Twitter Logo Youtube Circle Icon LinkedIn Icon

United States > Media, technology and telecoms > Cyber law (including data protection and privacy) > Law firm and leading lawyer rankings


Index of tables

  1. Cyber law (including data protection and privacy)
  2. Data protection and data breach response
  3. Leading lawyers
  4. Next generation lawyers

Who Represents Who

Find out which law firms are representing which Cyber law (including data protection and privacy) clients in United States using The Legal 500's new comprehensive database of law firm/client relationships. Instantly search over 925,000 relationships, including over 83,000 Fortune 500, 46,000 FTSE350 and 13,000 DAX 30 relationships globally. Access is free for in-house lawyers, and by subscription for law firms. For more information, contact


Crisis management is at the forefront of Baker McKenzie LLP’s practice, which includes Lothar Determann in Palo Alto, Brian Hengesbaugh in Chicago, and David Lashway and John Woods in Washington DC, as well as personnel in New York. The team is assisting a global vehicle manufacturer with a security inquiry regarding connected cars. It is also handling the implementation of an international data privacy compliance program for a software company. Other hallmarks of the practice include expertise on Health Insurance Portability and Accountability Act (HIPAA), Federal Trade Commission (FTC) and Privacy Shield matters, cybersecurity-related litigation, and internal investigations. Clients include Raytheon, Realogy, Wells Fargo, Westfield Financial Group and Priceline. Washington DC-based Michael Egan was promoted to the partnership in January 2016.

Covington & Burling LLP’s practice is led from the Washington DC office by David Fagan, Kurt Wimmer and James Garland. Garland advises Starbucks on cyber incident preparedness, Fagan advises American Airlines and Eli Lilly on cybersecurity issues, and Wimmer is part of a team which advises a prominent aircraft manufacturer on the development of its information security policies. New York’s Nigel Howard has ‘an excellent understanding of data protection issues associated with technology transactions’ and San Francisco-based Lindsey Tonsager has ‘a firm understanding of data protection compliance issues and astutely advises on domestic and international issues’. Hires in 2016 included of counsel Jennifer Martin in Silicon Valley and special counsel Micaela McMurrough in New York. Margaret Richardson departed for an in-house position at Airbnb.

DLA Piper LLP (US) has ‘an intelligent and practical cyber team, the lawyers provide not only expert advice but deliver findings and analysis in a comprehensible and actionable way’. Washington DC co-chair Jim Halpert led a team that negotiated and drafted revisions to seven state breach notice laws, and advised on student privacy legislation which was enacted in three states on behalf of the State Privacy and Security Coalition. New York’s Vincent Sanchez and Washington DC-based Thomas Boyd are the other co-heads of the practice, which recently saw EU privacy expert Carol Umhoefer swap the firm’s Paris office for New York. Boyd advises on legislative and regulatory issues regarding privacy, financial services and electronic commerce, while Sanchez focuses on complex commercial transactions involving new technologies. New clients include Hyundai Motor America and Synovus Financial. In early 2017, the former co-head of the practice at Sidley Austin LLP, Anna Spencer, joined the firm's Washington DC office, bringing expertise in healthcare privacy matters. Since publication, breach response specialist Tara Swaminatha has joinedSquire Patton Boggs and Benjamin Mulcahy and Gina Reif Ilardi have joined from Jenner & Block LLP.

Hogan Lovells US LLPhas cutting-edge expertise and is on top of industry trends and developments’. Julie Brill, Marcy Wilder and Harriet Pearson jointly chair the group from Washington DC. Brill joined in March 2016 having previously held the role of commissioner at the FTC; Wilder is ‘a great listener who is deeply experienced’; and Pearson has decades of corporate data privacy and cybersecurity experience. Scott Loughlin ‘is engaging, smart and practical’, and was recently part of a team of outside counsel for WebMD regarding compliance, investigations, policies and procedures in relation to online privacy. On behalf of UCLA Health, Wilder is leading the internal investigation and response to the investigation by the US Department of Health and Human Services’ Office for Civil Rights following the client’s security breach in 2015. The team also continues to handle matters related to the cyber attacks of Anthem and The Home Depot respectively.

