Hausfeld LLP fields a team of experienced plaintiff-side counsel in its technology and data breach team, involved in high profile cybersecurity and data privacy litigation seeking compensation for victims of data breaches and privacy violations. James Pizzirusso leads both the data breach, privacy, and consumer protection teams from Washington DC, appointed by courts to leadership positions in a number of successful class actions. In Philadelphia, Jeanine Kenney leverages longstanding public policy experience; San Francisco-based Megan Jones and DC-based Swathi Bojedla are also key names.

Recommended for its ‘comprehensive global insights and knowledge‘, Baker McKenzie LLP‘s data privacy and cybersecurity practice assists its clients in developing comprehensive privacy programs, carrying out complex cross-border data transfers, and handling challenging data breach incidents. Brian Hengesbaugh, based in Chicago, chairs the firm’s global data privacy and security business unit: his experience in the development and implementation of domestic and international privacy policy informing advisory work in global data privacy matters, direct marketing information management, and data-driven transactions. The firm’s global cybersecurity practice is headed from New York by Cyrus Vance, who handles high-stakes litigation and global investigations: also an area of strength for Elizabeth Roper. In Palo Alto, Cynthia Cole pairs intellectual property transactions experience with digital transformation and cybersecurity expertise, supporting clients across the media, energy, healthcare, and life sciences industries. The ‘knowledgeable and approachable‘ Lothar Determann , also in Palo Alto, regularly advises on data privacy law compliance as well as information technology commercialization. Rachel Ehlers is the key name in Houston, with a practice focusing on technology transactions and cybersecurity. Stephen Reynolds departed the team in June 2023.

Technology companies seek out Cooley LLP‘s cyber, data, and privacy team for its expertise in data innovations and cyber threats, and its track record in complex privacy class actions. Specializations within the team include healthcare, education, and insurance technology. Practice head Travis LeBlanc works across San Francisco and Washington DC, combining technical knowledge with global litigation experience to both support data-rich companies in their privacy needs and sit on the US Privacy and Civil Liberties Oversight Board. In Colorado, David Navetta advises clients on global compliance requirements along with supporting those experiencing large scale cyberattacks. Privacy litigation for individuals and high-profile technology companies is the center point of Michael Rhodes‘ practice in Chicago, including disputes around innovation and emerging technology. Also in Chicago, Lei Shen is noted for her work managing consumer protection issues arising from new and developing technologies. Michael Egan, based in Washington DC, is a go-to for regulatory issues encountered by international businesses, including consumer protection matters, cross-border data flows, and e-monitoring. Tiana Demas goes between Chicago and New York, and leverages previous experience both as a federal prosecutor and in-house cybersecurity counsel to litigate for clients in complex privacy and data breach cases. In San Francisco, Randy Sabett and Matthew Brown are both key names.

DLA Piper LLP (US)‘s data protection, privacy and security team works closely with its regulatory and government affairs practice group to offer clients support in strategic, global data compliance advice. Its workload includes high-profile data breach response, data-driven due diligence, privacy litigation and regulatory enforcement matters. Andrew Serwin is based in San Diego, acting as both chair of the US data protection, privacy and security team and co-chair of the practice group globally. His practice includes international compliance advice, national security issues, health privacy, and wiretap related issues. In Seattle, Kate Lucente has particular expertise regarding e-commerce laws and self-regulatory initiatives. Carol Umhoefer, clients’ ‘go-to resource for all data protection and privacy questions‘, co-leads the EMEA data protection team from Miami: recommended particularly for multi-jurisdictional compliance matters. Washington DC-based James Sullivan draws on previous experience in government to advise clients on developing federal and state data privacy rules; New York’s John Gevertz focuses on privacy governance frameworks with an emphasis on financial services and fintech. Ron Plesco is the key name in Philadelphia, regularly handling cyber investigations, threat intelligence, and cyber crime threats.

Hogan Lovells US LLP‘s privacy and cybersecurity team works with clients ‘to holistically and globally address issues’, from comprehensive advice on federal and state privacy developments to government regulatory investigations and high-stakes privacy litigation. Practice head Scott Loughlin regularly handles data-heavy M&A and technology acquisitions, including third-party risk management. The longstanding sector expertise of Marcy Wilder is cited by clients as demonstrative of the firm’s ‘in-depth privacy knowledge’: Wilder’s experience in government healthcare policy involved developing HIPAA regulations, and current work includes supporting clients through high-profile data breaches and privacy enforcement investigations. Multi-national technology and software companies seek out Bret Cohen for technical knowledge in cloud computing, AI, machine learning and social media, and also leads the firm’s education privacy practice. Paul Otto is noted for risk management, regulatory compliance and incident response matters, particularly in the life sciences and health sectors. Heading up the technology and telecoms industry sector group, Mark Brennan assists clients in navigating internet policy decisions, and the growing influence of AI. In New York, Peter Marta leverages previous in-house and intelligence experience to manage cybersecurity threats. Harriet Pearson  departed the team in August 2023. All team members are based in Washington DC unless otherwise stated.

