Firms To Watch: Cyber law (including data privacy and data protection)

Reed Freeman spearheads the Washington DC-based team at ArentFox Schiff. Members provide compliance advice and representation in matters relating to state privacy legislation.
Boies Schiller Flexner LLP is led by Mark Mao and Belo Richardson in San Francisco. The firm specializes in litigation work for claimants in a range of privacy and data disputes, including class actions.
Operating out of Denver, the Husch Blackwell LLP team, led by David Stauss, specializes in privacy compliance advice concerning state privacy legislation and regulation.
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.‘s Boston-based team, spearheaded by Scott Lashway and Cynthia Larose, represents clients in class actions and enforcement proceedings, as well as providing compliance support.
The team at Pillsbury Winthrop Shaw Pittman LLP advises clients on their cybersecurity and privacy matters, including acting in incident response and class action contexts. The team is led by Deborah Thoren-Peden and Mark Krotoski in California, as well as Brian Finch in Washington DC.
Led by Jim Koenig and Ronald Raether from New York and Orange County respectively, Troutman Pepper Locke LLP provides general and strategic advice in cyber and privacy law for companies in the tech, digital health, fintech, crypto and manufacturing industries. Colorado-based David Navetta joined the team from Cooley LLP in June 2025.

Cyber law (including data privacy and data protection) in United States

Baker McKenzie LLP

Baker McKenzie LLP assists multinational conglomerates in their data governance programs, covering AI, cyber and privacy compliance and risk management connected to product launches. The firm also handles data privacy and security issues connected to M&A transactions and data-sharing agreements. It is experienced in triaging international and cross-market data breaches. Brian Hengesbaugh, who co-leads the practice from Chicago, is an expert on data privacy, cybersecurity, AI and ad-tech issues. Justine Phillips, the Los Angeles-based lead, advises clients on pre- and post-data breach matters, including data and cyber litigation. Leading from New York, Cyrus Vance is an expert in cyber risks relating to critical infrastructure. Lothar Determann, in Palo Alto, advises TMT and healthcare clients on cybersecurity, data privacy and IT commercialization. Houston-based Rachel Ehlers specializes in the implementation of evolving technologies, both as products and as internal tools. Jonathan Tam, who operates out of San Francisco, is well-versed in data regulation across the globe, with experience in GDPR, CCPA, HIPAA and COPPA. Within the Chicago office, Cristina Messerschmidt regularly advises pharmaceutical and medical device companies, healthcare providers and financial institutions. In February 2024, Teresa Michaud left the firm.

Responsables de la pratique:

Brian Hengesbaugh; Justine Phillips; Cyrus Vance


Autres avocats clés:

Lothar Determann; Rachel Ehlers; Jonathan Tam; Cristina Messerschmidt


Principaux clients

Salesforce


Principaux dossiers


  • Assisted in the acquisition of a point of sale solution, which included various privacy-specific considerations.

Cooley LLP

Advising global tech and software companies, Cooley LLP offers both general compliance advice as well as incident response support for data breaches, credential stuffing attacks and ransomware attacks. The firm is experienced in cyber-related litigation, including class actions, at the state, federal and international levels. It is also knowledgeable of data and privacy issues surrounding generative AI. Splitting his time between Washington DC and San Francisco, Travis LeBlanc is an expert in regulatory enforcement investigations and compliance for cyber and privacy regulations. Matthew Brown, who is based in San Francisco, is a seasoned defense litigator and advisor in government investigations. Divided between Chicago and New York, Tiana Demas supports clients in FTC regulatory enforcements and cybersecurity program assistance. DC-based Michael Egan provides cybersecurity preparedness and response support and has further expertise in cross-borders data flows. Los Angeles-based Teresa Michaud joined the team from Baker McKenzie in February 2024, whilst Kristen Mathews joined from Morrison Foerster in September 2024. Ben Hur  joined the firm in 2025 from Willkie Farr & Gallagher LLP.

Responsables de la pratique:

Travis LeBlanc


Autres avocats clés:

Matthew Brown; Tiana Demas; Michael Egan; Kristen Mathews; Teresa Michaud; Ben Hur


Principaux clients

Chegg.com


DraftKings Inc.


loanDepot.com, LLC


Sonder Holdings Inc.


Sorenson Communications, LLC


NVIDIA Corporation


Meta


OpenAI


Roblox Corporation


Google


Principaux dossiers


DLA Piper LLP (US)

A team with a ‘a range of expertise in US and international privacy and data protection laws’, the DLA Piper LLP (US) supports clients in their data privacy and compliance programs. The firm leverages its global office network to further assist its clients with cross-border issues. It is also a seasoned advisor in incident response matters, including data breaches, IT outages and cyberattacks. Based in San Diego, Andrew Serwin leads the team, supporting clients in fintech companies, IT service providers and pharmaceutical companies. Miami-based Carol Umhoefer is well-versed in advising multinationals in their expansions into new markets across the world. Kate Lucente, in the Seattle office, acts as incident response counsel, as well as risk management and governance advisor, to games companies and automobile manufacturers. Dallas-based Hayley Curry supports clients in cyber and privacy matters. James Sullivan departed from the practice in January 2024.

Responsables de la pratique:

Andrew Serwin


Autres avocats clés:

Carol Umhoefer; Hayley Curry; Kate Lucente; Ron Plesco


Les références

‘The team has global locations and global practitioners making DLA uniquely situated to deliver results.’

‘Hayley Curry and Ron Plesco give practical advice in real-time without needing to perform unnecessary expensive research.’

‘The team at DLA have a range of expertise in US and international privacy and data protection laws and practices. The team works diligently to respond to requests and asks sensible questions to ensure delivery is as accurate as possible.’

Principaux clients

CrowdStrike, Inc.


OpenAI


Eli Lilly & Company


Progress Software Corporation


Visa International, Inc.


The 3M Company


See Tickets


Dropbox, Inc.


Chemonics International, Inc.


Principaux dossiers


  • Represented CrowdStrike in response to the outage in July 2024 that affected roughly 8.5 million systems, the largest in the history of information technology.
  • Modernized Eli Lilly and Company’s global privacy program to mitigate regulatory, class action, and resiliency risk.
  • Advised Progress Software in connection with its MOVEit software and alleged potential cyber incidents, widely considered to be the biggest incident in 2023.

Hogan Lovells US LLP

‘A pragmatic minded team with commercially sensitive leaders’, Hogan Lovells US LLP supports a wide range of market-leading companies, with especial strength in the application cybersecurity and AI advice in the sports and health sectors. The firm leverages its global network of cyber and data specialists to assist clients with market entries and global privacy controls. It is also highly knowledgeable of regulations and risk managements relating to machine learning and biometric controls. Scott Loughlin, who heads the team, advises on global compliance and privacy issues, with experience in new technologies including AI, blockchain and virtual reality. Marcy Wilder is an expert in privacy, cybersecurity and data protection in the health sector. Bret Cohen focuses on global privacy frameworks, such as GDPR, PIPL and LGPD. Paul Otto supports clients in cybersecurity assessments and incident investigations. Mark Brennan advises clients on privacy investigations, TCPA matters and AI-related compliance programs. All named lawyers are based in Washington DC. In August 2024, Peter Marta left the firm.

Responsables de la pratique:

Scott Loughlin


Autres avocats clés:

Mark Brennan; Bret Cohen; Marcy Wilder; Paul Otto


Les références

‘Hogan has a pragmatic minded team with commercially sensitive leaders that supplement our team to help us execute quickly and intelligently. They’re experts on both the regulatory environment and commercial realities for global companies dealing with ever increasing cyber laws and risks.’

‘Hogan’s team understands the need to respond to legal challenges in the data protection/cyber/security space correctly under pressure.’

‘The team at Hogan Lovells is outstanding from beginning to end. Bret Cohen and Paul Otto are extremely knowledgeable and subject matter experts.’

Principaux clients

Major League Baseball


Salesforce


Fox Corporation


National Football League


Autodesk


Sports, Media and Entertainment ISAC


Globe Life


Quora


Diligent Corporation


City of Hope Center


Principaux dossiers


  • Serving as the go-to cybersecurity and technology counsel for Major League Baseball, advising on a wide range of cybersecurity, artificial intelligence, and technology matters in support of America’s pastime.
  • Advising Fox Corporation on its third-party risk management strategy and implementation, including in connection with its negotiation of significant enterprise agreements.
  • Leading cybersecurity counsel to Globe Life, a major provider of life insurance and related health products across the United States.

Hunton Andrews Kurth LLP

Hunton Andrews Kurth LLP advises clients on data privacy law compliance at the state, federal and global level, including advising clients on their data transfer strategies under the EU-US Data Privacy Framework. The firm also assists with cybersecurity preparedness plans and handles data issues around AI and biometrics. Lisa Sotto, the practice head, focuses on cybersecurity incident response and AI governance projects. In the Washington DC office, Phyllis Marcus is a market-leading expert on children’s privacy, specializing in the impact of adtech and digital environments on children. Aaron Simpson supports private equity firms and pension funds on transatlantic privacy and data security matters. Brittany Bacon is noted for her knowledge in comprehensive privacy and cybersecurity projects. Adam Solomon is an expert on privacy and data monetization compliance programs, whilst Michael La Marca focuses on matters regarding emergent technologies, such as machine learning. Danielle Dobrusin regularly advises clients on the CCPA and CPRA. All mentioned lawyers are based in New York unless stated otherwise.