According to a client, Hunton Andrews Kurth LLP has ‘a competitive edge in the areas of data security and breach response, no other firm comes close’. Lisa Sotto and Brittany Bacon ‘possess encyclopedic understanding of data breach legislation, a practical, action-oriented approach, and a willingness to work the hours on a global data breach response’. Sotto leads the team from New York and recently handled numerous high-profile cyber attacks on behalf of global technology companies. The practice has an impressive client roster made up of Fortune 100 and Forbes Global 2000 companies in the retail, financial services, technology, e-commerce, healthcare, energy and consumer products sectors, and new clients include MasterCard North America, Nordstrom, Loew’s Hotels & Resorts and doTerra. Areas of expertise include developing cybersecurity incident response plans, handling privacy and cybersecurity-related regulatory investigations and enforcement actions brought by data protection authorities, and implementing new requirements under the EU’s General Data Protection Regulation (GDPR).

Morrison & Foerster LLP provides ‘industry-leading advice from a deep and talented team of lawyers’. Miriam Wugmeister is ‘clearly operating at the top of her profession; distinguished by her passion, ability to relate to clients, and practical business-minded advice’. New York-based Wugmeister heads the team alongside San Diego-based Andrew Serwin and both are preeminent in the field, handling complex and sensitive US and international privacy matters on behalf of multinational organizations. Recent highlights include representing a children’s educational software company in an investigation by the FTC alleging the company had made a COPPA violation; advising one of the largest global pharmaceutical companies on a number of global data protection and privacy projects; and assisting a global payments technology company with data protection issues arising from its geographic expansion and new product offerings. Washington DC-based Julie O’Neill was promoted to the partnership in January 2017.

The ‘top-notchRopes & Gray LLP practice is ‘always professional and timely, consistently operates at a high level and produces exceptional work and guidance’. Boston-based Douglas Meal and Heather Egan Sussman are the main partners; Meal focuses on defending companies targeted by government investigations alleging privacy and data security violations, while Sussman focuses on privacy, information security and consumer protection. Recent highlights include assisting Supervalu with its response to cyber attacks on certain sectors of its computer network, which included investigating the attack, communicating with customers and regulators, and responding to payment card brand inquiries. The team is also representing medical laboratory LabMD in its petition to the Court of Appeal for a review of an FTC decision which held the client liable for allegedly violating FTC rules through its data security practices. Michelle Visser is highly experienced in defending companies against data security breach claims.

Data breach response is what the team at Baker & Hostetler LLP is best known for, having handled 350 incidents in 2016. Practice head Theodore Kobus in New York, Cincinnati-based Craig Hoffman and Will Daugherty in Houston acted as incident response counsel to clients including Madison Square Garden, O’Charley’s, Landry’s, AXA Financial and Whole Foods regarding payment card data security incidents. The team is experienced in representing companies in investigations by the FTC and state attorneys general. Carol Van Cleef joined the Washington DC office in November 2016 from Manatt, Phelps & Phillips, LLP, bringing expertise in fintech, regulatory compliance and incident response and preparedness. Elsewhere, Cincinnati-based Pat Haggerty was promoted to the partnership and Tanya Forsheit departed for New York firm Frankfurt Kurnit Klein & Selz PC. Melinda McLellan is another key team member.

Gibson, Dunn & Crutcher LLP welcomed a host of new lawyers throughout 2016. Former US Attorney for the Eastern District of California Benjamin Wagner joined the Palo Alto office, the Washington DC office welcomed former acting associate US Attorney General Stuart Delery, Stephanie Brooker joined the same office and is the former Director of the Enforcement Division of the Department of the Treasury’s Financial Crimes Enforcement Network, and internet privacy expert Kristin Linsley joined the San Francisco office. Alexander Southwell heads the practice from the New York office and handles matters for Facebook, MySpace, Intel and American General. Michael Li-Ming Wong operates from San Francisco and Palo Alto and recently handled a high-profile class action arising from a data breach for Uber which was ultimately dismissed, and assisted Wells Fargo with an investigation into the client’s practice of customer telephone call recordings conducted by a special task force (comprising the California Attorney General and the district attorneys’ offices for Los Angeles, Alameda, San Diego, Riverside and Ventura Counties), which reached a settlement in March 2016.