The ‘exceptional’ privacy and cybersecurity team at Hunton Andrews Kurth LLP is recommended for its ‘pragmatic and business focused advice’. Clients spanning the retail, consumer products, technology, financial services, energy and health care sectors seek out the team for its expertise in complex, large-scale cybersecurity incident response, along with in-depth knowledge of privacy law compliance requirements. Breach response expert Lisa J. Sotto heads the firm’s global practice; her ‘expertise and prominence are unmatched’. Aaron Simpson is praised by clients as the ‘epitome of a commercially-minded attorney’, with notable experience of UK and EU privacy regulations and a track record advising private equity clients. Children’s privacy issues are a particular strength of Phyllis Marcus, working out of Washington DC and offering extensive experience with the FTC children’s online privacy program. ‘Quite possibly the foremost expert in CCPA and CPRA in the United States’, associate Danielle Dobrusin is the go-to for emerging state privacy laws. Brittany Bacon regularly handles large-scale cybersecurity incidents, also an area of strength for Adam Solomon. Michael La Marca has a growing practice in AI, machine learning, and biometrics. All team members are based in New York unless otherwise stated.

Characterized by an ‘unparalleled‘ depth of knowledge, the privacy and cyber practice at Latham & Watkins LLP leverages its international reach to offer global compliance advice, including advisory support, international cybersecurity incident response, privacy litigation and regulatory investigations. The wider firm’s transactional practice is also supported by the cyber team, who offer strategic data and privacy insights during corporate transactions. Practice head Michael Rubin works out of San Francisco, and is recommended as the ‘go-to data privacy and security lawyer for technology companies‘. In Washington DC, Jennifer Archie ‘is simply outstanding‘: her practice spans FTC investigation defense and critical data-related crisis, including those involving nation-state attacks. Antony Kim, also in DC, focuses on public and private enforcement regarding cybersecurity, data usage and governance, and consumer protection. Serrin Turner is a key name in New York, representing high profile corporates in privacy litigation. Marissa Boynton is based in DC, and handles privacy-related investigations, computer fraud and cybercrime related incidents, and privacy issues arising in corporate transactions. Clayton Northouse, DC, has particular experience in cross-border transactional matters, also an area of strength for San Francisco based Robert Blamires, who is dual qualified across the US and England and Wales.

Morrison Foerster‘s privacy and data security offer ‘does not merely practice law but understand the spectrum of challenges and solutions in a cyber data incident‘. The team is recommended for its global reach, counseling clients on international privacy compliance requirements alongside particular skill handling cross-border transfers of data. Practice head Miriam Wugmeister, based in New York, ‘brings a calm confidence to any crisis‘. Cybersecurity incidents are a key area of Wugmeister’s practice, bolstered by AI and data ethics expertise. In Boston, Julie O’Neill works at the intersection of privacy and consumer protection law, creating compliance programs and advising on the privacy aspects of large M&A deals. The implications of US state data privacy laws and their compliance requirements are an area of expertise for Kristen Mathews in New York, who has experience with clients in the media, retail, technology, and philanthropic sectors. Also in New York, Marian Waldmann Agarwal stands out for her business and in-house experience, making her a go-to for clients seeking to establish and build their privacy programs. In California, San Francisco-based litigator Tiffany Cheung  offers notable expertise regarding biometric information security, while Purvi Patel, in Los Angeles, is experienced in cases involving businesses’ collection of personally identifiable information; both are skilled in class action litigation in the practice area. Alex Iftimie departed the practice in July 2023.

Praised by clients as ‘the absolute best in class when it comes to cyber response‘, Orrick, Herrington & Sutcliffe LLP‘s cyber, privacy and data innovation team counsels clients through regulatory compliance, incident response, and litigation challenges. Practice head Shannon Yavorsky, based in San Francisco, is a go-to for international data transfer issues, and leads the firm’s AI working group. In Boston, Heather Egan heads the firm’s strategic advisory and government enforcement business unit, pairing technical breach response expertise with extensive knowledge surrounding global regulatory requirements. Seattle-based Aravind Swaminathan is recommended as ‘extremely pragmatic and business savvy‘, noted for his growing California Invasion of Privacy Act and state wiretap litigation prowess. In San Francisco, Michelle Vassar stands out for her ‘fantastic judgment’ in cybersecurity enforcement actions; Emily Tabatabai, in Washington DC, handles student and children’s data privacy, ‘a niche that few people know better‘. Also in DC, Thora Johnson‘s practice sits at the intersection of life sciences, health, and privacy, particularly in regards to growing technology use in healthcare spaces. The firm’s February 2023 merger with Buckley LLP adds Amanda Lawrence and Elizabeth McGinn to the team, both in DC, bolstering the team’s fintech expertise. Douglas Meal departed the team in December 2023.

Venable LLP‘s privacy and data security offering sits within its wider technology and innovation group, a standout for its deep policy expertise and experience in the advertising sector. Co-chair of the technology and innovation group Stuart Ingis, based in Washington DC, centers his practice around the development of privacy regulation, including industry self-regulation. His experience includes taking a privacy counsel role for a range of leading industry trade associations, and conducting advocacy before the FTC and state attorneys general. Fellow technology and innovation co-chair Michael Signorelli, also in DC, is also noted for his policymaking experience, with particular crossover expertise in advertising law. Privacy and data security team chair Emilio Cividanes, DC, has an extensive track record drafting federal privacy regulations, combined with skilled representation of companies under investigation by bodies including the FTC. For privacy compliance advice, DC co-chairs Julia Tama and Kelly DeMarchis Bastide are recommended; Tama is particularly sought after for financial privacy, advertising, and children’s privacy matters, while DeMarchis Bastide is a go-to for consumer data privacy and protection work. Based across San Francisco and DC, Tara Sugiyama Potashnik is a key partner for communications sector regulatory and government issues.

