Baker McKenzie LLP assists multinational conglomerates in their data governance programs, covering AI, cyber and privacy compliance and risk management connected to product launches. The firm also handles data privacy and security issues connected to M&A transactions and data-sharing agreements. It is experienced in triaging international and cross-market data breaches. Brian Hengesbaugh, who co-leads the practice from Chicago, is an expert on data privacy, cybersecurity, AI and ad-tech issues. Justine Phillips, the Los Angeles-based lead, advises clients on pre- and post-data breach matters, including data and cyber litigation. Leading from New York, Cyrus Vance is an expert in cyber risks relating to critical infrastructure. Lothar Determann, in Palo Alto, advises TMT and healthcare clients on cybersecurity, data privacy and IT commercialization. Houston-based Rachel Ehlers specializes in the implementation of evolving technologies, both as products and as internal tools. Jonathan Tam, who operates out of San Francisco, is well-versed in data regulation across the globe, with experience in GDPR, CCPA, HIPAA and COPPA. Within the Chicago office, Cristina Messerschmidt regularly advises pharmaceutical and medical device companies, healthcare providers and financial institutions. In February 2024, Teresa Michaud left the firm.

Advising global tech and software companies, Cooley LLP offers both general compliance advice as well as incident response support for data breaches, credential stuffing attacks and ransomware attacks. The firm is experienced in cyber-related litigation, including class actions, at the state, federal and international levels. It is also knowledgeable of data and privacy issues surrounding generative AI. Splitting his time between Washington DC and San Francisco, Travis LeBlanc is an expert in regulatory enforcement investigations and compliance for cyber and privacy regulations. Matthew Brown, who is based in San Francisco, is a seasoned defense litigator and advisor in government investigations. Divided between Chicago and New York, Tiana Demas supports clients in FTC regulatory enforcements and cybersecurity program assistance. DC-based Michael Egan provides cybersecurity preparedness and response support and has further expertise in cross-borders data flows. Los Angeles-based Teresa Michaud joined the team from Baker McKenzie in February 2024, whilst Kristen Mathews joined from Morrison Foerster in September 2024. Ben Hur  joined the firm in 2025 from Willkie Farr & Gallagher LLP.

A team with a ‘a range of expertise in US and international privacy and data protection laws’, the DLA Piper LLP (US) supports clients in their data privacy and compliance programs. The firm leverages its global office network to further assist its clients with cross-border issues. It is also a seasoned advisor in incident response matters, including data breaches, IT outages and cyberattacks. Based in San Diego, Andrew Serwin leads the team, supporting clients in fintech companies, IT service providers and pharmaceutical companies. Miami-based Carol Umhoefer is well-versed in advising multinationals in their expansions into new markets across the world. Kate Lucente, in the Seattle office, acts as incident response counsel, as well as risk management and governance advisor, to games companies and automobile manufacturers. Dallas-based Hayley Curry supports clients in cyber and privacy matters. James Sullivan departed from the practice in January 2024.

‘A pragmatic minded team with commercially sensitive leaders’, Hogan Lovells US LLP supports a wide range of market-leading companies, with especial strength in the application cybersecurity and AI advice in the sports and health sectors. The firm leverages its global network of cyber and data specialists to assist clients with market entries and global privacy controls. It is also highly knowledgeable of regulations and risk managements relating to machine learning and biometric controls. Scott Loughlin, who heads the team, advises on global compliance and privacy issues, with experience in new technologies including AI, blockchain and virtual reality. Marcy Wilder is an expert in privacy, cybersecurity and data protection in the health sector. Bret Cohen focuses on global privacy frameworks, such as GDPR, PIPL and LGPD. Paul Otto supports clients in cybersecurity assessments and incident investigations. Mark Brennan advises clients on privacy investigations, TCPA matters and AI-related compliance programs. All named lawyers are based in Washington DC. In August 2024, Peter Marta left the firm.