Boston-based co-chairs Lynne Barr and Brenda Sharton lead Goodwin’s team, which recently welcomed former chief privacy officer at the Department of Homeland Security Karen Neuman to its Washington DC office. Veronica McGregor joined in San Francisco from Hogan Lovells US LLP and brings expertise in regulatory compliance matters, particularly with respect to the Gramm-Leach-Bliley Act and the Telephone Consumer Protection Act (TCPA). Recent highlights include handling five high-profile class actions under the TCPA on behalf of Quicken Loans, which involved third-party consent. In another matter, on behalf of Opower, the team handled privacy due diligence and the negotiation of the privacy and data security provisions of the acquisition agreement between Opower and Oracle. Advising financial services providers on federal privacy compliance is another strength of the firm.

The ‘first-rateLatham & Watkins LLP practice recently welcomed Serrin Turner from the US Attorney’s Office for the Southern District of New York’s criminal division, where he was the lead cybercrime prosecutor. Also in New York, Douglas Yatter joined from the enforcement division of the Commodity Futures Trading Commission, where he served as chief trial attorney. Washington DC-based Jennifer Archie chairs the practice and is highly experienced in cybersecurity, the CAN-SPAM Act and data privacy. Archie recently co-led a team defending Delta Airlines in a case brought by the Californian government accusing the client of violating a state privacy law with its mobile app, which resulted in a dismissal and the client being awarded costs on appeal. For Vizio, the team advises on all matters pertaining to data privacy and security globally, including in the acquisition of Cognitive Media and transactional work involving data analytics.

Orrick, Herrington & Sutcliffe LLP provides ‘very specific industry knowledge and extremely appropriate advice’. Antony Kim in Washington DC and Aravind Swaminathan in Seattle are the partners to note and each have strengths in cybersecurity risk management and incident response planning. Washington DC-based of counsel Emily Tabatabai ‘has an extraordinary depth of knowledge in student data privacy matters’. The team is currently handling a data breach investigation affecting 35,000 individuals in the US and Canada on behalf of Acer America. For Premera Blue Cross, the team is handling a data breach which affected approximately 11 million individuals. For WW Grainger, the team is assisting with the development of data maps, global data transfers, designing and implementing global privacy compliance programs, and cybersecurity preparedness and response.

The overall level of service at Pillsbury Winthrop Shaw Pittman LLP is ‘exemplary’. Brian Finch is, according to one client, ‘the gold standard for cyber attorneys; his depth of knowledge is unsurpassed and his ability to identify, interact with and influence policymakers is remarkable’. Finch co-chairs the practice with fellow Washington DC lawyer Deborah Thoren-Peden. The team recently welcomed Peri Mahaley from Orrick, Herrington & Sutcliffe LLP, who has expertise in insurance claims arising from cyber attacks. Recent highlights include advising FireEye on securing SAFETY Act certification for two of the company’s cybersecurity products and assisting NTT Data Corp with its purchase of Dell’s IT services arm, Dell Systems, for $3.06bn, in which senior counsel Catherine Meyer was engaged to review privacy provisions in connection with the deal. The team also acted as regulatory and privacy counsel to Green Dot with respect to its acquisition of AccountNow, due to the cardholder and associated data the acquired company holds.

Proskauer Rose LLP’s ‘client service is stellar in terms of responsiveness, depth of knowledge, and providing practical legal advice geared towards business goals’. The practice is known for advising on compliance with state, federal and global obligations, and defending claims arising from alleged breaches on behalf of large multinational companies. Kristen Mathews leads the team from the New York office and is noted for advising high-profile companies on cyber breach response practices and exercises, children’s and healthcare privacy, identity theft prevention, and geolocation matters. The team recently advised a global financial advisory agency on privacy issues and restrictions related to reporting hotlines, and reviewed the company’s privacy policies and notices to ensure compliance with global privacy laws.

Trusted Advisor - with Finnegan

IP specialist Finnegan detail how their collaborative approach makes for a unique culture which is designed to allow them to work with clients in a way which is cognizant of the challenges facing all companies today.