The cybersecurity, privacy and data protection team at Akin stands out for its experience of emerging state privacy statutes, with notable expertise regarding the California Consumer Privacy Act and California Privacy Rights Act. Its workload includes with counseling clients on compliance with these regulations, and supporting them through any litigation or investigations in the practice area. San Francisco-based Natasha Kohne leads the practice, assisting clients in the development of privacy and security programs to both mitigate risk and respond to cybersecurity events.  Jo-Ellyn Sakowitz Klein is the key name in Washington DC, a go-to for health information privacy matters involving HIPAA and HITECH compliance. In Irvine, Hyongsoon Kim handles consumer and data privacy class action defense, including those involving unfair business practices and false advertising laws. Michelle Reed has left the firm.

BakerHostetler‘s digital assets and data management team handles a range of privacy concerns, counselling clients in the healthcare, hospitality and ecommerce sectors in their compliance responsibilities alongside supporting them through ransomware attacks and any class action litigation which follows. Team head Theodore J. Kobus III, based in New York, leverages extensive experience in the practice area to handle regulatory defense for high profile clients with a focus on healthcare clients. Cincinatti-based Craig Hoffman is sought after for his expertise regarding payment card security incidents; in Houston, Lynn Sessions handles both cybersecurity incident response and the regulatory investigations arising from these incidents. Casie Collignon leads the Denver-based team, and is particularly recommended for privacy class action defense; Denver colleague Paul Karlsgodt heads the national privacy and data risk class action and litigation team.  The Los Angeles team is headed by Jennifer Mitchell, whose compliance experience supports clients in highly regulated sectors involving sensitive personal information.

‘A broad team with in-depth knowledge of cyber law‘, the data strategy and security practice at Debevoise & Plimpton LLP handles technically complex cyber investigations and boasts a growing AI team: an area of focus for practice group co-head Avi Gesser, bolstered by the April 2023 addition of counsel Matt Kelly from Davis Polk & Wardwell LLP. Gesser, based in New York, advises clients on governance, risk and liability issues related to both AI and cybersecurity. In Washington DC, co-head Luke Dembosky leverages significant national security experience to support companies in managing cyber risks, responding to incidents, and the investigations which arise from them. Litigation partner Erez Liebermann works out of New York, and combines both in-house and government experience to handle regulatory counselling and high-impact incident response matters. Also in New York, Jim Pastore and Johanna Skrzypczyk are recommended for breach response and privacy-oriented work respectively. Lisa Zornberg departed in July 2023.

The ‘extraordinary‘ privacy and cybersecurity team at Dechert LLP regularly handles high-profile, complex class actions in the sector, along with defending clients in regulatory investigations. A particular standout feature is the team’s experience in the healthcare sector, representative of its focus on data-rich sectors also including technology, and its ability to advise on the specific regulations applying to companies in these sectors. Team head Brenda Sharton, based in Boston, ‘is a phenomenal leader for the practice‘: leading large scale data breach responses, defending consumer class action litigation, and noted for her specific AI and machine learning expertise. Also in Boston, Timothy Blank advises on the privacy and data security implications of corporate deals. Los Angeles-based Kevin Cahill is a go-to for clients in the financial services industry; Benjamin Sadun, also in Los Angeles, handles matters relating to the Biometric Information Privacy Act. Associate Hilary Bonaccorsi is skilled in the development of global privacy compliance programs for data-driven businesses, working out of Charlotte.

The ‘phenomenal’ cybersecurity and data privacy team at Eversheds Sutherland handles matters from the state and local to international levels, leveraging its global reach to support clients including large scale technology companies, banks and social media platforms. Team head Michael Bahar, based in Washington DC, leverages extensive experience in both the public and private sectors to advise across the spectrum of cybersecurity and data privacy matters, including those concerning national security. West Coast technology and data lead Brandi Taylor works across San Francisco and San Diego; her practice focuses on data privacy compliance, and often involves matters concerning product development and emerging technologies for technology companies. In DC, Mary Jane Wilson-Bilik is noted for data analytics and financial sector regulation expertise; Austin-based counsel Alexander Sand is a go-to for both data breach matters and emerging regulatory risks.

Gibson, Dunn & Crutcher LLP’s privacy, cybersecurity and data innovation practice group ‘has excellent depth and experience’, fielding a team with a wealth of former in-house, regulatory and government experience to support clients including high profile social networks, ecommerce brands, and technology companies. Ashlie Beringer heads the team from Palo Alto, is a go-to for complex regulatory investigations across the US and globally. Jane Horvath joined the team in Washington DC in January 2023; former chief privacy officer for Apple, Horvath leverages extensive in-house experience to counsel clients through complex technical issues with regards to global regulatory standards. In New York, of counsel Christopher Rosina is a key name for compliance counselling, while San Francisco’s Rosemarie Ring has a growing privacy class action practice. Alexander Southwell departed the team in September 2024.