Hunton Andrews Kurth LLP advises clients on data privacy law compliance at the state, federal and global level, including advising clients on their data transfer strategies under the EU-US Data Privacy Framework. The firm also assists with cybersecurity preparedness plans and handles data issues around AI and biometrics. Lisa Sotto, the practice head, focuses on cybersecurity incident response and AI governance projects. In the Washington DC office, Phyllis Marcus is a market-leading expert on children’s privacy, specializing in the impact of adtech and digital environments on children. Aaron Simpson supports private equity firms and pension funds on transatlantic privacy and data security matters. Brittany Bacon is noted for her knowledge in comprehensive privacy and cybersecurity projects. Adam Solomon is an expert on privacy and data monetization compliance programs, whilst Michael La Marca focuses on matters regarding emergent technologies, such as machine learning. Danielle Dobrusin regularly advises clients on the CCPA and CPRA. All mentioned lawyers are based in New York unless stated otherwise.

Latham & Watkins LLP is highly experienced acting as defense counsel for clients in class action litigation as well as regulatory investigations and enforcement proceedings brought by the SEC and FTC. The firm also supports clients with incident response matters concerning ransomware attacks. Its clientele includes tech companies, sports teams, oil & gas distributers and life sciences companies. Michael Rubin spearheads the team from San Francisco and advises on global regulatory investigations and data breach litigation. Jennifer Archie specializes in defending clients before the FTC, DHS and state attorneys, while Antony Kim guides clients through cyberattack and data breach responses. Serrin Turner, based in New York, is highly knowledgeable in SEC enforcement actions and class action litigations. Marissa Boynton advises multinational corporations in healthcare, retail, professional services and tech. Clayton Northouse supports clients with global privacy and cybersecurity governance. Unless stated otherwise, mentioned lawyers are based in Washington DC.

The ‘incredibly experienced’ team at Morrison Foerster supports clients in a range of privacy litigation, including over data breaches, data security, HIPAA, FCPA, TCPA, COPPA and ECPA. The firm is also well-versed in multistate attorney general investigations and FTC investigations. It advises clients in data security incidents in the public and private sectors, and it supports clients in AI-related privacy issues. Miriam Wugmeister oversees the team, supports companies with incident response plans and execution of global compliance strategies. Marian Waldmann Agarwal supports clients with privacy and data protection laws in across the globe. Purvi Patel, in Los Angeles, is an expert advisor to retail and e-commerce companies. San Francisco-based Tiffany Cheung supports clients in class actions suits concerning privacy law, including over AI and wiretapping. Based in Washington DC, Melissa Crespo is well-versed in healthcare privacy, with expertise in the HIPAA framework. All mentioned lawyers are based in New York unless stated otherwise. Kaylee Cox Bankston and Boris Segalis joined the firm from Goodwin in March 2024. Kristen Matthews exited in September 2024.

Supporting clients in their contentious and non-contentious matters, Orrick, Herrington & Sutcliffe LLP advises on class actions brought against major corporations as well as cross border compliance projects, concerning both privacy and data transfer. The firm frequently assists with the internal and external use of AI. When necessary, the firm is also able to guide companies through the crisis response process. The team is led by Shannon Yavorsky in San Francisco, who advises on global privacy, cybersecurity and AI regulatory matters. Heather Egan is based in Boston, focusing on cybersecurity, privacy and information management. Based in Washington DC, Thora Johnson is an expert in the handling of health data, regularly designing compliance programs. Both in the Boston office, Aravind Swaminathan supports clients in cybersecurity incidents, high-stakes litigation and enforcement actions, while Joe Santiesteban advises telecoms and entertainment companies on crisis management. Also working in Boston, Emily Tabatabai is instructed on privacy, consumer protection and online safety matters. The San Francisco-based Michelle Visser is a seasoned litigator in the tech space, supporting clients in cyber, privacy and online safety matters.

‘Uniquely’ positioned to advise in the digital advertising space, the team at Venable LLP contains experts in the adtech sector, advising on data privacy in the social media, education, automotive, healthcare and entertainment sectors. In addition, the firm regularly handles AI-related matters. It also handles investigations and regulatory developments made by the FTC and state attorney generals. The team, which operates out of Washington DC, contains Kelly DeMarchis Bastide, who advises on privacy compliance, and Stuart Ingis, an advisor to trade associations and coalitions on privacy issues. Emilio Cividanes supports clients with the implementation of regulatory and litigation strategies concerning data privacy. Michael Signorelli is frequently instructed by marketers, advertisers, data providers and streaming platforms. Julia Tama is also noted for her work on financial, children’s and health privacy. Desirée Moore joined the firm from K&L in December 2023 followed by Emily Keimig and Jessica Arett from Sherman & Howard LLC in May 2024.