The team at Reed Smith LLPhas excellent subject matter expertise and credibility with regulators’. Michael O’Neil led a team which represented Sterling in two related national class actions alleging numerous violations of the Fair Credit Reporting Act (FCRA). Chicago-based O’Neil is an expert on global regulatory enforcement, TCPA compliance and defense of class action privacy claims. Mark Melodia splits his time between New York and Princeton and co-heads the practice alongside Princeton-based Paul Bond. Melodia ‘is strong overall on strategy and interacting with regulators’, and New York’s Therese Craparo ‘has deep knowledge of technology issues’. The team recently welcomed Gerard Stegmaier in Washington DC from Goodwin, counsel Samuel Cullari, who splits his time between Philadelphia and Washington DC, from an in-house position at Comcast, Michael Galibois in Chicago from Chittenden, Murday & Novotny LLC, and Bart Huffman in Houston from Locke Lord LLP.

Sidley Austin LLP’s practice is led by Edward McNicholas and Alan Raul from the Washington DC office. McNicholas has represented major retailers in litigation and investigative challenges following cybersecurity attacks, and Raul has over 20 years’ experience in practicing privacy and data security law. The team is currently representing AT&T in a communications privacy case in Texas, having previously successfully represented the client in preventing RadioShack from selling the client’s confidential consumer data. Internal promotions include Kwaku Akowuah and Colleen Brown; Akowuah focuses on Supreme Court and appellate matters, including high-profile privacy and data protection litigation, and Brown has significant experience in privacy and data protection compliance, litigation and regulatory enforcement actions, including those focused on information security and data breach response. In early 2017, former co-head of the practice Anna Spencer moved to DLA Piper LLP (US).

Steptoe & Johnson LLP’s team is led by Stewart Baker in Washington DC and Michael Vatis in New York. Vatis is ‘a true star; he is a deep thinker, thoroughly analyzes issues, identifies solutions and is able to apply his analysis to business reality’. Baker has considerable expertise in regulatory compliance and data breach response matters. The team is assisting VTech with its response to a hack of customer information, resulting in class action suits, investigations by regulators and data protection authorities, and congressional inquiries. Other highlights included representing The Coalition for Responsible Cybersecurity, a group of companies founded by Ionic Security to oppose the adoption of a Commerce Department rule pertaining to a license requirement for certain cybersecurity export goods; advising Verizon on international legal issues concerning cloud computing; and assisting with the formation of the Blockchain Alliance, a public-private association formed by the bitcoin community to help fight criminal activity involving bitcoin and blockchain technology. Of counsel Alan Cohn is co-chair of the firm’s blockchain and digital currency practice and is another name to note.

WilmerHale’s team recently welcomed Alejandro Mayorkas, who previously served as Deputy Secretary of Homeland Security; he splits his time between Los Angeles and Washington DC and focuses on internal investigations, cybersecurity, crisis management and national security. Benjamin Powell co-leads the practice with fellow Washington DC lawyer D Reed Freeman, who is ‘an expert in the area of privacy law; he understands not only the legal landscape, but also the expectations of the FTC and industry self-regulatory guidance and benchmarking’. Powell typically handles data breaches and related investigations, and recently handled a wide range of privacy and data security issues on behalf of a global hardware company, including advice on EU data security and privacy issues, responding to government subpoenas, legislation, best practices for incident response, and internal investigations. Heather Zachary regularly advises Bose on privacy, data security and consumer protection issues under federal, state and international law.

Akin Gump Strauss Hauer & Feld LLP’s practice heads are Dallas-based Michelle Reed, Washington DC-based David Turetsky, and Natasha Kohne, who splits her time between San Francisco and Abu Dhabi. Kohne is highly experienced in international data protection and cybersecurity matters; Reed has expertise in providing privacy and security risk assessments and developing policies and procedures to mitigate cybersecurity threats; and Turetsky advises on privacy and cybersecurity regulations, risk management, incident response preparation, data governance and policies. Recent work includes handling a data breach for online sports retailer Honig’s Whistle Stop that affected consumers in the US and globally; this included a forensic investigation, customer notification, call center management, state regulatory negotiations, handling public relations, and notifying state attorneys general.