The cybersecurity, privacy and data protection team at Jones Day ‘has an extremely broad set of experiences upon which it can draw to advise its clients’; it handles a range of complex, large scale class action disputes along with government regulatory enforcement, and compliance advice in reference to developing technologies, notably including generative AI systems. Lisa Ropple, based in Boston, ‘is an outstanding partner in this practice area’: her longstanding expertise in handling data breach matters is paired with experience of both regulatory investigations and litigation in the area. Cybersecurity incidents both in the US and internationally are handled by the team, which is ‘global in nature’, Kerianne Tobitsch, in New York, is a key name for this area. Also in New York, Mauricio Paez is recommended for cybersecurity matters including risk management and the development of compliance programs. For litigation, California-based John Vogt is a go-to: his experience spans class actions involving theft of consumer data, heath care records, and financial information, while Atlanta-based Mary Alexander Myers is noted for her work on complex technology-driven transactions.

Mayer Brown draws on the ‘impeccable experience’ of its cybersecurity and data privacy team in handling a range of international cyber incidents, data breaches, and class actions for major technology companies. Its artificial intelligence task force and national security practice are both stand out elements of the cybersecurity offering from the team, bolstered by the addition of Justin Herring and Adam Hickey in May 2023; based in New York, Herring has notable expertise regarding cyber regulations, while Hickey, working between New York and Washington DC, is a go-to for government investigations work. DC-based team head Rajesh De handles matters which involve complex technology, national security, law enforcement and privacy concerns. Also in DC, Stephen Lilley is recommended for cyber incident response and subsequent litigation. ‘Absolute expert’ Dominique Shelton Leipzig, in Los Angeles, leads the global data innovation and ad tech privacy practices, providing strategic cyber-preparedness compliance advice. David Simon departed the team in July 2023.

The team at Quinn Emanuel Urquhart & Sullivan, LLP stands out for its expertise in high profile litigation, including consumer data class actions involving substantial penalties or damages. Its experience includes representing companies faced with data security breaches. Stephen Broome and Viola Trebicka, based across Los Angeles and New York, co-head the practice with New York-based Jennifer Barrett. Barrett, co-managing partner of the New York office, is particularly recommended for data breach response. Broome’s practice is focused on litigating and trying complex disputes, including those related to web-browsers, mobile apps, digital advertising, and facial recognition, with notable appellate experience. Data privacy class actions and data breach litigation, along with breach response, make up Trebicka’s work in the sector; cutting-edge technologies are a specific area of expertise. Also in New York, Jomaire Crawford is noted for her commercial litigation at both a state and federal level, representing a number of big-tech clients.

The ‘unique and highly effective‘ data protection, privacy & cybersecurity team at Reed Smith LLP advises on a range of strategic transactions, regulatory matters, and data-driven disputes. Its clients span the financial services, life sciences, healthcare, technology and media sectors. Robert Newman heads the team from Chicago as a part of his work as lead for the firm’s global emerging technology group, and is a particular go-to for work at the intersection of marketing and data privacy. Recommended for ‘her exceptional contributions to the realm of cyber law‘, San Francisco-based Sarah Bruno regularly advises clients in the retail, consumer products and technology spaces with a particular emphasis on privacy counselling in accordance with privacy laws across California, the US, and the EU. In Chicago, Monique Bhargava assists clients in utilizing emerging technologies in advertising for innovative customer engagement. Wendell Bartnick rejoined the team in Houston in March 2023 after a period at Holland & Knight LLP.

Combining expertise in regulatory investigations, disputes, privacy counselling and corporate data transactions, the data, privacy and cybersecurity team at Ropes & Gray LLP offers US experience with global reach. Clients in the healthcare sector particularly seek out the team, which has established knowledge regarding the handling of data breaches involving sensitive information. Team head Edward McNicholas, based in Washington DC, has a notable track record supporting clients through regulatory investigations and class action litigation in relation to cybersecurity incidents. Also in DC, Fran Faircloth’s practice includes internet governance matters, and compliance counselling on federal, state, and foreign privacy requirements. Boston-based counsel Kevin Angle advises clients on the data privacy implications of complex corporate transactions. Associates Matthew Cin in Chicago, and Briana Fasone in New York, are also recommended.

The cybersecurity and privacy team at WilmerHale handles a range of nonpublic privacy and data security regulatory investigations, particularly before the FTC. Pairing government experience with technical forensics expertise, the cross-disciplinary team of privacy, corporate governance, litigation, and national security practitioners supports clients experiencing complex cyber incidents. Team heads Benjamin Powell and Kirk Nahra, both in Washington DC, together chair the firm’s artificial intelligence practice; launched in 2023, it counsels clients on AI governance structures. Powell’s has longstanding experience in the sector, advising companies on major cybersecurity incidents both in terms of preparedness and response. Nahra has growing involvement in the privacy and security issues arising from healthcare research both across the US and globally. Jason Chipman, also in DC, assists corporate clients with due diligence in complex, data-related transactions.