Responsables de la pratique:

Lisa Sotto


Autres avocats clés:

Aaron Simpson; Phyllis Marcus; Brittany Bacon; Danielle Dobrusin; Michael La Marca; Adam Solomon; Jenna Rode; James Henderson


Les références

‘This team is THE #1 team in the business. No one better to guide and counsel senior executives and Boards of Directors and also handle cyber response.’

‘Lisa Sotto is the best lawyer in this area. The best. Amazing talent, great skills, super wise, great with boards of directors. I hope to never have a reason to hire her again, but if I need to she is on speed dial.’

‘Brittany Bacon is a super talent. My team across various corporate functions believes Brittany is an absolute rock star.’

Principaux clients

Google NTPG Global


Tiffany & Co.


Silver Lake Technology Management


Comcast Corporation


Paramount Global


LivaNova PLC


The Procter & Gamble Company


MUFG Bank


The TJX Companies, Inc.


ScanSource, Inc.


Principaux dossiers


  • Providing myriad legal advice to a well-known global technology company, including advising on compliance with US and EU privacy laws, assisting with AI governance issues, and providing advice on its data transfer strategy and other privacy issues.
  • Advising a luxury retailer on global data protection and privacy issues, including compliance efforts withUS, EU and China privacy laws.
  • Assist a global medical device manufacturer with its response to a ransomware attack, including all aspects of the incident management and response efforts.

Latham & Watkins LLP

Latham & Watkins LLP is highly experienced acting as defense counsel for clients in class action litigation as well as regulatory investigations and enforcement proceedings brought by the SEC and FTC. The firm also supports clients with incident response matters concerning ransomware attacks. Its clientele includes tech companies, sports teams, oil & gas distributers and life sciences companies. Michael Rubin spearheads the team from San Francisco and advises on global regulatory investigations and data breach litigation. Jennifer Archie specializes in defending clients before the FTC, DHS and state attorneys, while Antony Kim guides clients through cyberattack and data breach responses. Serrin Turner, based in New York, is highly knowledgeable in SEC enforcement actions and class action litigations. Marissa Boynton advises multinational corporations in healthcare, retail, professional services and tech. Clayton Northouse supports clients with global privacy and cybersecurity governance. Unless stated otherwise, mentioned lawyers are based in Washington DC.

Responsables de la pratique:

Michael Rubin


Autres avocats clés:

Jennifer Archie; Antony Kim; Serrin Turner; Robert Blamires; Marissa Boynton; Clayton Northouse


Les références

‘The team is unsurpassed at providing key practical advice and experience dealing with regulators.’

‘Robert Blamires in particular is very responsive, helpful and practical at solving our data privacy concerns and issues.’

Principaux clients

Apple, Inc.


Meta Platforms, Inc.


Otonomo, Inc.


Truthfinder


Accellion, Inc.


Thomson Reuters, Inc.


Binance.US


Gen Digital, Inc.


AppsFlyer, Inc.


Goldman, Sachs & Co.


Discord, Inc.


Drizly


Cory Rellas


Principaux dossiers


Morrison Foerster

The ‘incredibly experienced’ team at Morrison Foerster supports clients in a range of privacy litigation, including over data breaches, data security, HIPAA, FCPA, TCPA, COPPA and ECPA. The firm is also well-versed in multistate attorney general investigations and FTC investigations. It advises clients in data security incidents in the public and private sectors, and it supports clients in AI-related privacy issues. Miriam Wugmeister oversees the team, supports companies with incident response plans and execution of global compliance strategies. Marian Waldmann Agarwal supports clients with privacy and data protection laws in across the globe. Purvi Patel, in Los Angeles, is an expert advisor to retail and e-commerce companies. San Francisco-based Tiffany Cheung supports clients in class actions suits concerning privacy law, including over AI and wiretapping. Based in Washington DC, Melissa Crespo is well-versed in healthcare privacy, with expertise in the HIPAA framework. All mentioned lawyers are based in New York unless stated otherwise. Kaylee Cox Bankston and Boris Segalis joined the firm from Goodwin in March 2024. Kristen Matthews exited in September 2024.

Responsables de la pratique:

Miriam Wugmeister


Autres avocats clés:

Purvi Patel; Marian Waldmann Agarwal; Tiffany Cheung; Melissa Crespo; Kaylee Cox Bankston; Boris Segalis


Les références

‘The MoFo team is incredibly experienced and led by industry veteran Miriam Wugmeister. This team has handled some of the largest data breaches in history and has the depth and bench to handle any type of cybersecurity issue.’

‘Kaylee Bankston is a young partner with deep, hands-on experience solving complex data security issues. Kaylee has led many investigations as an associate and partner and understands the life cycle of an incident.’

‘Linda Clark leverages her many years of in-house expertise in providing actionable advice.’

Principaux clients

Aqua Capital


Adidas


Alpine Investors


Amazon


American Bankers Association


Bumble Trading


California Attorney General’s Office


Capital One


Marriott International


OpenAI


Oracle


Palladium Equity Partners


Pfizer


Prudential


Salesforce


Samsonite


Sony Interactive Entertainment


SoftBank


Target


Twitch Interactive, Inc.


Unisys


Unity Technologies


Principaux dossiers


  • Leading the defense of Oracle in a putative class action asserting wiretapping, invasion of privacy, and other claims under California, Florida, and federal laws.
  • Advising OpenAI, the AI research lab that developed ChatGPT and DALL-E, on privacy and cyber compliance matters.
  • Representing defendant IQVIA, a data analytics healthcare company, in two putative TCPA class actions.

Orrick, Herrington & Sutcliffe LLP

Supporting clients in their contentious and non-contentious matters, Orrick, Herrington & Sutcliffe LLP advises on class actions brought against major corporations as well as cross border compliance projects, concerning both privacy and data transfer. The firm frequently assists with the internal and external use of AI. When necessary, the firm is also able to guide companies through the crisis response process. The team is led by Shannon Yavorsky in San Francisco, who advises on global privacy, cybersecurity and AI regulatory matters. Heather Egan is based in Boston, focusing on cybersecurity, privacy and information management. Based in Washington DC, Thora Johnson is an expert in the handling of health data, regularly designing compliance programs. Both in the Boston office, Aravind Swaminathan supports clients in cybersecurity incidents, high-stakes litigation and enforcement actions, while Joe Santiesteban advises telecoms and entertainment companies on crisis management. Also working in Boston, Emily Tabatabai is instructed on privacy, consumer protection and online safety matters. The San Francisco-based Michelle Visser is a seasoned litigator in the tech space, supporting clients in cyber, privacy and online safety matters.

Responsables de la pratique:

Shannon Yavorsky


Autres avocats clés:

Heather Egan; Aravind Swaminathan; Michelle Visser; Emily Tabatabai; Thora Johnson; Joe Santiesteban


Les références

‘Incredible resources, from senior partners to associates. Their whole team was deeply experienced and showed that throughout our matter. They knew what was going to happen before it happened based on their experience.’

‘Michelle Visser is a truly fantastic lawyer. She came up with a strategy that saved us years and tons in cost, and executed the strategy perfectly. Joe Santiesteban was great on incident response, clearly in control the entire time.’

Principaux clients

Arietis Health


Bark.com Global Limited


Block, Inc.


Capital One Financial Corp.


Carnival Corp.


Evolve Bank & Trust


Fenix International Limited


Meta Platforms


Internet Society


Kimberly-Clark Corporation


NVIDIA Corporation


Oregon Department of Transportation


Regents of the University of California


Sinclair Broadcast Group


Unilever


X Corp.


Principaux dossiers


  • Represented RingCentral in San Mateo County Superior Court concerning a class action brought under the California Invasion of Privacy Act(CIPA).
  • Defending Evolve Bank & Trust in a multidistrict litigation in the Western District of Tennessee that consolidates 22 lawsuits alleging a threat actor stole customer information during a preventable data breach in violation of state and federal laws.
  • Represented Block, Inc. and Cash App Investing in a class action filed in the Northern District of California.

Venable LLP

‘Uniquely’ positioned to advise in the digital advertising space, the team at Venable LLP contains experts in the adtech sector, advising on data privacy in the social media, education, automotive, healthcare and entertainment sectors. In addition, the firm regularly handles AI-related matters. It also handles investigations and regulatory developments made by the FTC and state attorney generals. The team, which operates out of Washington DC, contains Kelly DeMarchis Bastide, who advises on privacy compliance, and Stuart Ingis, an advisor to trade associations and coalitions on privacy issues. Emilio Cividanes supports clients with the implementation of regulatory and litigation strategies concerning data privacy. Michael Signorelli is frequently instructed by marketers, advertisers, data providers and streaming platforms. Julia Tama is also noted for her work on financial, children’s and health privacy. Desirée Moore joined the firm from K&L in December 2023 followed by Emily Keimig and Jessica Arett from Sherman & Howard LLC in May 2024.

