Lisa J. Sotto > Hunton Andrews Kurth LLP > New York, United States > Lawyer Profile

Hunton Andrews Kurth LLP
NEW YORK, NY 10166
United States
Lisa J. Sotto photo

Work Department

Corporate: Global Technology, Outsourcing & Privacy


Lisa chairs Hunton & Williams LLP’s top-ranked global privacy and cybersecurity practice, is the managing partner of the firm’s New York office, and is a member of the firm’s Executive Committee.


Lisa Sotto has received widespread recognition for her work in the areas of privacy and cybersecurity. Clients consider her work “outstanding,” and she has been called a “phenomenal lawyer” and hailed as the “queen of privacy.” Lisa was named among The National Law Journal’s “100 Most Influential Lawyers,” an honor bestowed on practicing attorneys who are making the biggest impact in the legal world.

Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements and global data protection laws (including those in the EU, Asia and Latin America). She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Through our firm’s privacy and security in M&A transactions team, Lisa also guides clients on risks and potential liabilities associated with inadequate privacy and data security practices in high-stakes corporate transactions. She conducts all phases of online and offline privacy assessments and information security policy audits. She also develops corporate records management programs, including policies, records retention schedules and training modules.

Lisa has been rated the “No. 1 privacy professional” in all surveys by Computerworld magazine. She is recognized by Chambers and Partners as a “Star” performer (the highest honor) for privacy and data security—the only lawyer in the United States to receive this distinguished ranking. Lisa also is recognized as a leading lawyer for cyber crime, data protection and privacy by The Legal 500 United States, who also listed her in their Hall of Fame. In addition, Hunton & Williams’ privacy and cybersecurity practice has received the topmost national rankings in privacy and data security from The Legal 500.

Lisa chairs the US Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. She speaks frequently at conferences, testifies regularly before the US Congress and other legislative and regulatory agencies; is the author of numerous treatises and articles; has been tapped to lead several industry committees and organizations; is sought after by media outlets and industry publications for her professional insights; and appears regularly on national television and radio news programs. She is the editor and lead author of the Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business.


  • Chair, US Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, 2012-present; appointed to Committee by Secretaries Johnson, Napolitano, Chertoff and Ridge; Chair, Policy Subcommittee, 2010-2012; Committee Vice Chair, 2005-2009; Member, Cybersecurity Subcommittee, 2013-present (requiring Top Secret security clearance)
  • Co-chair, International Privacy Law Committee, New York State Bar Association, 2007-present
  • Chair, New York Privacy Officers Forum, 2007-present
  • Lead Advisor, Data Guidance US Panel of Experts, 2008-present
  • Member, Law and Ethics Advisory Board, SAI Global, 2005-present
  • Member, American Law Institute
  • Fellow, American Bar Foundation
  • Member, Board of Directors, International Association of Privacy Professionals, 2010-2015
  • Past Member, Board of Directors, Identity Theft Resource Center, 2010–2012


  • JD, University of Pennsylvania Law School, Law Review, 1987
  • BA, History, Cornell University, distinction in all subjects, 1984

Lawyer Rankings

United States > Media, technology and telecoms > Cyber law (including data privacy and data protection)

(Hall of Fame)

Lisa SottoHunton Andrews Kurth LLP

Hunton Andrews Kurth LLP‘s New York-based privacy and cybersecurity team is recognized by clients for its ‘unparalleled expertise‘ and ‘refreshing pragmatism to help navigate the labyrinth of the legal and regulatory landscape‘. The group has experience across the full range of matters, including breaches, compliance projects and transactions, and boasts particular expertise in the financial services, private equity, technology, and retail sectors. In the past year, the team has been particularly busy advising clients on compliance with the CCPA, as well as on biometric data regulations. It is also assisting clients with data-monetization products and is increasingly acting for private equity clients in corporate transactions. Lisa Sotto, who according to one client is ‘the gold standard for privacy and cybersecurity matters‘, leads the practice group, which also includes ‘a world-class team of smart, hard-working, responsive associates‘. Aaron Simpson takes the lead on privacy and cybersecurity work for private equity firms, while Phyllis Marcus has particular experience in advising consumer electronics, interactive gaming companies, and internet-connected device manufacturers on compliance with the US Children’s Online Privacy Protection Act (COPPA). For advice on cybersecurity preparedness, Paul Tiao, who also has experience advising clients on the Supporting Anti-Terrorism by Fostering Effective Technologies (SAFETY) Act, is a name to note. ‘Shining starBrittany Bacon is highlighted for her breadth of experience in assisting clients with both cybersecurity incidents and developing global privacy compliance programs.

United States > Media, technology and telecoms > Fintech

Hunton Andrews Kurth LLP boasts a strong financial services regulatory practice, which has experience acting for clients in the fintech sector. The team was recently strengthened by the arrival of Dallas-based Erin Fonté, who joined the team from Dykema Gossett PLLC. Fonté now heads the practice group, and has a breadth of financial regulatory experience, with a particular focus in payment systems, and the payments space more generally. The cross-departmental team includes cybersecurity expert Lisa Sotto and consumer lending specialist Steven Becker, both of whom are based in New York. Scott Kimpel is a contact in Washington DC; he has particular experience in matters involving blockchain and distributed ledger technology. Names to note for financial services litigation include Jarrett Hale (‘deep knowledge and also a broad industry view‘) and Tara Elgie, who are based in Dallas.