knowledgeable of different industries and the regulatory landscape’. The team is also led by Emilio Cividanes, who has longstanding experience as a privacy lawyer. Reed Freeman Jr is an authority in privacy matters in relation to mobile devices, social media, and connected devices. Julia Kernochan Tama 'is very knowledgeable and always able to provide accurate advice', while Michael Signorelli is ‘fantastic on a whole host of privacy, security, and incident response matters.’ Kelly DeMarchis Bastide is also noted.

      Practice head(s):

      Emilio Cividanes; Stuart Ingis

      Other key lawyers:

      Reed Freeman Jr; Julia Kernochan Tama; Michael Signorelli; Kelly DeMarchis Bastide; Grant Schneider; Tara Potashnik; Robert Hartwell;

      Testimonials

      ‘The Venable team is always willing and able to engage on thorny privacy and security concerns, and excels at working through complex questions with their client’s stakeholders. Ability to help make sense of how regulators are thinking about emerging privacy and security issues.’

      ‘The Venable team is extremely responsive and always willing to make time for their clients no matter the time or day an issue hits. In particular, Mike Signorelli and Milo Cividanes are fantastic partners on a whole host of privacy, security, and incident response matters, and Grant Schneider’s insights and experience have been invaluable to my team as we think through the increasingly complex regulatory landscape.’

      ‘This is the top firm in privacy and cybersecurity. It has a talented bench of professionals that includes not just senior partners, but also access to the top cybersecurity think tank at the Center for Cybersecurity Policy and Law. Venable has the ability to provide top legal services and also integrate that into a policy and lobbying campaign.’

      ‘A tremendous knowledge of what is happening behind the scenes in the administration and Congress.’

      ‘Venable’s team is very knowledgeable in regulatory matters. They understand the business well, and always provide advice tailored to the business. They are also creative, and help you find solutions to difficult issues.’

      ‘Julia Tama is very knowledgeable, and provides an excellent service. She is always able to provide accurate advice, while also finding creative solutions to difficult issues. Stu Ingis is extremely knowledgeable of different industries and the regulatory landscape.’

      ‘Stuart Ingis, Emilio Cividanes, Tara Potashnik, Robert Hartwell: each of these individuals are experts on Data Privacy and Data Security. They have a wonderful “can-do” spirit and show a willingness to roll up their sleeves and do the hard work and analysis with us. Robert, in particular, is very helpful and really feels like part of the team!’

      Key clients

      Privacy for America

      Digital Advertising Alliance (DAA)

      Self-Driving Coalition for Safer Streets

      Partnership for Responsible Addressable Media (PRAM)

      Center for Cybersecurity Policy and Law

      Comscore

      Association of National Advertisers (ANA)

      Network Advertising Initiative (NAI)

      American Association of Advertising Agency (4A’s)

      Interactive Advertising Bureau (IAB)

      Early Warning Services

      Zscaler

      Lidar Coalition

      Work highlights

      • Advised Privacy for America and engaged in dialogue with Senate and House staff and other regulators to discuss developments advancing comprehensive data privacy legislation in the United States.
      • Advising the PPL WG on privacy, legal, policy, and other areas relevant to developing new standards for addressable media across the Internet.
      • Acting as counsel to a coalition of advertising trade associations seeking to harmonize data standards that are being rolled out across states.

      WilmerHale

      WilmerHale has a recognized cybersecurity and privacy practice that stands out for its skills in handling data breaches, its experience with government investigations and regulation and its technical knowledge. Privacy, corporate governance, national security, litigation, and other focus areas all combine and contribute towards the success of the Washington DC-based cyber incidents team, led by Kirk Nahra and Benjamin Powell: Powell advises companies on significant cybersecurity incidents and incident preparedness across multiple sectors, while Nahra’s practice involves implementing the requirements of privacy and data security laws across the country and internationally. Jason Chipman is particularly active in corporate due diligence for transactions involving data security and privacy issues.

      Practice head(s):

      Benjamin Powell; Kirk Nahra

      Other key lawyers:

      Jason Chipman

      Testimonials

      ‘The communication and support provided are greatly appreciated. ‘

      Winston & Strawn LLP

      Winston & Strawn LLP‘s global privacy and data security practice offers counseling in privacy, data protection, data security by design, litigation, trade secret audits, and investigation matters. The team is led by former federal prosecutors Sheryl Falk and Steven Grimes, who sit in Houston and Chicago, respectively, and former federal privacy regulator Alessandra Swanson, also in Chicago. Other key contacts in Chicago include Sean Wieber, who recently stood out for acting in a class action filed under the CCPA’s new private right of action, and associate Eric Shinabarger, who focuses on privacy counseling, data breach response, and regulatory compliance.

      Practice head(s):

      Sheryl Falk; Steve Grimes; Alessandra Swanson

      Testimonials

      ‘Competency, collaboration, and expert advice that combine to form the basis of exceptional service from a team of subject-matter experts.’

      ‘Experience to lead clients through the most challenging of global data protection and privacy issues. Better than most in the field.’

      ‘Client first and foremost.’

      Key clients

      LandPoint LLC

      Sunshine Behavioral Health

      Silva International, Inc.

      MAAC Machinery Company, Inc.

      Work highlights

      • Represented LandPoint and employees, defendants in a Trade Secret claim and TRO brought by Plaintiff, Transglobal Services, LLC, in the District Court of Tarrant County, Texas.
      • Representing Silva International, Inc. in connection with a BIPA class action in the Circuit Court of Cook County.
      • Represented Sunshine Behavioral Health in the nation’s first class action filed under the CCPA’s new private right action in the Central District of California, where plaintiff sought to represent a class of individuals alleging that the client did not adequately protect the personally identifying information of the proposed class members.