Akin is at the forefront of emerging state privacy law, regularly advising clients on the new California Consumer Privacy Act. The firm is also experienced in government and internal investigations brought due to cybersecurity and data privacy concerns. Its sector expertise covers a wide variety of industries, including the financial sectors, healthcare, retail and defense sectors. Located in San Francisco, Natasha Kohne heads the team, advising on AI regulation and representing in investigations and class action. Jo-Ellyn Sakowitz Klein, found in Washington DC, is an expert on a range of regulatory frameworks, such as HIPAA, HITECH, CCPA and the FTC Act. Jo-Ellyn Sakowitz Klein, located in California, is seasoned in consumer and data privacy class actions. Peter Altman works from Los Angeles and advises clients in the public and private sectors, representing companies in government enforcement procedures. Dario Frommer left the team in May 2024, followed by Corey Roush in June 2024 and Michelle Reed in July 2024.

BakerHostetler's team is highly knowledgeable in incident response and attorney general investigations, supporting companies in the healthcare, financial services, tech and education sectors. The firm is particularly experienced in data breach-related matters, including ransomware attacks. It also advises companies on AI and blockchain issues. Theodore Kobus III, who is well-versed in class action defense and regulatory suits, leads the team from New York. Cincinnati-based Craig Hoffman is an expert on payment card security incidents. In the Houston office, Lynn Sessions is adept at handling cybersecurity incident response and regulatory investigations, particularly within the healthcare sector. Denver lawyer Casie Collignon is an expert litigator in privacy class action defense. Jennifer Mitchell is based in Los Angeles and advises on compliance matters concerning GDPR, HIPAA and CCPA. In November 2024, Raymond Aghaian joined the team.

Debevoise & Plimpton LLP ‘has significant expertise and delivers quality work’, advising global clients on incident response matters and investigations brought by state attorney generals. The firm is experienced advising clients on the SEC cybersecurity rules. Its members include experts on privacy, AI, M&A due diligence and data governance. Both leading the practice, Washington DC-based Luke Dembosky specializes in cyber risk management and internal investigations, while Avi Gesser supports private equity funds, insurance companies and hedge funds in ransomware and nation-state cyber attacks. Erez Liebermann is knowledgeable of data-related regulatory requirements, and Jim Pastore is an expert litigator in the cyber field. Matt Kelly leverages his expertise in governance, compliance and risk management matters relating to AI. Unless otherwise stated, lawyers are based in New York.

Dechert LLP is a highly versed litigation expert, representing clients in class actions and DOJ and state attorney general enforcements. The firm acts in disputes concerning AI, machine learning and consumer protection. It also regularly advises clients on cyber incidents, including ransomware attacks and data breaches. The team is led from Boston by Brenda Sharton, is a seasoned advisor in data breach investigations and cyberattacks. Also in Boston, Timothy Blank advises on compliance matters concerning US and EU privacy laws. Based in Los Angeles, Benjamin Sadun is an expert in issues surrounding AI, large language models and biometrics. Hilary Bonaccorsi, who specializes in the design and application of compliance programs under the FTC Act, CCPA and GDPR, works from Charlotte, North Carolina.

‘Truly global, with expertise in all of the major regions of the world’, Eversheds Sutherland supports major international corporations on privacy and data security matters in a wide range of industries, including banking, consumer goods, healthcare, life sciences, media and tech. The firm advises on regulatory frameworks from the state to international level, such as COPPA, HIPPA, GDPR and PIPL. It is also able to leverages its international network of offices to enhance its advice. Michael Bahar is based in Washington DC and advises on data security and privacy. Bahar leads the practice alongside San Francisco-based Brandi Taylor, who specializes in the emerging state privacy laws, and Atlanta-based Rachel Reid, an expert on AI regulation and deployment. Mary Jane Wilson-Bilik, who works from DC, is well-versed in CCPA, FCRA and GDPR compliance. Made partner in January 2025, Alexander Sand is located in Austin, Texas and is an expert in cybersecurity and virtual currency regulation.