Arnold & Porter was created in January 2017 via the combination of Kaye Scholer and Arnold & Porter LLP. The new team has seven partners based in Washington DC and New York, with expertise spanning federal and state data protection issues, cybersecurity matters relating to government contracts, and regulatory compliance and litigation. In the Washington DC office, Adam Golodner is ‘absolutely top tier’, and Nancy Perkins, Ronald Lee, Marcus Asner and Kenneth Chernof are also recommended. Recent highlights include advising a telecoms company on HIPAA privacy, creating a data privacy program for an employment agency, and advising Lutron Electronics on the data privacy aspects of its cloud computing arrangements. Chernof is experienced in data breach litigation and is handling cases for Adobe, Barnes & Noble, Leidos, and Horizon Blue Cross.

Margo Tank and Elizabeth McGinn lead Buckley Sandler LLP’s practice, which is known for advising financial services clients on big data, security breaches and regulatory enforcement actions and investigations. Tank focuses on the intersection of financial services and technology and is experienced in government enforcement, while McGinn handles all types of regulatory investigations. Chicago-based James Shreve was promoted to counsel in January 2016. Recent highlights include advising SEC-regulated clients on global privacy and data security matters, specifically on global data flow restrictions, safeguarding requirements, vendor management and contracts, and preparation for Securities and Exchange Commission (SEC) cybersecurity reviews. The team is also assisting two clients with FTC investigations relating to their privacy and data security compliance. Douglas Gansler, John Kromer and Jeffrey Naimon are other notable partners; individuals are located in Washington DC except New York-based McGinn.

Cooley LLP’s lawyers advised on 26 data security breaches during 2016 and defended over 50 class actions, largely against government regulators. Matthew Brown and Michael Rhodes in San Francisco and Randy Sabett in Washington DC are co-heads of the practice. Rhodes and Brown recently defended Facebook in a consolidated class actions suit involving the alleged violation of users’ privacy rights, which was dismissed in June 2016. Sabett acted for a dating application when its servers were being used to access servers of another company and also advised an HR services company when an employee was targeted by a phishing email which ultimately led to the exposure of personal employee information. Other highlights included defending Twitter in a privacy class action alleging violations of California’s Invasion of Privacy Act.

Davis & Gilbert LLP’s service levels are ‘excellent, specifically the response times and ability to react to changing requirements and requests’. Gary Kibel’s knowledge of the space is second to none’; he leads the New York practice with Richard Eisert. The team is assisting new client Adbrain with regulatory compliance, and other client gains include Bitly and Sprinklr. The practice has notable strengths in Children’s Online Privacy Protection Act (COPPA) related issues and is advising numerous advertisers and their agencies on their privacy policies, websites, mobile apps and promotions to ensure compliance with new regulations is met. Other work highlights included advising life sciences start-up Evoke Neuroscience on all aspects of its technology and data collection service. The team also assists non-profit healthcare providers, hospitals, insurance providers and employer-sponsored group health plans with all HIPAA privacy and security concerns. Oriyan Gitig is another name to note.

Debevoise & Plimpton LLP’s New York based team ‘takes great pride in understanding clients’ internal processes, controls and culture, and brings great professionalism, expertise and work ethic’. Jeremy Feigelson leads the ‘top-of-the-game’ practice, which includes the ‘highly accomplishedJim Pastore as well as David Sarratt and new arrival from the Department of Justice Luke Dembosky, who is ‘an extremely competent litigator and negotiator, specifically regarding international cybercrime, intellectual property crimes and incident response’. The team assisted the National Basketball Association with its incident response plan through tabletop exercises and also provided American Express with a global cyber program, which included pre-breach and risk mitigation advice. Demonstrating its COPPA expertise, the team defended a compliance investigation by the New York Attorney General against Viacom.

At Jenner & Block LLP, Mary Ellen Callahan leads the team from the Washington DC office and is well known for her expertise in data breach incident response. She worked with special counsel Heidi Wachs for Brunswick Corporation concerning a tax scam incident resulting in a federal enforcement investigation. The team also advises clients on compliance with federal, state and foreign data security and cybersecurity laws, and often acts for government contractors in relation to insider threat programs and cybersecurity obligations. In another highlight, the team is providing a global financial institution with board-level cybersecurity tabletop exercises. Since publication, Gina Ilardi and Benjamin Mulcahy have moved to DLA Piper LLP (US).