Alston & Bird LLP’s privacy, cyber and data strategy team is noted for its ‘seamless’ cross border work, assisting global brands with data compliance programs. Kristine Brown co-heads the team; based in Atlanta, her practice focuses on privacy and data breach litigation and includes particular experience in class actions. Co-head David Keating, also in Atlanta, is noted for his data protection work. In Washington DC, team co-head Kim Peretti supports a range of healthcare, hospitality, telecommunications and financial services clients with cybersecurity matters including cyber readiness planning. Amy Mushahwar, in DC, is particularly recommended for her work with emerging technologies; Atlanta-based Maki DePalo also advises on global data privacy.

Arnold & Porter‘s privacy, cybersecurity & data strategy team combines data protection counselling with cyber-related class action and litigation experience, with notable expertise in the defense and aerospace sector. Jami Vibbert spearheads the practice from New York: a go-to for global compliance advice and experienced in regulatory investigations across the US, Vibbert is sought after for risk minimizing data strategies. In Washington DC, Ronald Lee‘s practice sits at the intersection of national security, cybersecurity, and privacy matters; supporting clients with electronic surveillance, identity theft, and supply chain security. Kenneth Chernof, also in DC, is recommended for clients in the consumer products, healthcare, and services industries. New York-based David Schwartz offers expertise in Video Privacy Protection Act matters, an area in which Chernof is also experienced.

Characterised by a combination of ‘intellectual rigor‘ and ‘deep caring‘, the cybersecurity and privacy team at Cleary Gottlieb Steen & Hamilton handles a range of matters including incident response, data breach litigation, enforcement and compliance. Team head Daniel Ilan is praised by clients as ‘fully up to speed on new developments’, bringing his expertise particularly to issues arising in transactional contexts. Cyber-related compliance and anti-corruption matters are handled by Jonathan Kolodner, who is noted for his experience as a government official. Rahul Mukhi is also a go-to in this area, with experience regarding complex ransomware attacks. Marcela Robledo advises at the intersection of data privacy and intellectual property issues, often in significant technology transactions. All named team members are based in New York.

Davis+Gilbert LLP‘s privacy and data security team is particularly noted for its expertise with advertising clients, combining privacy and ad tech capabilities to assist in emerging areas of tech, ad fraud, and brand safety. Richard Eisert, team co-head, advises clients from start-ups to multinational companies; he combines privacy and technology advice with intellectual property knowledge. Co-head Gary A Kibel  is particularly noted for his work across the e-commerce, financial services and employment sectors. Oriyan Gitig , Counsel, draws on data privacy expertise to assist clients in developing best practices; associate Emily Catron leverages advertising industry experience to advise clients on regulatory compliance matters. Zach Klein, associate, is recommended by clients for his ‘leading edge on both legal theory and commercial practice‘, a data privacy expert with experience in government. All team members mentioned are in New York.

The privacy and cybersecurity team at Fenwick & West LLP provides ‘timely, appropriate, thorough and practical‘ advice to clients across the technology, life sciences, ecommerce, and financial services industries. Team co-head Tyler Newby chairs the firm’s IP & complex litigation practice from San Francisco, and handles a range of consumer class actions, regulatory matters, and commercial disputes matters. Michael Sussmann joined the team from Perkins Coie LLP in April 2023, now co-leading the practice from Washington DC and bringing particular experience in cybercrime. The expanding team also promoted to partner San Francisco-based David Feder in January 2024, whose practice involves government investigations along with civil and regulatory litigation. In Silicon Valley, counsel Ana Razmazma is particularly recommended for M&A involving privacy issues. San Francisco counsel Brent Tuttle is noted for his ‘rare combination of legal acumen and commercial sensibility‘.

The data privacy and security team at Freshfields Bruckhaus Deringer LLP ‘is incredibly impressive’, particularly noted for its speed in dealing with complex data breaches along with ‘deep connections at multiple organizations‘. Team head Christine Lyon, based in Silicon Valley, works with clients in developing privacy and data protection strategies along with compliance programs. In New York, Timothy Howard is recommended for his ‘incredible reach‘ and ‘aggressive approach to problem solving‘: his practice focuses on cybersecurity, data breaches, and cryptocurrency fraud. Brock Dahl works across Washington DC and Silicon Valley and heads the firm’s US Fintech practice. Beth George and Megan Kayo joined the team in June 2023 from Wilson Sonsini Goodrich & Rosati. Both based in Silicon Valley, George brings government experience to strategic risk and crisis management work, while Kayo regularly works with clients experiencing data breaches.

Goodwin’s data, privacy and cybersecurity team, recommended for its ‘sophistication, depth and breadth of legal expertise’, combines its expertise in emerging technologies and life sciences to support clients including venture funds, private equity firms, and financial institutions. Steve Charkoudian leads the practice group, based in Boston. Also in Boston, Omer Tene advises both public and private entities, including leading social media clients; Judson Welle, New York, brings cybersecurity litigation experience. Tene and Welle serve on the firm’s AI task force. Boris Segalis and Kaylee Cox Bankston departed the team in March 2024.