Gibson, Dunn & Crutcher LLP contains seasoned advisors in major regulatory investigations and litigation, including acting in class actions and suits brought by state attorney generals following major data breaches. It is also well-versed in privacy violations and data misuse allegations. Ashlie Beringer, based in Palo Alto, advises media and tech companies on compliance issues regarding privacy, cybersecurity, the blockchain and AI. Advising from New York, Lauren Goldman is an expert litigator in class actions, representing clients in proceedings brought under the TCPA, the Wiretap Act and new state privacy laws. Jane Horvath, in Washington DC,  specializes in multijurisdictional privacy matters, working with regulators and policy makers. Rose Ring regularly represents clients in social media, online advertising AI and cloud platforms. In September 2024, Palo Alto-based Keith Enright joined from an inhouse position at Google, and Alexander Southwell left the practice.

‘A leading firm nationally’, Jones Day runs the gamut of data protection and data privacy matters. The firm is expert in a range of emergent tech, including generative AI, autonomous vehicles, the internet of things, gaming, and satellite tech. It provides national and international incident response support as well as representation in regulatory investigations and litigation. ‘Truly a superstar’, Lisa Ropple, leading the team from Boston, acts for clients in government enforcements, regulatory investigations and class actions. New York-based Mauricio Paez is ‘a trailblazer in global privacy assessments and tech transactions’, with expertise in both terrestrial and space-based commercial data services. Working in California, John Vogt specialises in class actions over the theft of consumer data and healthcare records. Atlanta-based Mary Alexander Myers is noted for her work in the healthcare, gambling and financial services sectors. Ryan Blaney joined the Washington DC team from Proskauer Rose LLP in February 2024.

Linklaters LLP has a wide range of experience in international cyber and data law matters, advising on the implementation of compliance programs, incident response and governance work. The firm also specializes in the commercialization of data in an array of industries. It is highly knowledgeable in matters concerning emergent technologies, including AI, adtech, biometric and geolocation capabilities. Ieuan Jolly is the New York-based practice head, specializing in data commercialization. Caitlin Potratz Metcalf, in Washington DC, focuses on multi-jurisdictional privacy matters. In New-York, Kris Ekdahl is well-versed in state and federal privacy laws, while Ekta Oza advises on privacy regulatory compliance and cybersecurity incidents.

‘An excellent resource’, Mayer Brown covers global data breaches and putative class actions in a wide range of industries, including tech, social media, food & beverages and financial services. It is also well-versed in compliance matters for AI and privacy issues. Leading the team from Washington DC, Rajesh De specializes in AI, national security, enforcement and privacy. Stephen Lilley, also in DC, advises on internet of things, medical devices and critical infrastructure. Arsen Kourinian works in Los Angeles, advising on adtech, cross-border data transfers and M&A-related privacy and security due diligence. Splitting his time between DC and New York, Adam Hickey is an expert on combating cyber threats in the private sector and critical infrastructure. Dominique Shelton Leipzig left the firm to an inhouse position in October 2024.

McDermott Will & Emery LLP assists international corporations in investigations, defenses against enforcement, privacy litigation and data breach response. The firm’s investigations experience includes those brought by the FTC, OCR, FCC and state attorney generals. Its clientele is broad, with companies from the life science, tech, telecoms, financial services, media and automotive sectors. The team is led by Michael Morgan from Los Angeles and Silicon Valley, advising both on incident response and data monetization. Edward Zacharias, based in Boston, specializes in the healthcare sector as does the Chicago-based Daniel Gottlieb, whose clients include health IT vendors, healthcare providers, health plans, universities and life sciences firms. Joining from Gibson, Dunn & Crutcher LLP in September 2024, Alexander Southwell works from New York, focusing on litigation and investigation relating to the tech sector. Scott Weinstein  left for an in-house position in April 2024.

‘The ultimate strategists’, Quinn Emanuel Urquhart & Sullivan, LLP maintain a broad expertise in different industries, from mobile apps and digital advertising to healthcare and insurance. It has particular strength representing its clients in class actions, concerning data breaches and ransomware attacks. Splitting their time between Los Angeles and New York, Stephen Broome practices in security and data privacy investigations brought by the government and regulators, while Viola Trebicka advises on data privacy, data security, the use of AI and IP. Working in New York, Jennifer Barrett is an expert in data breach responses, with clients in banking, insurance, publishing and marketing. Los Angeles-based Alyssa Olson is noted for her work in data privacy class actions.