Kelley Drye & Warren LLP’s practice head Dana Rosenfeld is highly experienced in privacy, data security and consumer finance-related issues at federal and state level. Key partner Alysa Hutnik is an expert on laws relating to the Internet of Things (IOT), John Heitmann’s strengths lie in advising clients on governmental compliance in the telecoms space, while special counsel Christopher Loeffler has regulatory expertise in, among other things, e-commerce, data security, privacy and other consumer protection issues. Hutnik represented XO Communications in Federal Communications Commission (FCC) proceedings in which the FCC sought to impose privacy and data security regulations on broadband providers and to update its existing privacy and security regulation for voice, cable and satellite providers. Rosenfeld and Hutnik advise Disney on all of its privacy and marketing issues, including providing regulatory advice. All named attorneys are based in Washington DC.

New York lawyers Ieuan Jolly, James Taylor and Kenneth Florin lead Loeb & Loeb LLP’s practice, which has a reputation for data optimization work alongside the traditional offering of international and domestic data privacy advice. In a recent highlight, the team advised a payment card client on its global privacy strategy and provided analysis of transactional data in connection with the launch of its new mobile app. The team is also advising a media company on a high-value data services contract, which involves data hosting, analytics, insights, predictive modeling and data leveraging and processing through the client’s global digital platforms. HBO, Phoenix Life Insurance, Toyota, Unilever and iHeartMedia are all clients.

Washington DC-based Rajesh De leads Mayer Brown’s practice, which was successful in its representation of Spokeo in the landmark Supreme Court case, Spokeo, Inc v Robins, where the team defended its client against an FCRA violation claim. The team is representing Starwood Hotels and an operating company in a class action lawsuit as a result of a data breach which compromised payment card information at multiple hotels. Other clients include Bank of Montreal, St Jude Medical, PwC International and Auto-ISAC. New recruits in Washington DC include Kendall Burman, who was previously deputy general counsel for the US Department of Commerce; Daniel Stein, who previously served as chief of the criminal division at the US Attorney’s Office for the Southern District of New York; and former Department of Defense special counsel David Simon.

Tysons’ Andrew Konia is head of McGuireWoods LLP’s practice, which is particularly experienced in TCPA litigation, information governance and healthcare data privacy issues. On behalf of Wells Fargo, the team secured the dismissal of a class action alleging that credit card networks and major issuing banks conspired to transfer the liability for fraudulent charges onto merchants, in connection with the credit card payment industry’s transition from magnetic stripe credit cards to chip cards. Healthcare specialist Nathan Kottkamp of the Richmond office leads a team of outside counsel for KPMG’s HIPAA work, which includes providing daily advice on its HIPAA business associate agreements and the development of its HIPAA policies and procedures. Kottkamp also assisted Ideal Image with a data breach involving customer information, and advised on HIPAA matters.

Seyfarth Shaw LLP’s practice is led by senior counsel in Houston John Tomaszewski and Scott Carlson in Chicago. Tomaszewski’s expertise includes advising on IOT issues and cryptocurrency platforms using blockchain technology, while Carlson advises clients on information governance issues, including computer forensics, cybersecurity and IT-related policies. Richard Lutkus, who splits his time between San Francisco and Chicago, and Washington DC-based Karla Grossenbacherdo a spectacular job; they provide timely responses and give sage advice on investigating breaches and notifying customers’. The team is assisting a media company with the global information governance of its data privacy and protection issues, including cross-border transfer of personal data and international litigation and regulatory proceedings. Further highlights included advising a drug testing company on Privacy Shield compliance, providing privacy advice to a healthcare company with regard to implementing an email-based opt-in marketing program, and conducting a HIPAA compliance assessment on a large medical practice.