Responsables de la pratique:

Kelly DeMarchis Bastide; Emilio Cividanes; Julia Tama; Stuart Ingis; Michael Signorelli


Autres avocats clés:

Tara Potashnik; Desiree Moore; Emily Keimig; Jessica Arett


Les références

‘The insight that the Venable team brings combines their expertise in the substance of the business issues that our industry faces along with their deep knowledge of the policy and legal environment that create constraints and opportunities.’

‘The two things that come most to mind when I think about my work with Stuart Ingis and Tara Potashnik is the combination of deep expertise and commitment to customer service. It isn’t just that their advice is sound but that I can access that expertise in a timely manner.’

‘I work with Venable because they are very responsive and the guidance provided is excellent.’

Principaux dossiers


  • Representing and advising Privacy for America and have guided it through some of the most important privacy milestones in recent years, including working across the federal government on issues such as children’s privacy and safety.
  • Providing general counsel the Association of National Advertisers.
  • Negotiated a final order settling allegations made by the FTC again InMarket and its practices around precise location data.

Akin

Akin is at the forefront of emerging state privacy law, regularly advising clients on the new California Consumer Privacy Act. The firm is also experienced in government and internal investigations brought due to cybersecurity and data privacy concerns. Its sector expertise covers a wide variety of industries, including the financial sectors, healthcare, retail and defense sectors. Located in San Francisco, Natasha Kohne heads the team, advising on AI regulation and representing in investigations and class action. Jo-Ellyn Sakowitz Klein, found in Washington DC, is an expert on a range of regulatory frameworks, such as HIPAA, HITECH, CCPA and the FTC Act. Jo-Ellyn Sakowitz Klein, located in California, is seasoned in consumer and data privacy class actions. Peter Altman works from Los Angeles and advises clients in the public and private sectors, representing companies in government enforcement procedures. Dario Frommer left the team in May 2024, followed by Corey Roush in June 2024 and Michelle Reed in July 2024.

Responsables de la pratique:

Natasha Kohne


Autres avocats clés:

Jo-Ellyn Sakowitz Klein


Principaux clients

Altice USA, Inc.


ClearBalance Healthcare


Waste Management, Inc.


National Cotton Council of America


Principaux dossiers


BakerHostetler

BakerHostetler's team is highly knowledgeable in incident response and attorney general investigations, supporting companies in the healthcare, financial services, tech and education sectors. The firm is particularly experienced in data breach-related matters, including ransomware attacks. It also advises companies on AI and blockchain issues. Theodore Kobus III, who is well-versed in class action defense and regulatory suits, leads the team from New York. Cincinnati-based Craig Hoffman is an expert on payment card security incidents. In the Houston office, Lynn Sessions is adept at handling cybersecurity incident response and regulatory investigations, particularly within the healthcare sector. Denver lawyer Casie Collignon is an expert litigator in privacy class action defense. Jennifer Mitchell is based in Los Angeles and advises on compliance matters concerning GDPR, HIPAA and CCPA. In November 2024, Raymond Aghaian joined the team.

Responsables de la pratique:

Theodore Kobus III


Autres avocats clés:

Lynn Sessions; Craig Hoffman; Casie Collignon; Sara Goldstein; Jennifer Mitchell


Principaux clients

Panda Restaurant Group


Dell Technologies


Forty Niners Football Company LLC


Publicis Groupe


Sephora


The Coca-Cola Company


Qurate Retail Group


Fred Hutch Cancer Center


The Cleveland Clinic


University of Texas M.D. Anderson Cancer Center


Northwestern Medicine


Banner Health


Mayo Clinic


Boston Children’s Hospital


MedStar Health


Prisma Health


University of Florida Health Sciences Center


University of California Regents


Volkswagen


Chick-fil-A


Marriott International


Principaux dossiers


  • Representing over 130 health systems in Facebook Pixel healthcare litigation.
  • Defending AT&T in multi-state attorney general investigations and dozens of lawsuits related to AT&T’s notification to 54 million people in March 2024 of a security incident.
  • Providing litigation, regulatory, and strategic counsel to Marriott International, six years after the Starwood database security incident.

Debevoise & Plimpton LLP

Debevoise & Plimpton LLP ‘has significant expertise and delivers quality work’, advising global clients on incident response matters and investigations brought by state attorney generals. The firm is experienced advising clients on the SEC cybersecurity rules. Its members include experts on privacy, AI, M&A due diligence and data governance. Both leading the practice, Washington DC-based Luke Dembosky specializes in cyber risk management and internal investigations, while Avi Gesser supports private equity funds, insurance companies and hedge funds in ransomware and nation-state cyber attacks. Erez Liebermann is knowledgeable of data-related regulatory requirements, and Jim Pastore is an expert litigator in the cyber field. Matt Kelly leverages his expertise in governance, compliance and risk management matters relating to AI. Unless otherwise stated, lawyers are based in New York.

Responsables de la pratique:

Luke Dembosky; Avi Gesser


Autres avocats clés:

Erez Liebermann; Jim Pastore; Johanna Skrzypczyk; Matt Kelly


Les références

‘Luke Dembosky and Erez Lieberman both have tremendous experience in the cybersecurity area and are true trusted partners. Their stellar reputation in the cyber legal community is well earned. They provide informed, realistic, and actionable guidance.’

‘The Debevoise cyber team is one of the larger and stronger teams. It has significant expertise and delivers quality work. ’

‘Standout partners include Erez Liebermann and Luke Dembosky.’

Principaux clients

American Express


Capital One


Glaxosmithkline


GoDaddy


Microsoft


Prudential Financial


Securities Industry Financial Markets Association


Warner Music Group


WPP Group


Principaux dossiers


  • Advising the leading financial services trade associations on the industry’s comment letter responses to multiple proposed regulations or other requests for comment.
  • Advising MassMutual in a multidistrict litigation stemming from the MOVEit cyberattack.
  • Assisting the client with subsidiary Rockstar Games’ September 2022 cybersecurity incident and related matter at 2K Games relating to the theft of 4 million records from a support database.

Dechert LLP

Dechert LLP is a highly versed litigation expert, representing clients in class actions and DOJ and state attorney general enforcements. The firm acts in disputes concerning AI, machine learning and consumer protection. It also regularly advises clients on cyber incidents, including ransomware attacks and data breaches. The team is led from Boston by Brenda Sharton, is a seasoned advisor in data breach investigations and cyberattacks. Also in Boston, Timothy Blank advises on compliance matters concerning US and EU privacy laws. Based in Los Angeles, Benjamin Sadun is an expert in issues surrounding AI, large language models and biometrics. Hilary Bonaccorsi, who specializes in the design and application of compliance programs under the FTC Act, CCPA and GDPR, works from Charlotte, North Carolina.

Responsables de la pratique:

Brenda Sharton


Autres avocats clés:

Timothy Blank; Hilary Bonaccorsi; Benjamin Sadun; Theodore Yale; Bailey Dervishi


Les références

‘The team is responsive, agile and uniquely creative.’

‘Brenda Sharton is definitely someone you want by your side. She is fully committed to delivering the best service to her clients, always available, creative and a pleasure to work with.’

‘Benjamin Sadun is a stand-out partner. Brilliant and engaged.’

Principaux clients

Ivy Fertility Services, LLC


Prisma Labs, Inc.


Easy Healthcare Corporation


Flo Health, Inc.


Microsoft


Select Medical Holdings Corporation and Concentra


Aquiline Capital Partners LP


Principaux dossiers


  • Representing Ivy Fertility Services, LLC, and 13 other fertility clinics in lawsuits concerning the use of website tracking technology like the Meta Pixel and Google Analytics.
  • Defending Prisma Labs, Inc. in a class action lawsuit concerning the uploading of photos of Illinois residents to the internet.
  • Advising Microsoft in eight federal lawsuits regarding a major data breach in 2023.

Eversheds Sutherland

‘Truly global, with expertise in all of the major regions of the world’, Eversheds Sutherland supports major international corporations on privacy and data security matters in a wide range of industries, including banking, consumer goods, healthcare, life sciences, media and tech. The firm advises on regulatory frameworks from the state to international level, such as COPPA, HIPPA, GDPR and PIPL. It is also able to leverages its international network of offices to enhance its advice. Michael Bahar is based in Washington DC and advises on data security and privacy. Bahar leads the practice alongside San Francisco-based Brandi Taylor, who specializes in the emerging state privacy laws, and Atlanta-based Rachel Reid, an expert on AI regulation and deployment. Mary Jane Wilson-Bilik, who works from DC, is well-versed in CCPA, FCRA and GDPR compliance. Made partner in January 2025, Alexander Sand is located in Austin, Texas and is an expert in cybersecurity and virtual currency regulation.