Operating out of Washington DC, the team at WilmerHale is highly knowledgeable of the healthcare sector, advising on sensitive data breaches response. The firm’s expertise stretches to class actions and investigations before the FTC, state attorney generals and federal regulators. Its wider industry knowledge includes the retail, manufacturing, adtech, ecommerce and financial sectors. Kirk Nahra, who represents clients in enforcement actions and regulatory investigations at the state and federal level, and Benjamin Powell, an advisor on incident response and preparedness, head the practice. Advising on data security and privacy issues in M&A transactions, Jason Chipman is also noted within the team. In January 2025, Arianna Evers, experienced in AI-related issues, was made partner. Ali Jessani brings experience in privacy, cybersecurity and data protection regulation to the practice.

Standing out for its lawyers’ ‘technical expertise’, Alston & Bird LLP advises clients on cybersecurity preparedness, privacy and data protection compliance. The firm guides clients through compliance programs and has expertise in data breach responses relating to ransomware attacks, including attacks brought by nation states. The team is led by Atlanta-based David Keating, who advises on national and international data protection matters, and Washington DC-based Kimberly Peretti, an expert in the healthcare, hospitality, telecoms and insurance industries. In Atlanta, Maki DePalo assists clients with state privacy law compliance programs, while Kellen Dwyer is an experienced cyber litigator, working in Washington DC.

Cleary Gottlieb Steen & Hamilton is highly knowledgeable of the privacy and data security issues surrounding major M&A transactions across industries. The firm is also well-versed in providing support in incident response, data breach litigation, enforcement actions and corporate governance. Working from the New York office, practice head Daniel Ilan specializes in data, AI and tech transactions for major multinational corporations and private equity firms. Marcela Robledo is based in San Francisco and maintains expertise in data privacy for tech companies. Melissa Faragasso brings experience in AI-related matters, while New York-based Rahul Mukhi focuses on cybersecurity issues, from data breach and ransomware attacks to regulator inquiries. Also in New York, Jonathan Kolodner supports clients in cyber compliance programs.

Based in New York, Davis+Gilbert LLP is highly experienced in data and privacy issues concerning adtech and advertising-related matters, advising leading players in this space. The firm’s experiences includes advising on ad fraud, affiliate marketing and the application of emerging technologies, including AI. It is also experienced in providing crisis management supports, relating to data breaches and regulatory inquiries. The team is led by Richard Eisert, an experienced litigator for IP and tech matters, and Gary Kibel, who advises on the CCPA, GDPR and recent legislation. Within the team, Zach Klein is well-versed in data security incidents and breach response, while Jeremy Klein advises clients on the collection, use and transfer of information. Oriyan Gitig is also recommended.

Fenwick & West LLP advises private and public sector clients on privacy and data security matters, including reviews of governance and policies as well as in class actions. The firm is also well-versed in cutting-edge technologies, including adtech, AI, autonomous vehicles, cryptocurrency and geolocation data. Members of the team regularly work with the firm’s wider departments, with particular experience support the M&A team in transactions. The team is overseen by the San Francisco-based Tyler Newby, a specialist in privacy and data security litigation, and the Washington DC-based Michael Sussmann, who enhances the firm’s expertise in cybersecurity. In New York, David Feder supports tech and life sciences companies in government investigations and regulatory litigation. Made partner at the start of 2025, Ana Razmazma, who is based in Silicon Valley, is very experienced in M&A-related privacy issues. Brent Tuttle work in the San Francisco office, advising on the privacy and cybersecurity issues in new products.

Freshfields advises clients as claimants and defendants in a wide array of litigation, including class actions and enforcement actions. Its lawyers are experienced in forensic investigations as well as in conducting reviews of company governance policies. Working in Silicon Valley and New York respectively, Christine Lyon, an expert in privacy programs, GDPR and CCPA, and Timothy Howard, a specialist in white-collar crime and data protection, oversee the practice. Advising on risk management and governance, Beth George is based in Silicon Valley. Washington DC-based Brock Dahl is expert in global incident response. Megan Kayo, in Silicon Valley, leads forensic investigation and global response.

The lawyers at Kelley Drye & Warren LLP are well-versed in the enforcement of COPPA, GLBA and the Fair Credit Reporting Act as well as FTC and state attorney general investigations. The firm is a frequent advisor in compliance matters concerning privacy and data protection. Alysa Hutnik leads the team, advising on investigations, enforcement actions and disputes. Lauri Mazzuchetti, based in New Jersey, advises telecoms, retailers, food companies and emergent tech companies. Aaron Burstein is an expert in data security, privacy and consumer protection law. Kate White adds investigatory, enforcement and compliance knowledge. Laura Riposo VanDruff is noted for her work in FTC and state attorney general investigations. Unless specified otherwise, lawyers are based in Washington DC.