The privacy group at Venable LLP is ‘second to none’, according to one client. Led by Stuart Ingis and Emilio Cividanes from Washington DC, the practice is known for investigations, privacy litigation, compliance advice and crisis management. Charles Curran joined in October 2016 and has expertise in privacy and data protection issues pertaining to online advertising, digital marketing and cross-industry self-regulation. The team is representing Amazon in ongoing litigation with the FTC, in which the FTC alleges that the client failed to obtain informed consent for in-app charges incurred by minors on smart devices. The team also serves as lead counsel to Amazon regarding the FTC’s investigation into the company’s billing practices associated with in-app purchases of apps marketed to children. The group also acts for several coalitions, including the Coalition for Cybersecurity Policy and Law, the Self-Driving Cars Coalition, and the Digital Advertising Alliance.

Winston & Strawn LLP covers the full range of data security matters, from investigations, litigation and data breaches to consumer, employee, financial and healthcare privacy. The team recently assisted Volvo Financial Services with a global movement of personal data and also advised on updating the client’s internal policies and procedures. Other highlights included advising Fortune Brands Home & Security and its subsidiaries on their respective privacy obligations, revamping the companies’ privacy disclosures, and assisting with general privacy compliance matters, including the launch of a new mobile app. New clients include Bonial Enterprises North America and Blue Chip Marketing Worldwide. New York-based Kari Rollins, Chicago-based Robert Newman and Houston-based Sheryl Falk are key contacts. Since publication, former team head Liisa Thomas has moved to Sheppard, Mullin, Richter & Hampton LLP.

Foley & Lardner LLP handles high-profile and day-to-day security breaches and is particularly well versed in healthcare privacy matters. Los Angeles-based breach response expert James Kalyvas heads the practice, and Jacksonville-based Chanley Howell handles data breach simulation exercises on behalf of global hospitality companies. The team is assisting Sentry Insurance with a risk assessment and review of its data security and privacy practices. For Harley-Davidson and Harley-Davidson Financial Services, the team is handling privacy and security compliance obligations. Charles Schwab, Union Bank and Universal Health Services are also clients. Jennifer Rathburn joined the Milwaukee office from Quarles & Brady LLP, bringing expertise in healthcare regulations, data privacy and cybersecurity.

Recent additions at Jones Day include Richard Martinez joining the Minneapolis office from Robins Kaplan LLP in January 2017. In Irvine, Edward Chang transferred from the business and tort litigation department to the cybersecurity, privacy and data protection practice, and in Boston, Lisa Ropple joined in October 2016 from an in-house position at Staples. New York-based Mauricio Paez collaborated with the Munich office to advise the Internet Corporation of Assigned Names and Numbers on negotiations with various EU data protection authorities regarding data retention requirements. Paez and Los Angeles-based Daniel McLoon jointly lead the team, and other key partners include Atlanta-based Todd McClelland, Columbus-based Todd Kennard, Irvine-based John Vogt and Dallas-based Richard Johnson. Representative clients include Cardinal Health, Experian,, Sirius XM Radio, Educational Testing Service and iYogi.

According to one client, Locke Lord LLPsucceeds at providing big business attention and services to small and mid-sized companies’. Ted Augustinos (Hartford), Molly McGinnis Stine, Thomas Smedinghoff (both Chicago) and David Szabo (Boston) are the core members of the practice, following Bart Huffman’s departure to Reed Smith LLP. Smedinghoff is ‘an exceptional attorney; he is knowledgeable and thoughtful and has an excellent ability to explain complex issues’. Augustinos is praised for his ‘bedside manner’, and the whole team is applauded for ‘its wide array of expertise and willingness to understand the complexity of the client’s business’. Augustinos handled a matter for new client Amica Mutual Insurance, which involved a revision of its privacy and data protection policies and procedures. AmTrust North America, Open Identity Exchange and Great American Insurance Group are other clients.

Manatt, Phelps & Phillips, LLP has particular expertise in the connected cars space and in a recent example advised KMA, a subsidiary of Kia Motors, on compliance with Global Automakers’ consumer privacy protection principles. Donna Wilson heads the practice from Los Angeles, closely supported by Christine Reilly; and New York-based Marc Roth is co-chair of the firm’s TCPA compliance and class action defense practice. The team was also retained by New York & Company to defend against a putative TCPA class action before the US District Court for the District of Columbia in which the plaintiffs allege that the client continued to send text messages after it had revoked consent. For WW Grainger, the team assisted with TCPA compliance, which expanded to advice on compliance with CAN-SPAM for email marketing and a review of the client’s telemarketing plans and customer relationship management issues. In another highlight, the team is assisting non profit New York eHealth Collaborative with ensuring the health information exchange in New York is compliant with federal and state laws.