Responsables de la pratique:

Michael Bahar; Brandi Taylor; Rachel Reid


Autres avocats clés:

Mary Jane Wilson-Bilik; Alexander Sand


Les références

‘Eversheds Sutherland’s cyber practice is truly global with expertise in all of the major regions of the world.’

‘Michael Bahar and Alexander Sand are very experienced cyber lawyers with an excellent understanding of the challenges that large tech companies face regarding data privacy and protection.’

‘Michael Bahar is excellent and knowledgeable on privacy and cybersecurity matters.’

Principaux dossiers


Gibson, Dunn & Crutcher LLP

Gibson, Dunn & Crutcher LLP contains seasoned advisors in major regulatory investigations and litigation, including acting in class actions and suits brought by state attorney generals following major data breaches. It is also well-versed in privacy violations and data misuse allegations. Ashlie Beringer, based in Palo Alto, advises media and tech companies on compliance issues regarding privacy, cybersecurity, the blockchain and AI. Advising from New York, Lauren Goldman is an expert litigator in class actions, representing clients in proceedings brought under the TCPA, the Wiretap Act and new state privacy laws. Jane Horvath, in Washington DC,  specializes in multijurisdictional privacy matters, working with regulators and policy makers. Rose Ring regularly represents clients in social media, online advertising AI and cloud platforms. In September 2024, Palo Alto-based Keith Enright joined from an inhouse position at Google, and Alexander Southwell left the practice.

Responsables de la pratique:

Ashlie Beringer; Jane Horvath; Rose Ring; Lauren Goldman; Keith Enright


Autres avocats clés:

Ryan Bergsieker; Cassandra Gaedt-Sheckter; Vivek Mohan; Ashley Rogers; Sarah Erickson


Principaux clients

DoorDash Inc


Zoom Video Communications


Principaux dossiers


Jones Day

‘A leading firm nationally’, Jones Day runs the gamut of data protection and data privacy matters. The firm is expert in a range of emergent tech, including generative AI, autonomous vehicles, the internet of things, gaming, and satellite tech. It provides national and international incident response support as well as representation in regulatory investigations and litigation. ‘Truly a superstar’, Lisa Ropple, leading the team from Boston, acts for clients in government enforcements, regulatory investigations and class actions. New York-based Mauricio Paez is ‘a trailblazer in global privacy assessments and tech transactions’, with expertise in both terrestrial and space-based commercial data services. Working in California, John Vogt specialises in class actions over the theft of consumer data and healthcare records. Atlanta-based Mary Alexander Myers is noted for her work in the healthcare, gambling and financial services sectors. Ryan Blaney joined the Washington DC team from Proskauer Rose LLP in February 2024.

Responsables de la pratique:

Lisa Ropple


Autres avocats clés:

Mauricio Paez; John Vogt; Kerianne Tobitsch; Edward Chang; Mary Alexander Myers; Ryan Ball


Les références

‘Jones Day offers complete global coverage and is one of the best at managing complex cross-border data security issues.’

‘Lisa Ropple leads the practice and works tirelessly for clients. She is a leader and her expertise navigating cyber security issues and data breaches is unparalleled.’

‘Maurico Paez has been at the forefront of cybersecurity and data privacy and is a trailblazer in global privacy assessments and tech transactions.’

Principaux clients

Point32Health, Inc.


Aireon, LLC


Experian Information Solutions, Inc.


American Hospital Association


Internet Corporation of Assigned Names and Numbers


Cart.com


Ascension Health


NerdWallet


JP Morgan Chase & Co.


Kia Motor America


Principaux dossiers


  • Representing Point32Health in range of matters arising from a high profile ransomware attack on Harvard Pilgrim Health Care.
  • Representing Experian Information Solutions, Inc. in a lawsuit alleging that a plaintiffs’ law firm constructed a nationwide scheme to extort Experian into settling “sham” lawsuits.
  • Representing Ascension in an ongoing privacy investigation by numerous state attorneys general and the United States Department of Health and Human Services related to Ascension’s collaboration with Google to develop health care AI.

Linklaters LLP

Linklaters LLP has a wide range of experience in international cyber and data law matters, advising on the implementation of compliance programs, incident response and governance work. The firm also specializes in the commercialization of data in an array of industries. It is highly knowledgeable in matters concerning emergent technologies, including AI, adtech, biometric and geolocation capabilities. Ieuan Jolly is the New York-based practice head, specializing in data commercialization. Caitlin Potratz Metcalf, in Washington DC, focuses on multi-jurisdictional privacy matters. In New-York, Kris Ekdahl is well-versed in state and federal privacy laws, while Ekta Oza advises on privacy regulatory compliance and cybersecurity incidents.

Responsables de la pratique:

Ieuan Jolly


Autres avocats clés:

Kris Ekdahl; Caitlin Potratz Metcalf; Ekta Oza


Principaux clients

Microsoft


Volkswagen


Clear Channel


Viking River Cruises


iHeart


Media Inc.


Brookfield


SMBC


Corebridge Financial


Samsung


Vitesco


Sibanye


Stillwater


Wynn Las Vegas Hotels & Resorts


Principaux dossiers


  • Represented multiple leading publishers on first of their kind data and digital content licensing with Big Tech AI developers building LLMs, including OpenAI, Google, Amazon, Apple, Mistral, Perplexity.
  • Advised on the most significant data-driven transaction in the auto sector, advising Volkswagen on a landmark joint venture with Rivian, guiding them through the legal and strategic aspects of integrating Rivian’s advanced AI and software-defined vehicle technology.
  • Advised Eaton on implementing a data governance and AI strategy to transform its power management solutions, addressing a range of cybersecurity, and data privacy issues associated with its expanding AI initiatives.

Mayer Brown

‘An excellent resource’, Mayer Brown covers global data breaches and putative class actions in a wide range of industries, including tech, social media, food & beverages and financial services. It is also well-versed in compliance matters for AI and privacy issues. Leading the team from Washington DC, Rajesh De specializes in AI, national security, enforcement and privacy. Stephen Lilley, also in DC, advises on internet of things, medical devices and critical infrastructure. Arsen Kourinian works in Los Angeles, advising on adtech, cross-border data transfers and M&A-related privacy and security due diligence. Splitting his time between DC and New York, Adam Hickey is an expert on combating cyber threats in the private sector and critical infrastructure. Dominique Shelton Leipzig left the firm to an inhouse position in October 2024.

Responsables de la pratique:

Rajesh De


Autres avocats clés:

Arsen Kourinian; Stephen Lilley; John Nadolenco; Adam Hickey


Les références

‘The Mayer Brown team is an excellent resource for my team and I. It has the expertise to help us figure out the many nuanced considerations relating to our business.’

‘Raj De is an excellent leader and a true pleasure to work with. He manages to stay on top of his own business, but also my company’s business.’

‘Stephen Lilley is incredibly responsive and provides excellent legal guidance regarding what can often be very political matters.’

Principaux clients

TikTok, Inc.


ByteDance, Inc.


Boeing Employees’ Credit Union


Yum! Brands


Cloudflare


Google, Inc.


Principaux dossiers


  • Representing TikTok Inc. and ByteDance Inc. in a variety of complex legal matters, including high-profile class action lawsuits alleging privacy violations related to data collection and usage on both the TikTok and CapCut platforms.
  • Advising Cloudflare, a global leader in cloud services, on a wide range complex cybersecurity and data privacy challenges.
  • Representing Yum! Brands, Inc. in its defense of several class action lawsuits alleging that Yum! Brands failed to protect the personal information of its employees and former employees following a ransomware attack that it experienced in January 2023.

McDermott Will & Emery LLP

McDermott Will & Emery LLP assists international corporations in investigations, defenses against enforcement, privacy litigation and data breach response. The firm’s investigations experience includes those brought by the FTC, OCR, FCC and state attorney generals. Its clientele is broad, with companies from the life science, tech, telecoms, financial services, media and automotive sectors. The team is led by Michael Morgan from Los Angeles and Silicon Valley, advising both on incident response and data monetization. Edward Zacharias, based in Boston, specializes in the healthcare sector as does the Chicago-based Daniel Gottlieb, whose clients include health IT vendors, healthcare providers, health plans, universities and life sciences firms. Joining from Gibson, Dunn & Crutcher LLP in September 2024, Alexander Southwell works from New York, focusing on litigation and investigation relating to the tech sector. Scott Weinstein  left for an in-house position in April 2024.

Responsables de la pratique:

Michael Morgan


Autres avocats clés:

Edward Zacharias; Daniel Gottlieb; David Saunders; Alexander Southwell; David Gacioch; Jiayan Chen; Ryan Higgins; Elliot Golding; Kathryn Linsky; Amy Pimentel


Principaux clients

Charles Schwab


National Spine and Pain Centers


Southern Illinois Hospital Services


TD Ameritrade


Principaux dossiers


  • Defended social media giant TikTok against multiple Attorney General lawsuits asserting consumer protection “teen mental health” claims related to the app’s alleged addictiveness.
  • Represented Charles Schwab and TD Ameritrade in one of the largest data breach class action multidistrict litigations ever, following the massive MOVEIt data breach.