Advising on FTC, DOJ and SEC investigations and enforcement actions, King & Spalding LLP is well-versed in federal regulatory matters, in addition to investigations brought by state attorney generals and regulators. The firm is adept at providing incident response support and assisting in incident preparedness. It is also expert in class action defense. Phyllis Sumner leads the team from Atlanta, advising corporate boards and senior executives in their incident response processes. In Washington DC, Robert Hudock advises healthcare and financial services companies, conducting risk assessments and IT audits. Working in the Atlanta office, Elizabeth Adler in privacy and data breach class actions.

Offering ‘well-reasoned advice in a prompt manner’, Manatt, Phelps & Phillips, LLP covers the spectrum of cyber law matters, from program development and incident preparedness to reactive incident response, regulatory investigations and litigation defense. The firm advises clients on the various state and federal privacy legislation as well as on the TCPA. The team is led by the ‘exceptional privacy attorney’ Brandon Reilley in San Francisco, who is well-versed in compliance, regulatory and incident response matters. Working in Boston, Amy MacDonald is a noted privacy and data security advisor. Paul Luehr, based in Washington DC, specializes in HIPAA, GDPR and state privacy law advice. In April 2024, Kareem Salem and Jessica Sklute joined from BakerHostetler and Schulte Roth & Zabel LLP. Scott Lashway and Christopher Lisy left the firm in May 2024.

Norton Rose Fulbright is highly experienced in incident response and crisis management, including assisting clients with their investigations. The firm’s industry expertise includes the real estate, life sciences, healthcare, retail, insurance, telecoms and aviation spaces. In New York, Andrea D’Ambra focuses on data privacy, e-discovery and cybersecurity, while David Kessler advises clients in compliance matters concerning HIPAA, COPPA and FERPA regulations. Also in New York, Steven Roosa is an expert in biometric matters. Chris Cwalina, working from Washington DC, supports in cybersecurity and privacy compliance issues. Based in Houston, Will Daugherty acts on incident response, class action and investigations. Susana Medeiros, in the New York office, supports clients in cyber incidents and in information governance.

Paul Hastings LLP offers expertise in class action defense for its clients, acting in a range of industries. The firm also acts for clients in regulatory investigations brought by state attorney generals and federal regulators, including the SEC, FCC and SEC. The Chicago-based Aaron Charfoos, an experienced litigator and privacy lawyer, and Dallas-based Michelle Reed, who acts in regulatory and enforcement matters, lead the team. Located in Washington DC, Sherrese Smith specializes in privacy and security law in the media, tech, retail and life sciences fields.

The ‘exceptional’ Reed Smith LLP team boasts knowledge in a wide range of industries, including financial services, manufacturing, food & beverage, healthcare, energy and IT. The firm advises on generative AI issues as well as on technology related M&A transactions. Robert Newman, who focuses on privacy, marketing and IP issues, and Idara Udofia, whose data protection expertise includes understanding of CCPA, COPPA and BIPA, lead the team from Chicago. Catherine Castaldo is the New York-based practice head, advising on incident response, investigations and regulatory matters. In San Francisco, Sarah Bruno is well-versed in the entertainment, beauty, consumer goods and healthcare sectors. Wendell Bartnick, operating in the Houston office, advises on compliance of federal and state privacy law compliance. Tyler Thompson joined the firm from Greenberg Traurig, LLP in September 2024.

Seyfarth Shaw LLP is experienced in supporting clients in both incident response and a wide array of disputes, including litigation and arbitration. The firm advises on cutting edge technologies, assisting with AI, biometrics, website tracking and the Internet of Things. The team is led from Houston by John Tomaszewski, a privacy specialist with multi-jurisdictional compliance expertise. Bart Lazar works in Chicago, acting on privacy and security matters. Also in Chicago, Jason Priebe focuses on the development of policies for the handling, transfer and disclosure of information. Karla Grossenbacher, who is based in Washington DC, is an expert on workplace privacy, including on data breaches involving employee information. In November 2024, Scott Carlson retired from practice.