Kelley Drye & Warren LLP‘s privacy and information security counselling and compliance team pairs ‘deep regulatory roots‘ with ‘excellent legal and technical knowledge’ in support of clients in the advertising technology, consumer products, telecommunications and online retail industries, among others. Kate White joined the team in Washington DC as a partner in January 2023 from the Federal Trade Commission, bolstering the team’s existing expertise in FTC investigations, which includes particular experience of the Fair Credit Reporting Act. Also in DC, team head Alysa Hutnik is ‘a privacy expert who has an encyclopedic grasp of changing state and federal laws and regulations’, noted for her AdTech work. In New Jersey, Lauri Mazzuchetti handles consumer class action defense; Laura Riposo VanDruff ‘is everything you could want in a strong data privacy/security lawyer’, handling state investigations and enforcement matters from DC.

Characterised by its ‘solid technical background‘, the data, privacy and security team at King & Spalding LLP is noted for its threat mitigation work, alongside incident response matters, regulatory investigation defense, and large-scale data breach class action defense. Phyllis Sumner co-heads the team from Atlanta, the firm’s chief privacy officer and a go-to for high-profile data security and privacy incidents. Alongside Sumner are co-heads David Balser, Atlanta-based and recommended for data breach litigation, and government matters group head Zachary Fardon, turned to by clients for government investigation matters and white-collar litigation. Washington DC-based partner Robert Hudock, praised by clients for his ‘straight-forward, practical advice‘, advises clients experiencing and preparing for cyber-based attacks, also an area of strength for Elizabeth Adler in Atlanta.

‘A dynamic team that provides seamless advice‘, Linklaters LLP’s US data solutions, cyber and privacy team combines cyber security, incident response, regulatory guidance and data optimization to support both high profile technology companies and those in traditional industries. The team works closely with its colleagues in Europe, Asia, the Americas and the Middle East in providing global privacy advice. Team head Ieuan Jolly ‘is a master of his field‘, noted for his involvement in pioneering deals involving data assets alongside extensive experience in global security breaches. Kris Ekdahl, senior associate, ‘understands the technology sector extremely well’; his practice covers both compliance counselling and negotiating data transactions. Privacy litigation is an area of strength for senior associate Caitlin Potratz Metcalf. All mentioned team members are based in New York.

Manatt, Phelps & Phillips, LLP‘s privacy and data security is praised for its ‘collaborative nature’, advising clients across a wide range of industries with a focus on technology, financial services, and healthcare. Los Angeles-based Donna Wilson is a key name combining financial services industry expertise with experience in cyber risk management and enforcement actions. Practice head Brandon Reilly, who works out of Orange County, is recommended for his ‘awareness of ever-changing privacy-related trends‘, specifically noted for his advice regarding regulatory changes in California. For healthcare matters, New York-based Robert Belfort is a go-to. Scott Lashway and Christopher Lisy have left the firm.

Combining a ‘collaborative spirit’, a ‘deep understanding of people‘, and ‘significant knowledge and experience in the healthcare data privacy area’, the global privacy and cybersecurity group at McDermott Will & Emery LLP acts in transactional, compliance-based and risk management matters for a range of global clients. Practice head Michael Morgan works out of California, and is noted for his experience advising on the legal issues arising out of advanced technologies. Washington DC-based Elliot Golding, ‘a brilliant attorney that always comes up with practical, actionable solutions’, also stands out for his work with emerging technologies, while DC colleague Jiayan Chen is praised for the ‘practical and commercial approach‘ she takes to healthcare technology matters. In Boston, Edward Zacharias is a go-to for healthcare industry clients. Alexander Southwell joined the team in September 2024 from Gibson, Dunn & Crutcher LLP.

Incident response and crisis management form the cornerstone of the global cybersecurity and privacy team at Norton Rose Fulbright, which pairs ‘off the charts’ sector expertise with an ‘incredibly tight knit’ team to integrate into clients cyber programs. Global head of the practice group Chris Cwalina works out of Washington DC, leveraging in-house experience to manage large-scale data breaches and particularly recommended for his ‘relationship management and responsiveness‘, which is ‘unparalleled‘. In New York, David Kessler heads the US privacy offering from the team; his practice focuses on compliance and cross-border data transfers. Anna Rudawski, also in New York, is a go-to for clients concerning compliance with international, federal, and state privacy regulations. Andrea D’Ambra , head of the US technology team, along with head of digital analytics and technology assessment Steven Roosa, both in New York, are recommended alongside head of cybersecurity Will Daugherty in Houston.

The data security and in-house backgrounds of team members in the global privacy and security practice at Seyfarth Shaw LLP are leveraged to help clients proactively put in place incident prevention structures and build compliance programs. In Chicago, team co-head Scott Carlson boasts experience as a software engineer and advises clients on matters including compliance, incident response, and policy development. Co-head John Tomaszewski, based in Houston, has a specialism in cross-border information security matters. Bart Lazar is noted for longstanding experience in the sector, working out of Chicago with matters including reviewing the data collection practices of clients. Also in Chicago, Jason Priebe focuses on information governance and privacy compliance matters.