Quinn Emanuel Urquhart & Sullivan, LLP

‘The ultimate strategists’, Quinn Emanuel Urquhart & Sullivan, LLP maintain a broad expertise in different industries, from mobile apps and digital advertising to healthcare and insurance. It has particular strength representing its clients in class actions, concerning data breaches and ransomware attacks. Splitting their time between Los Angeles and New York, Stephen Broome practices in security and data privacy investigations brought by the government and regulators, while Viola Trebicka advises on data privacy, data security, the use of AI and IP. Working in New York, Jennifer Barrett is an expert in data breach responses, with clients in banking, insurance, publishing and marketing. Los Angeles-based Alyssa Olson is noted for her work in data privacy class actions.

Responsables de la pratique:

Stephen Broome; Viola Trebicka; Jennifer Barrett


Autres avocats clés:

Alyssa Olson


Les références

‘Complex litigation attorneys for the biggest matters. The ultimate strategists.’

Principaux clients

Google LLC


Snowflake Inc.


Ancestry.com


KIK Custom Products, Inc.


Kaseya US LLC


Match Group Inc


ZoomInfo Technologies


Entertainment Partners LLC


Cyderes Inc


Take-Two Interactive, Inc.


Google LLC


Snowflake Inc.


Ancestry.com


Principaux dossiers


  • Defended Google against a nationwide class action alleging Google improperly collects browsing data while users are in their browsers’ “private browsing” mode.
  • Defending Snowflake Inc. in the In re: Snowflake Data Breach MDL—an MDL involving over 100 class actions.
  • Representing Ancestry.com in six putative class actions premised on electronic yearbook excerpts hosted on Ancestry’s website.

WilmerHale

Operating out of Washington DC, the team at WilmerHale is highly knowledgeable of the healthcare sector, advising on sensitive data breaches response. The firm’s expertise stretches to class actions and investigations before the FTC, state attorney generals and federal regulators. Its wider industry knowledge includes the retail, manufacturing, adtech, ecommerce and financial sectors. Kirk Nahra, who represents clients in enforcement actions and regulatory investigations at the state and federal level, and Benjamin Powell, an advisor on incident response and preparedness, head the practice. Advising on data security and privacy issues in M&A transactions, Jason Chipman is also noted within the team. In January 2025, Arianna Evers, experienced in AI-related issues, was made partner. Ali Jessani brings experience in privacy, cybersecurity and data protection regulation to the practice.

Responsables de la pratique:

Kirk Nahra; Benjamin Powell


Autres avocats clés:

Jason Chipman; Arianna Evers; Ali Jessani


Principaux dossiers


Alston & Bird LLP

Standing out for its lawyers’ ‘technical expertise’, Alston & Bird LLP advises clients on cybersecurity preparedness, privacy and data protection compliance. The firm guides clients through compliance programs and has expertise in data breach responses relating to ransomware attacks, including attacks brought by nation states. The team is led by Atlanta-based David Keating, who advises on national and international data protection matters, and Washington DC-based Kimberly Peretti, an expert in the healthcare, hospitality, telecoms and insurance industries. In Atlanta, Maki DePalo assists clients with state privacy law compliance programs, while Kellen Dwyer is an experienced cyber litigator, working in Washington DC.

Responsables de la pratique:

David Keating; Kimberly Peretti


Autres avocats clés:

Kellen Dwyer; Maki DePalo


Les références

‘The data breach & data protection team are extraordinarily experienced in all aspects of data protection and breach response work.’

‘The individual lawyers are responsive, knowledgeable, and very thorough. They are also used to working with technically inclined business folk, rather than attorneys, which is a unique skill set.’

‘Alston & Bird is unique in several ways, especially due to the highly specialized staff and their overview of the evolving nature of privacy law.’

Principaux clients

United Parcel Service, Inc.


McDonald’s Corporation


Cross-Border Data Forum


Principaux dossiers


  • Advised UPS on privacy notices and global data transfer issues as well as advice related to the American Privacy Rights Act.

Cleary Gottlieb Steen & Hamilton LLP

Cleary Gottlieb Steen & Hamilton is highly knowledgeable of the privacy and data security issues surrounding major M&A transactions across industries. The firm is also well-versed in providing support in incident response, data breach litigation, enforcement actions and corporate governance. Working from the New York office, practice head Daniel Ilan specializes in data, AI and tech transactions for major multinational corporations and private equity firms. Marcela Robledo is based in San Francisco and maintains expertise in data privacy for tech companies. Melissa Faragasso brings experience in AI-related matters, while New York-based Rahul Mukhi focuses on cybersecurity issues, from data breach and ransomware attacks to regulator inquiries. Also in New York, Jonathan Kolodner supports clients in cyber compliance programs.

Responsables de la pratique:

Daniel Ilan


Autres avocats clés:

Jonathan Kolodner; Rahul Mukhi; Marcela Robledo; Melissa Faragasso


Principaux clients

American Express


Amundi S.A.


Atlassian


FullBeauty Brands, Inc.


Global Healthcare Exchange, LLC


GMO-Z.com Trust Company Inc.


Ionic Digital Inc.


Miami International Holdings Inc.


Midjourney


NFL Players Association Trust


Olympus Technologies Inc.


Tempur Sealy International Inc.


Thales


T-Mobile


Warburg Pincus


Principaux dossiers


Davis+Gilbert LLP

Based in New York, Davis+Gilbert LLP is highly experienced in data and privacy issues concerning adtech and advertising-related matters, advising leading players in this space. The firm’s experiences includes advising on ad fraud, affiliate marketing and the application of emerging technologies, including AI. It is also experienced in providing crisis management supports, relating to data breaches and regulatory inquiries. The team is led by Richard Eisert, an experienced litigator for IP and tech matters, and Gary Kibel, who advises on the CCPA, GDPR and recent legislation. Within the team, Zach Klein is well-versed in data security incidents and breach response, while Jeremy Klein advises clients on the collection, use and transfer of information. Oriyan Gitig is also recommended.

Responsables de la pratique:

Richard Eisert; Gary Kibel


Autres avocats clés:

Zach Klein; Jeremy Merkel; Oriyan Gitig


Les références

‘The team is extremely responsive and pragmatic. The advice is always tailored to the client’s specific circumstances and always takes into account latest development in the particular area of law, no matter how recent it is.’

‘Gary Kibel responds to queries with utmost care. He is extremely knowledgeable, pragmatic and approachable.’

‘Knowledgeable, gracious and patient experts in the field of Cyber law including data privacy and data protection.’

Principaux clients

Actable Data


Arcspan Media


Forbes Media LLC


Giant Spoon


Kerv Interactive


Magellan AI


Roofstock


StackAdapt


theBalm


Tradeswell


Vistar Media


Principaux dossiers


Fenwick & West LLP

Fenwick & West LLP advises private and public sector clients on privacy and data security matters, including reviews of governance and policies as well as in class actions. The firm is also well-versed in cutting-edge technologies, including adtech, AI, autonomous vehicles, cryptocurrency and geolocation data. Members of the team regularly work with the firm’s wider departments, with particular experience support the M&A team in transactions. The team is overseen by the San Francisco-based Tyler Newby, a specialist in privacy and data security litigation, and the Washington DC-based Michael Sussmann, who enhances the firm’s expertise in cybersecurity. In New York, David Feder supports tech and life sciences companies in government investigations and regulatory litigation. Made partner at the start of 2025, Ana Razmazma, who is based in Silicon Valley, is very experienced in M&A-related privacy issues. Brent Tuttle work in the San Francisco office, advising on the privacy and cybersecurity issues in new products.

Responsables de la pratique:

Tyler Newby; Michael Sussmann


Autres avocats clés:

David Feder; Ana Razmazma; Brent Tuttle


Principaux clients

Amazon


Cisco Systems, Inc.


Databricks


Moloco, Inc.


Morphic Holdings, Inc.


OpenAI


SoundHound AI


Spotter, Inc.


Squarespace


Wonder Dynamics


Principaux dossiers


  • Advised Morphic Therapeutic a publicly-traded biopharmaceutical company, on its response to a ransomware incident, and related diligence issues that arose during Eli Lilly’s purchase of Morphic in 2024.
  • Represented Databricks, a data and AI company, in its pending acquisition of Arcion, a Databricks Ventures portfolio company.
  • Representing Squarespace, a design-driven platform helping entrepreneurs build brands and businesses online, in its agreement to sell Tock.

Freshfields

Freshfields advises clients as claimants and defendants in a wide array of litigation, including class actions and enforcement actions. Its lawyers are experienced in forensic investigations as well as in conducting reviews of company governance policies. Working in Silicon Valley and New York respectively, Christine Lyon, an expert in privacy programs, GDPR and CCPA, and Timothy Howard, a specialist in white-collar crime and data protection, oversee the practice. Advising on risk management and governance, Beth George is based in Silicon Valley. Washington DC-based Brock Dahl is expert in global incident response. Megan Kayo, in Silicon Valley, leads forensic investigation and global response.