Sheppard, Mullin, Richter & Hampton LLP possesses notable expertise in putative class action defense, supporting clients across industries in their matters. The firm is well-versed in data breach incidents and privacy compliance, both at the state and federal level. In Los Angeles and Chicago respectively, the team is led by Craig Cardon and Liisa Thomas, who focuses on privacy and advertising matters. Wynter Deagle, based in Del Mar, is an experienced defense litigator in both individual and class actions relating to privacy and cybersecurity. Rachel Hudson brings privacy and advertising expertise to retail, fashion and beauty companies. Kari Rollins is adept in international commercial arbitration contexts.

Regularly representing clients in class actions and arbitrations, Shook, Hardy & Bacon LLP has expertise in cases relating to data breaches, biometric privacy and adtech, including website tracking. The firm is additionally skilled in incident response support and incident preparedness, advising on both state and federal law compliance. The team is overseen by the Miami-based Al Saikali, who is experienced in cybersecurity incident response and ransomware attacks. Colman McCarthy, located in Kansas City, supports clients in  the retail, entertainment, financial, healthcare, education and government sectors. In Denver, Camila Tobón is expert in privacy and security compliance as well as AI governance. Also in Denver, Josh Hansen focuses on privacy policies and their compliance with domestic and international privacy laws. Jad Sheikali joined in October 2024 from Honigman Miller Schwartz and Cohn LLP.

Sidley Austin LLP has a broad spectrum of expertise, advising on internal investigations, data breach litigation and generative AI initiatives. The firm’s clients cover a wide range of sectors, including technology, life sciences, defense and finance. David Lashway, an advisor on crisis management and investigations, and Alan Charles Raul, who advises tech, telecom and software clients, oversee the practice. Colleen Theresa Brown provides litigation and regulatory defense as well as support in internal investigations. Jennifer Seale is expert in regulatory compliance and data breach response. Jonathan Wilan specialises in compliance technology implementation. All mentioned lawyers are based in Washington DC.

With an international network, Skadden, Arps, Slate, Meagher & Flom LLP offers comprehensive data and cybersecurity support in cross-border matters. The firm’s experience includes advising on incident response, data protection, privacy and AI-related challenges. The team is led by the Chicago-based WIlliam Ridgway, an expert in incident response and white collar matters, and Washington DC-based David Simon, who advises on cyber, AI and privacy. Also in Washington DC, Joshua Silverstein solidifies the team’s expertise in white collar crime investigations. Located in New York, Lisa Zivkovic focuses on global data privacy compliance, cyber fraud and data protection.

With ‘deep cyber expertise’, the team at Crowell & Moring LLP supports companies in investigations and incident response issues, both relating to cybersecurity and data privacy. The firm’s experiences includes breaches caused by nation states and criminal groups. It is also experienced in state, federal and international compliance. Jeffrey Poston, who acts in regulatory investigations and class actions, and Evan Wolff, who advises on cybersecurity incidents and data breaches across the globe, oversee the team. Matthew Welling adds M&A experience to the team. Jennie VonCannon, in Los Angeles, conducts internal investigations and supports in enforcement actions. Members are based in Washington DC unless otherwise specified.

Davis Polk & Wardwell LLP regularly advises social media companies, financial institutions, investment firms and industrial manufacturers across issues of cyber law and data privacy. The firm is knowledgeable of national and international privacy frameworks and supports clients in licensing agreements and regulatory investigations. James Haldin, an expert in administrative issues and regulatory investigations, and Matthew Bacal, who advises on strategic licensing and outsourcing transactions, are based in New York. Located in Washington DC, Robert Cohen assists in cybersecurity incident response and enforcement actions.

Goodwin advises clients on cyber incident response in the tech, life sciences, financial services, private equity and real estate industries. The firm leverages its knowledge on federal and state privacy law, as well as AI regulation, to support clients in litigation and policymaking. Its expertise also includes adtech, biometrics, generative AI, fintech and crypto matters. Based in New York, AI expert Peter Marta, data litigator Mark David McPherson and risk management advisor Jud Welle lead the team. McPherson and Marta joined from Morrison Foerster in January 2024 and Hogan Lovells US LLP in September 2024 respectfully. Fellow practice head Kyle Tayman works out of Washington DC and represents clients before the FTC and other government agencies in their investigations. Omer Tene, in the Boston office, is a noted privacy expert in the team. In August 2024, Kaitlin Betancourt joined from an in-house position.