The privacy and cybersecurity practice group at Sheppard, Mullin, Richter & Hampton LLP is a go-to for high-profile brands and retailers, advising on the development of compliance policies along with preparation for and response to data security incidents. Liisa Thomas, based in Chicago, co-heads the practice and brings global experience to international data concerns and digital advertising matters; co-head Craig Cardon works out of Century City and has particular intellectual property expertise. In California, Del Mar-based Wynter Deagle designs and implements privacy and cybersecurity compliance programs, while Moorari Shah in Los Angeles advises on federal consumer protection laws and regulations and Rachel Hudson in San Francisco, leads the firm’s retail, fashion and beauty team with notable reference to the collection and use of data in these industries. For disputes based work, privacy litigation specialist Kari Rollins is noted in New York while Century City’s Jay Ramsey heads the firm’s consumer class action defense team.

Relied upon by clients ‘for thoughtful and nuanced advice‘, Shook, Hardy & Bacon LLP‘s privacy and data security practice handles incident response matters, compliance strategy development, risk management, and privacy litigation. Al Saikali heads the team from Miami, bringing privacy litigation expertise with specific experience in wiretap lawsuits. Colman McCarthy, based in Kansas City, leads the team’s incident response work, including overseeing forensic investigations and assistance with regulator inquiries. Camila Tobón ‘offers extraordinary levels of partner engagement and knowledge’, assisting clients with data security compliance, AI governance and information governance from Denver. In Chicago, Matthew Wolfe chairs the firm’s biometric privacy practice, particularly experienced with class actions in the sector. Jonathan Wilson, senior counsel based in Washington DC, acts as a member of the firm’s incident response task force, including directing third-party forensic investigations.

The privacy and cybersecurity team at Sidley Austin LLP leverages its data breach incident response experience to offer proactive breach counseling, compliance advice and support in government investigations. The Washington DC-based team is co-headed by David Lashway and Alan Charles Raul; Lashway is noted for his cybersecurity expertise, including crisis management, misinformation and trade secret theft, while Raul advises a range of tech, telecom, software and financial clients experiencing major cyber and privacy incidents, bolstered by his experience in government work. Colleen Theresa Brown is a go-to for litigation and regulatory defense, alongside assessing the privacy and cyber risk in data-heavy acquisitions. John Woods is recommended for cyber resilience advice and data governance matters. Sean Royall departed the team in August 2023.

Skadden, Arps, Slate, Meagher & Flom LLP ‘s cybersecurity and data privacy team supports clients across the aerospace, defense, finance, healthcare and telecommunications sectors with particular expertise handling large-scale data breach matters and cyberattacks. David Simon joined the team in July 2023 from Mayer Brown, dual qualified across the US and EU and bringing government experience to co-heading the practice group from Washington DC. Fellow co-head WIlliam Ridgway, based in Chicago, advises clients on sensitive cybersecurity, data privacy and white collar matters, benefitting from previous experience as a federal prosecutor. Michael Leiter heads the firm’s national security practice in DC.

Clark Hill Plc‘s cybersecurity, data protection and privacy team combines legal advice, technical support, and crisis communications to combat complex data and privacy challenges. Lara Forde, based in Houston, co-leads the practice group with Chicago’s Melissa Ventrone, whose practice involves managing incident response logistics, managing data and security risks, and representing clients in cybersecurity litigation. In San Diego, Myriah Jaworski leads the firm’s privacy, cyber and technology litigation team, handling data protection and cyber lawsuits in state and federal courts including complex data breach class actions. Chirag Patel, based in Chicago, is recommended for his ‘level of detail‘.

Crowell & Moring LLP‘s regulatory: privacy and cybersecurity team ‘is exceptional in its depth of experience‘, counselling clients on compliance with new state laws, including the California Consumer Privacy Act, and internationally, including with GDPR. Co-chair of the practice Evan Wolff is based in Washington DC; drawing on his ‘strong technical and legal background’, Wolff leads complex cybersecurity incident responses and advises on strategy to mitigate risk. Also in DC, co-head Jeffrey Poston is recommended as ‘practical and professional’, experienced with data breach matters and the regulatory investigations that could follow.

Davis Polk & Wardwell LLP‘s data privacy & cybersecurity offering works with a range of clients including social media companies, financial institutions and investment firms, leveraging its litigation, regulatory and transactional expertise across the firm to handle data and technology driven matters. Robert Cohen, co-head of the team, brings experience at the SEC to regulatory matters and investigations from Washinton DC. Co-heads James Haldin and Matthew Bacal are based in New York; Haldin focuses on data privacy and compliance matters while Bacal’s work spans IP, technology, media and data, with experience advising around the development and use of generative AI.

The privacy and cybersecurity team at Dentons provides a range of advice to clients enhancing their data practices, mitigating threats, and complying with changing regulations both across the US and globally. The team collaborates with the wider firm’s global network to respond to data security issues. Practice head Todd Daubert, based in Washington DC, has particular experience advising sporting complexes with their data collection, processing, and governance needs. Managing associates William Krouse, also in DC, and California-based Jacqueline Scott are also recommended.