Responsables de la pratique:

Christine Lyon; Timothy Howard


Autres avocats clés:

Brock Dahl; Beth George; Megan Kayo


Les références

‘Freshfields does an amazing job of building a close relationship across a business such that they can really share the global business view of the client and tailor their guidance based on that understanding. They answer the questions you should be asking but didn’t know to ask.’

‘Christine Lyon’s insights and guidance are targeted, practical, and balanced.’

Principaux clients

Google


Principaux dossiers


  • Filed a civil lawsuit, on behalf of Google, against two members of a criminal scheme for engaging in an online consumer investment fraud scheme known as “pig butchering”.

Kelley Drye & Warren LLP

The lawyers at Kelley Drye & Warren LLP are well-versed in the enforcement of COPPA, GLBA and the Fair Credit Reporting Act as well as FTC and state attorney general investigations. The firm is a frequent advisor in compliance matters concerning privacy and data protection. Alysa Hutnik leads the team, advising on investigations, enforcement actions and disputes. Lauri Mazzuchetti, based in New Jersey, advises telecoms, retailers, food companies and emergent tech companies. Aaron Burstein is an expert in data security, privacy and consumer protection law. Kate White adds investigatory, enforcement and compliance knowledge. Laura Riposo VanDruff is noted for her work in FTC and state attorney general investigations. Unless specified otherwise, lawyers are based in Washington DC.

Responsables de la pratique:

Alysa Hutnik


Autres avocats clés:

Lauri Mazzuchetti; Aaron Burstein; Laura Riposo VanDruff; Kate White


Les références

‘They take the time to understand our business before delving into the issues. So appreciated!’

Principaux clients

Interactive Advertising Bureau


Maplebear, Inc.


Keurig Dr Pepper


Kohl’s Department Stores


Five9


Grocer and pharmacy retailers


LendingTree


Chipotle


Principaux dossiers


King & Spalding LLP

Advising on FTC, DOJ and SEC investigations and enforcement actions, King & Spalding LLP is well-versed in federal regulatory matters, in addition to investigations brought by state attorney generals and regulators. The firm is adept at providing incident response support and assisting in incident preparedness. It is also expert in class action defense. Phyllis Sumner leads the team from Atlanta, advising corporate boards and senior executives in their incident response processes. In Washington DC, Robert Hudock advises healthcare and financial services companies, conducting risk assessments and IT audits. Working in the Atlanta office, Elizabeth Adler in privacy and data breach class actions.

Responsables de la pratique:

Phyllis Sumner


Autres avocats clés:

Robert Hudock; Elizabeth Adler


Principaux dossiers


Manatt, Phelps & Phillips, LLP

Offering ‘well-reasoned advice in a prompt manner’, Manatt, Phelps & Phillips, LLP covers the spectrum of cyber law matters, from program development and incident preparedness to reactive incident response, regulatory investigations and litigation defense. The firm advises clients on the various state and federal privacy legislation as well as on the TCPA. The team is led by the ‘exceptional privacy attorney’ Brandon Reilley in San Francisco, who is well-versed in compliance, regulatory and incident response matters. Working in Boston, Amy MacDonald is a noted privacy and data security advisor. Paul Luehr, based in Washington DC, specializes in HIPAA, GDPR and state privacy law advice. In April 2024, Kareem Salem and Jessica Sklute joined from BakerHostetler and Schulte Roth & Zabel LLP. Scott Lashway and Christopher Lisy left the firm in May 2024.

Responsables de la pratique:

Brandon Reilly


Autres avocats clés:

Amy Macdonald; Kareem Salem; Jessica Sklute


Les références

‘The team works well with other practices and is always able to offer well-reasoned advice in a prompt manner.’

‘Brandon Reilly is an exceptional privacy attorney. He has an encyclopedic knowledge of various privacy laws and can advise on a wide range of data privacy issues in a reasoned, risk-based manner.’

‘Brandon Reilly is not only a wealth of privacy knowledge, he is very practical in his approach and gives very commercially minded advice.’

Principaux clients

New York eHealth Collaborative


Principaux dossiers


Norton Rose Fulbright US LLP

Norton Rose Fulbright is highly experienced in incident response and crisis management, including assisting clients with their investigations. The firm’s industry expertise includes the real estate, life sciences, healthcare, retail, insurance, telecoms and aviation spaces. In New York, Andrea D’Ambra focuses on data privacy, e-discovery and cybersecurity, while David Kessler advises clients in compliance matters concerning HIPAA, COPPA and FERPA regulations. Also in New York, Steven Roosa is an expert in biometric matters. Chris Cwalina, working from Washington DC, supports in cybersecurity and privacy compliance issues. Based in Houston, Will Daugherty acts on incident response, class action and investigations. Susana Medeiros, in the New York office, supports clients in cyber incidents and in information governance.

Responsables de la pratique:

Chris Cwalina; Andrea D’Ambra; David Kessler; Will Daugherty; Steven Roosa


Principaux dossiers


Paul Hastings LLP

Paul Hastings LLP offers expertise in class action defense for its clients, acting in a range of industries. The firm also acts for clients in regulatory investigations brought by state attorney generals and federal regulators, including the SEC, FCC and SEC. The Chicago-based Aaron Charfoos, an experienced litigator and privacy lawyer, and Dallas-based Michelle Reed, who acts in regulatory and enforcement matters, lead the team. Located in Washington DC, Sherrese Smith specializes in privacy and security law in the media, tech, retail and life sciences fields.

Responsables de la pratique:

Aaron Charfoos; Michelle Reed


Autres avocats clés:

Sherrese Smith; Susan Leader


Principaux clients

GlaxoSmithKline LLC


GoTo Group, Inc.


Dapper Labs, Inc.


National Basketball Association


Mr. Cooper


L’Oréal USA Inc.


Charlotte Tilbury Beauty, Inc.


City of Dallas


Altice USA, Inc.


Ubisoft


Principaux dossiers


Reed Smith LLP

The ‘exceptional’ Reed Smith LLP team boasts knowledge in a wide range of industries, including financial services, manufacturing, food & beverage, healthcare, energy and IT. The firm advises on generative AI issues as well as on technology related M&A transactions. Robert Newman, who focuses on privacy, marketing and IP issues, and Idara Udofia, whose data protection expertise includes understanding of CCPA, COPPA and BIPA, lead the team from Chicago. Catherine Castaldo is the New York-based practice head, advising on incident response, investigations and regulatory matters. In San Francisco, Sarah Bruno is well-versed in the entertainment, beauty, consumer goods and healthcare sectors. Wendell Bartnick, operating in the Houston office, advises on compliance of federal and state privacy law compliance. Tyler Thompson joined the firm from Greenberg Traurig, LLP in September 2024.

Responsables de la pratique:

Rob Newman; Catherine Castaldo; Idara Udofia


Autres avocats clés:

Gerard Stegmaier; Sarah Bruno; Monique Bhargava; Wendell Bartnick


Les références

‘The team at Reed Smith, led by Gerry Stegmaier, is exceptional in how they support my understanding of the law. They have taken the time to learn the intricacies of my business and understand the goals I aim to achieve.’

‘Gerard Stegmaier is renowned for his concise and direct legal advice, making him a practical problem solver.’

‘Gerry Stegmaier stands out as a uniquely commercial law firm partner. Gerry is an expert in cybersecurity law and data privacy.’

Principaux dossiers


Seyfarth Shaw LLP

Seyfarth Shaw LLP is experienced in supporting clients in both incident response and a wide array of disputes, including litigation and arbitration. The firm advises on cutting edge technologies, assisting with AI, biometrics, website tracking and the Internet of Things. The team is led from Houston by John Tomaszewski, a privacy specialist with multi-jurisdictional compliance expertise. Bart Lazar works in Chicago, acting on privacy and security matters. Also in Chicago, Jason Priebe focuses on the development of policies for the handling, transfer and disclosure of information. Karla Grossenbacher, who is based in Washington DC, is an expert on workplace privacy, including on data breaches involving employee information. In November 2024, Scott Carlson retired from practice.

Responsables de la pratique:

John Tomaszewski


Autres avocats clés:

Jason Priebe; Bart Lazar


Principaux clients

Prudential Financial Inc.


Principaux dossiers


Sheppard, Mullin, Richter & Hampton LLP

Sheppard, Mullin, Richter & Hampton LLP possesses notable expertise in putative class action defense, supporting clients across industries in their matters. The firm is well-versed in data breach incidents and privacy compliance, both at the state and federal level. In Los Angeles and Chicago respectively, the team is led by Craig Cardon and Liisa Thomas, who focuses on privacy and advertising matters. Wynter Deagle, based in Del Mar, is an experienced defense litigator in both individual and class actions relating to privacy and cybersecurity. Rachel Hudson brings privacy and advertising expertise to retail, fashion and beauty companies. Kari Rollins is adept in international commercial arbitration contexts.