‘A large, highly qualified, geographically-dispersed team’, Greenberg Traurig LLP supports clients across a broad range of industries, including e-commerce, financial services, healthcare, retail and entertainment. The firm is well-versed in privacy and security compliance across jurisdictions, with expertise in cross-border transfers. Based in San Francisco, Gretchen Ramos assists clients in the development of their data protection and security practices. Jena Valdetero works from Chicago, advising on compliance issues under the GDPR, CCPA and HIPAA. The Denver-based David Zetoony is noted for his work on data privacy and cyber security matters, including advice on regulatory investigations.

Hausfeld LLP has a strong specialism in representing claimants in class actions for victims of data breaches and privacy violations. The firm is well-versed in cross-border issues across the US and Europe. The team is led by James Pizzirusso, a seasoned class action litigator with wider expertise in consumer protection and antitrust. Swathi Bojedla brings an expertise in healthcare class actions. Mandy Boltax acts in privacy and competition litigation, while Ian Engdahl advises on consumer-protection, data privacy and antitrust. All mentioned lawyers are in Washington DC.

Placing ‘a strong emphasis on client-centric services’, Hintze Law provides strategic governance advice and support in privacy programs. The firm is particularly strong in data issues relating to AI and advises clients on the development of new AI tools. Based in Seattle, Susan Hintze, who supports clients in the tech, advertising, entertainment and social media sectors, and Mike Hintze, who is an expert advisor on regulatory issues relating to AI, lead the team. Also in Seattle, Sam Castic leverages experience in data breach response as well as data processing and transfer agreements. Ro Friend left the firm for an in-house position in October 2024.

Loeb & Loeb LLP advises clients on compliance and governance issues relating to privacy. The firm also assists clients in litigation defense, including against class actions. Its clients include media, adtech and companies developing emergent tech. The department's New York-based practice head, Jessica Lee, is an expert in privacy programs and data security. In Chicago, Nerissa Coyle McGinn specializes in advertising and fintech. Melanie Howard, based in Los Angeles, adds experience in M&A transactions. In February 2024, Robyn Mohr and Ryan Martin were promoted to partner, with Michael Barry joining from Morrison Cohen LLP in the same month.

McGuireWoods LLP provides a comprehensive practice in data and cyber law, including advising on compliance, incident response and class action matters. The firm is well-versed in a wide range of privacy regulatory frameworks at the state, federal and globe level. Leading the team from Virginia are, Andrew Konia, who advises on outsourcing agreements, and Janet Peyton, an expert in information governance support. Ashley Matthews, in Charlottesville, regularly advises retailers and financial institutions on privacy and security issues. In April and August 2024 respectively, New York-based Nancy Ryan and Washington DC-based David Hirsch joined from in-house positions.

Paul, Weiss, Rifkind, Wharton & Garrison LLP covers a wide range of matters for its cyber and data clients, including advising on cyber incident response, compliance, enforcement and litigation matters. In particular, the firm represents clients in data breach class action defense and regulatory enforcement brought by federal bodies. In Washington and New York, John Carlin advises on data protection for his clients. New York-based Jeh Johnson specializes in data privacy matters and emergent technologies.

Willkie Farr & Gallagher LLP advises on transaction-related data issues, regulatory compliance and litigation representation. The firm additionally advises on emerging technologies including on the data and privacy implications of generative AI. Based in Washington DC, Daniel Alvarez specializes in data transfer contracts and policy drafting, while Laura Jehl is an expert on the collection use and storage of data. In Illinois, Craig Martin supports clients in internal investigations. ‘Highly effective’ Susan Rohol supports pharmaceutical companies and entertainment agencies in cybersecurity and privacy matters. Ben Hur  has left the firm.

Containing ‘experts in the field’, Winston & Strawn LLP represents clients in privacy and data litigation, including acting class actions and biometric-related litigation. The firm is well-versed in state and federal regulatory frameworks including the TCPA, BIPA, CCPA and CIPA. Based in Chicago, Alessandra Swanson, an advisor to healthcare, retail, media and e-commerce companies, and Sean Wieber, an expert privacy litigator, lead the team. Los Angeles-based Kevin Simpson is well versed in privacy and consumer protection legislation.