The privacy and data security group at Frankfurt Kurnit Klein & Selz PC is ‘extremely capable, super responsive’ and ‘front of the pack when it comes to new state law’, providing strategic advice on compliance and regulatory preparedness, as well as response to regulatory investigations and security incidents. Group chair Daniel Goldberg ‘is an upcoming leader in this space‘, based in Los Angeles and recommended for his in-depth data expertise and particularly experienced in advertising technology. Rick Borden, praised for his ‘commercially oriented thinking’, leads the firm’s cybersecurity and fintech practices from New York.

The data privacy and cybersecurity team at Greenberg Traurig LLP provides a ‘best in class service‘, its client base spanning the technology, e-commerce, financial services, and healthcare sectors. Gretchen Ramos, global co-head of the practice group, works out of San Francisco and is particularly sought after by major technology companies. ‘Smart, straightforward and talented’ Jena Valdetero co-chairs the US team from Chicago, leading data breach response efforts and defending clients against privacy and data breach litigation, include class action matters. Denver-based David Zetoony rounds out the team leadership, valued by clients for his ability to provide ‘clear actionable guidance’.

Hintze Law specializes in privacy and data security, combining in-house experience with technical expertise and standout subject matter knowledge. Its work spans regulatory and public policy concerns, global privacy and data compliance, and is notably growing in the area of AI & financial services, advising on privacy and ethical issues in the development of AI tools. Managing partner Susan Hintze provides strategic counselling on privacy design and compliance issues from Seattle, often working with high profile clients and their complex concerns. Mike Hintze, also in Seattle, pairs ‘a uniquely practical approach‘ with ‘unsurpassed knowledge of privacy laws‘, advising global leaders in the social networking space. Chicago-based Sheila Sokolowski is a go-to for health and biotech related matters; in Ohio, Jennifer Ruehr specializes in workplace privacy issues.

Recommended for its ‘strong knowledge of cyber law in US’ and internationally, the data strategy, security and privacy team at Holland & Knight LLP fields a growing team of experienced practitioners with expertise in data-driven project counselling, technology related transactions and government policy compliance. Team head Mark Melodia, in New York, combines consumer class action defense experience with cyber law knowledge to support clients through investigations and disputes related to data security -in Philadelphia, Paul Bond is another key name for disputes matters. Atlanta-based Elizabeth Hinson is a go-to for incident response matters. Wendell Bartnick departed the team in March 2023.

The data privacy and security team at McGuireWoods LLP is recommended for its ‘depth of knowledge‘, experienced in the development and implementation of privacy policies along with incident response and planning. Andrew Konia heads the Virginia-based team from Tysons, with Janet Peyton among the team members in Richmond. The pair are described as ‘exceptional’; Konia focuses on preventative measures to protect against breaches, while Peyton combines intellectual property and data privacy expertise. In New York, Anne Peterson handles breach response matters along with regulatory compliance.

The growing data privacy & cybersecurity team at Paul Hastings LLP was bolstered by the July 2023 addition of Ryan Phair and Carter Simpson, formerly of Hunton Andrews Kurth LLP. Global chair of the practice group Aaron Charfoos, based in Chicago, is a go-to for litigation matters. Washington DC-based Phair is recommended as a ‘highly-experienced and skilled litigator‘; Simpson, also in DC, is experienced in the defense of punitive class action arising from data breach. Sherrese Smith boasts in-depth expertise regarding data privacy and security laws both within the US and internationally, based in DC. Jacqueline Cooney departed the team in June 2023. Michelle Reed joined the team in Dallas from Akin in July 2024.

Paul, Weiss, Rifkind, Wharton & Garrison LLP ‘s privacy and data security offering advises large scale companies on complex, high-stakes cyber incidents, national security, and data privacy compliance. Co-chair of the group Jeh Johnson is lauded by clients as ‘a trusted advisor with profound insights’, operating out of both the Washington DC and New York offices. A former Secretary of Homeland Security, Johnson provides board-level cybersecurity advice. John Carlin co-chairs the group from DC, handling white collar defense, internal investigations, and incident response and leveraging previous Department of Justice experience to advise on national security and cybersecurity matters.

The privacy, cybersecurity and data strategy team at Willkie Farr & Gallagher LLP supports clients in a range of digital innovation, cyber risk, and data breach legal and policy issues, including those involving generative AI. DC-based co-chair Laura Jehl is particularly experienced in AI and emerging technologies matters, combining business and legal expertise. Also in DC, co-chair Daniel Alvarez is noted for his work with innovative data uses along with crisis management experience. Ben Hur  handles data privacy litigation from the firm’s base in San Francisco, litigating both federally and on a state level for technology companies of all sizes. Susan Rohol joined the team in September 2023, bringing in house privacy expertise to her work across the Los Angeles and New York offices.

Winston & Strawn LLP‘s global privacy and data security practice group covers the full spectrum of privacy matters, including knowledge of evolving regulatory changes and specialised healthcare sector expertise. ‘Excellent’ Sean Wieber co-heads the team from Chicago, recommended for privacy litigation matters across the banking, retail, technology and telecommunications industries. Also in Chicago, co-head Alessandra Swanson is noted for expertise regarding internal privacy investigations, regulatory defense, and breach response. Working across Los Angeles and Chicago, 2023 partner Kevin Simpson focuses on class action defense in the sector. Former practice co-head Sheryl Falk  retired in August 2023.