Responsables de la pratique:

Craig Cardon; Liisa Thomas


Autres avocats clés:

Wynter Deagle; Rachel Hudson; Kari Rollins


Principaux clients

NextGen Healthcare


Delta Dental Plans Association


ZARA USA, Inc.


Jimmy John’s, LLC


Running Warehouse, LLC


Kaiser Foundation Health Plan


Snap, Inc.


AMN Healthcare, Inc. and AMN Language Services, Inc.


Lamps Plus, Inc.


JCPenney OPCO, LLC d/b/a JCPENNEY


Torrid LLC and Hot Topic, Inc.


Shipt, Inc.


Deckers Outdoor Corporation


Levi Strauss & Co.


Williams-Sonoma, Inc.


Digital Realty Trust


Principaux dossiers


  • Represented long-time firm client NextGen Healthcare in a putative class arising from a data breach that occurred in March 2023.
  • Acting in the first-of-its-kind MDL class action in the District of Massachusetts data breach litigation regarding the MOVEit breach.
  • Serving as outside privacy counsel to international pizza company Papa John’s.

Shook, Hardy & Bacon LLP

Regularly representing clients in class actions and arbitrations, Shook, Hardy & Bacon LLP has expertise in cases relating to data breaches, biometric privacy and adtech, including website tracking. The firm is additionally skilled in incident response support and incident preparedness, advising on both state and federal law compliance. The team is overseen by the Miami-based Al Saikali, who is experienced in cybersecurity incident response and ransomware attacks. Colman McCarthy, located in Kansas City, supports clients in  the retail, entertainment, financial, healthcare, education and government sectors. In Denver, Camila Tobón is expert in privacy and security compliance as well as AI governance. Also in Denver, Josh Hansen focuses on privacy policies and their compliance with domestic and international privacy laws. Jad Sheikali joined in October 2024 from Honigman Miller Schwartz and Cohn LLP.

Responsables de la pratique:

Al Saikali


Autres avocats clés:

Colman McCarthy; Camila Tobón; Josh Hansen


Principaux dossiers


Sidley Austin LLP

Sidley Austin LLP has a broad spectrum of expertise, advising on internal investigations, data breach litigation and generative AI initiatives. The firm’s clients cover a wide range of sectors, including technology, life sciences, defense and finance. David Lashway, an advisor on crisis management and investigations, and Alan Charles Raul, who advises tech, telecom and software clients, oversee the practice. Colleen Theresa Brown provides litigation and regulatory defense as well as support in internal investigations. Jennifer Seale is expert in regulatory compliance and data breach response. Jonathan Wilan specialises in compliance technology implementation. All mentioned lawyers are based in Washington DC.

Responsables de la pratique:

David Lashway; Alan Charles Raul


Autres avocats clés:

John Woods; Jennifer Seale; Jonathan Wilan; Colleen Theresa Brown


Principaux clients

ABB Asea Brown Boveri Ltd.


AT&T, Inc.


Univision NOW


SES Space & Defense, Inc.


Walmart Stores, Inc.


Principaux dossiers


  • Acting as outside privacy and cybersecurity counsel for numerous leading global clients, such as Hilton, DXC Technology, and Ohio Farmers Insurance.
  • Representing multiple clients on their exposure to the recent MOVEit data breach.
  • Serving as lead counsel to multinational industrial technology giant ABB on cybersecurity matters with respect to the investigation and response to a global ransomware matter.

Skadden, Arps, Slate, Meagher & Flom LLP

With an international network, Skadden, Arps, Slate, Meagher & Flom LLP offers comprehensive data and cybersecurity support in cross-border matters. The firm’s experience includes advising on incident response, data protection, privacy and AI-related challenges. The team is led by the Chicago-based WIlliam Ridgway, an expert in incident response and white collar matters, and Washington DC-based David Simon, who advises on cyber, AI and privacy. Also in Washington DC, Joshua Silverstein solidifies the team’s expertise in white collar crime investigations. Located in New York, Lisa Zivkovic focuses on global data privacy compliance, cyber fraud and data protection.

Responsables de la pratique:

William Ridgway; David Simon


Autres avocats clés:

Joshua Silverstein; Lisa Zivkovic


Principaux clients

Carlyle Group


Gryphon Investors


Flagstar Bank


TransUnion


Google


CyberPeace Institute


Principaux dossiers


  • Advising Carlyle Group, one of the world’s largest and most diversified global investment firms, on a broad range of cybersecurity, data privacy, and AI issues.
  • Advising CyberPeace Institute, a Geneva-based non-governmental organization, on public international law relating to an investigation into alleged cyber war crimes in Ukraine.
  • Defending Flagstar Bank in three high-profile nationwide data breach class actions.

Crowell & Moring LLP

With ‘deep cyber expertise’, the team at Crowell & Moring LLP supports companies in investigations and incident response issues, both relating to cybersecurity and data privacy. The firm’s experiences includes breaches caused by nation states and criminal groups. It is also experienced in state, federal and international compliance. Jeffrey Poston, who acts in regulatory investigations and class actions, and Evan Wolff, who advises on cybersecurity incidents and data breaches across the globe, oversee the team. Matthew Welling adds M&A experience to the team. Jennie VonCannon, in Los Angeles, conducts internal investigations and supports in enforcement actions. Members are based in Washington DC unless otherwise specified.

Responsables de la pratique:

Jeffrey Poston; Evan Wolff


Autres avocats clés:

Matthew Welling; Jennie VonCannon


Les références

‘The Crowell & Moring data breach team excels in rapid response, mobilizing resources immediately to contain breaches and prevent further damage.’

‘Jeffrey Poston is my go to partner for data breaches that have high risk of litigation, regulatory action, customer disputes or reputational fall-out.’

‘Matthew Welling has deep experience, and I would not hesitate to call either of them in the event of a data breach.’

Principaux clients

Capsule Corporation


Fox Corporation


Honeywell International


Microsoft


Principaux dossiers


  • Developed a robust botnet litigation practice for Microsoft, representing clients in affirmative litigation against threat actors who use hijacked computer networks for scams and cyberattacks.
  • Worked closely with Fox Corporation’s information security and privacy teams to design and conduct a bespoke cybersecurity-focused tabletop training exercise for Fox’s top executives.
  • Worked with Honeywell’s legal and IT compliance functions to prepare for an anticipated third-party cybersecurity audit in accordance with the Department of Defense Cybersecurity Maturity Model Certification.

Davis Polk & Wardwell LLP

Davis Polk & Wardwell LLP regularly advises social media companies, financial institutions, investment firms and industrial manufacturers across issues of cyber law and data privacy. The firm is knowledgeable of national and international privacy frameworks and supports clients in licensing agreements and regulatory investigations. James Haldin, an expert in administrative issues and regulatory investigations, and Matthew Bacal, who advises on strategic licensing and outsourcing transactions, are based in New York. Located in Washington DC, Robert Cohen assists in cybersecurity incident response and enforcement actions.

Responsables de la pratique:

Robert Cohen; James Haldin; Matthew Bacal


Principaux clients

26North Holdings


AIG


Alarm.com


Annaly Capital Management


Antares Capital


Assurant


Atairos


Avenue Capital Management


Banco Santander


Baker Hughes


Billtrust


Braze


Brookfield Capital Partners


Capital One


Comcast


Cornell Capital


Crowdstrike


CSFC Management Company


Dollar Tree Stores


Dow Jones Indices


Principaux dossiers


  • Representing Meta in a first-of-its-kind administrative proceeding that seeks to substantially rewrite a court-approved 2020 Consent Order.
  • Obtained a termination notice without charges in an SEC investigation of a global aerospace and defense company concerning cybersecurity disclosures.
  • Representing Meta in its challenge to the FTC’s administrative proceeding to reopen and rewrite the parties’ 2020 Consent Order.

Goodwin

Goodwin advises clients on cyber incident response in the tech, life sciences, financial services, private equity and real estate industries. The firm leverages its knowledge on federal and state privacy law, as well as AI regulation, to support clients in litigation and policymaking. Its expertise also includes adtech, biometrics, generative AI, fintech and crypto matters. Based in New York, AI expert Peter Marta, data litigator Mark David McPherson and risk management advisor Jud Welle lead the team. McPherson and Marta joined from Morrison Foerster in January 2024 and Hogan Lovells US LLP in September 2024 respectfully. Fellow practice head Kyle Tayman works out of Washington DC and represents clients before the FTC and other government agencies in their investigations. Omer Tene, in the Boston office, is a noted privacy expert in the team. In August 2024, Kaitlin Betancourt joined from an in-house position.

Responsables de la pratique:

Pete Marta; Mark David McPherson; Jud Welle; Kyle Tayman


Autres avocats clés:

Omer Tene


Les références

‘Goodwin stands out for its exceptional balance of strategic insight and practical, actionable advice.’