The McDermott Will & Emery LLP practice is co-chaired by Michael Morgan, who splits his time between Los Angeles and Silicon Valley, Chicago-based Daniel Gottlieb and Boston-based Mark Schreiber. Gottlieb is known for his healthcare practice, with particular strengths in advising on HIPAA compliance and other federal and state privacy, security and breach notification laws; Morgan advises on cyber incident preparation, prevention and response; and Schreiber advises on global privacy coordination and Privacy Shield issues. Recent highlights include handling a whistleblowing hotline project on behalf of a Japanese client, involving data protection issues in various jurisdictions including the US, Canada, Mexico, and various EU and Asian countries; handling a series of large data breaches for a global risk management company and advising a cloud-based electronic health record system vendor on a range of cybersecurity issues.

David Navetta and Boris Segalis co-chair Norton Rose Fulbright US LLP’s department from Denver and are known for their strengths in compliance and risk management, data transactions, breach preparedness and response, investigations and disputes. Recent highlights include advising an insurance agency and its policyholders in response to data security incidents. The team is also assisting a healthcare services provider with its response to a data security incident affecting 300,000 individuals in the US and internationally. For a pharmaceuticals company, the team is advising on global data protection compliance issues, including GDPR compliance, data mapping, and the development of a privacy program and policies. Pfizer, MasterCard, Aramark, BuzzFeed, Pacific Gas & Electric, and Xcel Energy are all clients.

Paul Hastings LLP’s practice is co-chaired by Washington DC-based Behnam Dayanim and San Francisco’s Thomas Counts and also has strength in New York. Counts is a litigator focusing on privacy, data security law and other technology-related litigation, while Dayanim is an expert in regulatory compliance, internal and regulatory investigations, and data breach response. Demonstrating its strengths in fintech, the team assisted NerdWallet with the development of a privacy and compliance charter, Gramm-Leach-Bliley Act and FCRA compliance, and an overall audit program. For the US branch of a cosmetics company, the team assisted with a range of privacy and digital marketing issues and the negotiation of contracts with service providers, and advised on regulatory obligations. JP Morgan Chase, Marsh McLennon, Paysafe, Pfizer, Syniverse Technologies, Visa and Arby’s are all clients.

In February 2016, Sheppard, Mullin, Richter & Hampton LLP welcomed Laura Jehl in Washington DC as a new co-leader of the group; she was previously general counsel and chief privacy and security officer at Resolution Health, a subsidiary of health insurer Anthem. In September 2016, also in Washington DC, former Homeland Security deputy general counsel Jonathan Meyer joined the team. The team’s other co-leader, Craig Cardon, handles privacy and data-related advertising litigation for blue-chip retailers and ‘has very deep industry knowledge and the ability to give business-sensitive advice’. Recent mandates for the firm include acting for BitGo in connection with the theft, from a business partner, of $72m in bitcoins, which included crisis management coordination with blockchain-industry forensic experts. The team also assisted Duo Security with drafting its cyber incident response plan and advised a major cable communications provider, Charter Communications, on a range of privacy and cybersecurity matters, including advice on new FCC regulations for internet service providers. Since publication, the ‘practical, creative and thoughtfulLiisa Thomas has joined from Winston & Strawn LLP.

International comparative guides

Giving the in-house community greater insight to the law and regulations in different jurisdictions.

Select Practice Area

The Legal 500 United States - Events

GC Powerlist -
United States

Press releases

The latest news direct from law firms. If you would like to submit press releases for your firm, send an email request to

Legal Developments worldwide

Legal Developments and updates from the leading lawyers in each jurisdiction. To contribute, send an email request to

Press Releases worldwide

The latest news direct from law firms. If you would like to submit press releases for your firm, send an email request to