Principaux clients

Meta Platforms, Inc.


National Public Radio


New Balance Athletics, Inc.


Qualtrics International LLC


Principaux dossiers


Greenberg Traurig

‘A large, highly qualified, geographically-dispersed team’, Greenberg Traurig LLP supports clients across a broad range of industries, including e-commerce, financial services, healthcare, retail and entertainment. The firm is well-versed in privacy and security compliance across jurisdictions, with expertise in cross-border transfers. Based in San Francisco, Gretchen Ramos assists clients in the development of their data protection and security practices. Jena Valdetero works from Chicago, advising on compliance issues under the GDPR, CCPA and HIPAA. The Denver-based David Zetoony is noted for his work on data privacy and cyber security matters, including advice on regulatory investigations.

Responsables de la pratique:

Gretchen Ramos; Jena Valdetero; David Zetoony


Autres avocats clés:

Darren Abernethy; Reena Bajowala; Rebekah Guyon; Karin Ross


Les références

‘Gretchen Ramos is the best lawyer I’ve ever worked with – by a mile.’

‘Greenberg Traurig has a large, highly qualified, geographically-dispersed team. They have proven incredibly responsive, particularly in a crisis. They are also effective.’

‘Jena Valdetero is a star. She is smart, talented and extremely responsive.’

Principaux dossiers


  • Serving as privacy and cybersecurity counsel to genetic testing company, 23andMe, and directed the investigation of a security incident the company became aware of in October 2023.
  • Providing both data privacy and data security advice to Avant.
  • Acting as primary data privacy counsel to The Clorox Company.

Hausfeld LLP

Hausfeld LLP has a strong specialism in representing claimants in class actions for victims of data breaches and privacy violations. The firm is well-versed in cross-border issues across the US and Europe. The team is led by James Pizzirusso, a seasoned class action litigator with wider expertise in consumer protection and antitrust. Swathi Bojedla brings an expertise in healthcare class actions. Mandy Boltax acts in privacy and competition litigation, while Ian Engdahl advises on consumer-protection, data privacy and antitrust. All mentioned lawyers are in Washington DC.

Responsables de la pratique:

James Pizzirusso


Principaux dossiers


  • Acted in one of the first cases in the country on behalf of victims of the T-Mobile data breach in August 2021.
  • Acted in the first Marriott Data Breach complaint with named plaintiff representatives residing in all fifty states.
  • Acting in a consolidated action asserting that ParkMobile was negligent in allowing attackers to access records of 21 million customers.

Hintze Law

Placing ‘a strong emphasis on client-centric services’, Hintze Law provides strategic governance advice and support in privacy programs. The firm is particularly strong in data issues relating to AI and advises clients on the development of new AI tools. Based in Seattle, Susan Hintze, who supports clients in the tech, advertising, entertainment and social media sectors, and Mike Hintze, who is an expert advisor on regulatory issues relating to AI, lead the team. Also in Seattle, Sam Castic leverages experience in data breach response as well as data processing and transfer agreements. Ro Friend left the firm for an in-house position in October 2024.

Responsables de la pratique:

Susan Hintze; Mike Hintze


Autres avocats clés:

Sam Castic; Jennifer Ruehr


Les références

‘Mike Hintze and team provides practical guidance about cutting edge privacy issues.’

‘Really great deep practical and helpful advice.’

‘Mike Hintze is easy going, practical, and well-versed in data privacy issues.’

Principaux dossiers


Loeb & Loeb LLP

Loeb & Loeb LLP advises clients on compliance and governance issues relating to privacy. The firm also assists clients in litigation defense, including against class actions. Its clients include media, adtech and companies developing emergent tech. The department's New York-based practice head, Jessica Lee, is an expert in privacy programs and data security. In Chicago, Nerissa Coyle McGinn specializes in advertising and fintech. Melanie Howard, based in Los Angeles, adds experience in M&A transactions. In February 2024, Robyn Mohr and Ryan Martin were promoted to partner, with Michael Barry joining from Morrison Cohen LLP in the same month.

Responsables de la pratique:

Jessica Lee


Autres avocats clés:

Melanie Howard; Nerissa Coyle McGinn; Nathan Hole; Robyn Mohr; Ryan Martin; Michael Barry


Principaux clients

Johnson & Johnson


Henry Schein


Booking.com


Saks.com


WPromote LLC


Wyre


Principaux dossiers


  • Advising Johnson & Johnson on its employee monitoring initiatives, including the use of badge scans and laptop device tracing as part of a new initiative to confirm employee onsite attendance.
  • Advising on all litigation matters for payments company Wyre, including all privacy and cybersecurity matters.
  • Defending retailer Saks in a novel class action complaint in the Southern District of New York in which the plaintiff, utilizing a new privacy theory, sued for violations of an Arizona statute barring certain types of electronic surveillance.

McGuireWoods LLP

McGuireWoods LLP provides a comprehensive practice in data and cyber law, including advising on compliance, incident response and class action matters. The firm is well-versed in a wide range of privacy regulatory frameworks at the state, federal and globe level. Leading the team from Virginia are, Andrew Konia, who advises on outsourcing agreements, and Janet Peyton, an expert in information governance support. Ashley Matthews, in Charlottesville, regularly advises retailers and financial institutions on privacy and security issues. In April and August 2024 respectively, New York-based Nancy Ryan and Washington DC-based David Hirsch joined from in-house positions.

Responsables de la pratique:

Andrew Konia; Janet Peyton


Autres avocats clés:

Anne Peterson; Alicia Baiardo; Ashley Matthews; Nancy Ryan; David Hirsch


Principaux dossiers


Paul, Weiss, Rifkind, Wharton & Garrison LLP

Paul, Weiss, Rifkind, Wharton & Garrison LLP covers a wide range of matters for its cyber and data clients, including advising on cyber incident response, compliance, enforcement and litigation matters. In particular, the firm represents clients in data breach class action defense and regulatory enforcement brought by federal bodies. In Washington and New York, John Carlin advises on data protection for his clients. New York-based Jeh Johnson specializes in data privacy matters and emergent technologies.

Responsables de la pratique:

John Carlin; Jeh Johnson


Autres avocats clés:

Steven Herzog


Principaux clients

Amazon.com, Inc.


OpenAI


The Kraft Group


Sandvine Corporation


Principaux dossiers


Willkie Farr & Gallagher LLP

Willkie Farr & Gallagher LLP advises on transaction-related data issues, regulatory compliance and litigation representation. The firm additionally advises on emerging technologies including on the data and privacy implications of generative AI. Based in Washington DC, Daniel Alvarez specializes in data transfer contracts and policy drafting, while Laura Jehl is an expert on the collection use and storage of data. In Illinois, Craig Martin supports clients in internal investigations. ‘Highly effective’ Susan Rohol supports pharmaceutical companies and entertainment agencies in cybersecurity and privacy matters. Ben Hur  has left the firm.

Responsables de la pratique:

Daniel Alvarez; Laura Jehl; Craig Martin


Autres avocats clés:

Susan Rohol


Les références

‘Susan Rohol is what makes this practice unique. She is a very bright, talented lawyer and her extensive in-house experience makes her very effective when dealing with US privacy issues.’

‘Susan Rohol is highly effective, super-pragmatic and provides excellent client service. She is one of the best US privacy lawyers around.’

Principaux clients

Digital Dollar Project


Recorded Future


Insight Partners


Comcast Corporation


Veeam Inc.


Aon PLC


Google


ClearPoint Health


Principaux dossiers


Winston & Strawn LLP

Containing ‘experts in the field’, Winston & Strawn LLP represents clients in privacy and data litigation, including acting class actions and biometric-related litigation. The firm is well-versed in state and federal regulatory frameworks including the TCPA, BIPA, CCPA and CIPA. Based in Chicago, Alessandra Swanson, an advisor to healthcare, retail, media and e-commerce companies, and Sean Wieber, an expert privacy litigator, lead the team. Los Angeles-based Kevin Simpson is well versed in privacy and consumer protection legislation.

Responsables de la pratique:

Alessandra Swanson; Sean Wieber


Autres avocats clés:

James Randall; Kevin Simpson


Les références

‘Experts in the field, which is so important as can be a very technical area.’

‘The team has a deep up to date understanding of the intricacies of international trade law. they often practical useable advice in an efficient and effective manner.’

‘The firm makes it seamless when colleagues need to be included to provide quality, pragmatic advice on short notice.’

Principaux clients

BAM Trading Services Inc.


Fenix International Limited


LexisNexis Special Services Inc.


Sanctus, LLC


ADG, LLC


Great Expressions Dental Centers, P.C.


Comcast Corp.


Principaux dossiers


  • Represented Fenix Internet, LLC in a closely watched and hotly contested biometric privacy suit.
  • Represented BAM Trading Services Inc. in a case involving alleged violations of the Illinois Biometric Information Privacy Act.
  • Led a major victory for LexisNexis Risk in connection with a consumer protection case alleging violations of Illinois citizens’ right to privacy.