Baker McKenzie LLP assists multinational conglomerates in their data governance programs, covering AI, cyber and privacy compliance and risk management connected to product launches. The firm also handles data privacy and security issues connected to M&A transactions and data-sharing agreements. It is experienced in triaging international and cross-market data breaches. Brian Hengesbaugh, who co-leads the practice from Chicago, is an expert on data privacy, cybersecurity, AI and ad-tech issues. Justine Phillips, the Los Angeles-based lead, advises clients on pre- and post-data breach matters, including data and cyber litigation. Leading from New York, Cyrus Vance is an expert in cyber risks relating to critical infrastructure. Lothar Determann, in Palo Alto, advises TMT and healthcare clients on cybersecurity, data privacy and IT commercialization. Houston-based Rachel Ehlers specializes in the implementation of evolving technologies, both as products and as internal tools. Jonathan Tam, who operates out of San Francisco, is well-versed in data regulation across the globe, with experience in GDPR, CCPA, HIPAA and COPPA. Within the Chicago office, Cristina Messerschmidt regularly advises pharmaceutical and medical device companies, healthcare providers and financial institutions. In February 2024, Teresa Michaud left the firm.
Cyber law (including data privacy and data protection) in United States
Baker McKenzie LLP
Responsables de la pratique:
Brian Hengesbaugh; Justine Phillips; Cyrus Vance
Autres avocats clés:
Lothar Determann; Rachel Ehlers; Jonathan Tam; Cristina Messerschmidt
Principaux clients
Salesforce
Principaux dossiers
- Assisted in the acquisition of a point of sale solution, which included various privacy-specific considerations.
Cooley LLP
Advising global tech and software companies, Cooley LLP offers both general compliance advice as well as incident response support for data breaches, credential stuffing attacks and ransomware attacks. The firm is experienced in cyber-related litigation, including class actions, at the state, federal and international levels. It is also knowledgeable of data and privacy issues surrounding generative AI. Splitting his time between Washington DC and San Francisco, Travis LeBlanc is an expert in regulatory enforcement investigations and compliance for cyber and privacy regulations. Matthew Brown, who is based in San Francisco, is a seasoned defense litigator and advisor in government investigations. Divided between Chicago and New York, Tiana Demas supports clients in FTC regulatory enforcements and cybersecurity program assistance. DC-based Michael Egan provides cybersecurity preparedness and response support and has further expertise in cross-borders data flows. Los Angeles-based Teresa Michaud joined the team from Baker McKenzie in February 2024, whilst Kristen Mathews joined from Morrison Foerster in September 2024. Ben Hur joined the firm in 2025 from Willkie Farr & Gallagher LLP.
Responsables de la pratique:
Travis LeBlanc
Autres avocats clés:
Matthew Brown; Tiana Demas; Michael Egan; Kristen Mathews; Teresa Michaud; Ben Hur
Principaux clients
Chegg.com
DraftKings Inc.
loanDepot.com, LLC
Sonder Holdings Inc.
Sorenson Communications, LLC
NVIDIA Corporation
Meta
OpenAI
Roblox Corporation
Principaux dossiers
DLA Piper LLP (US)
A team with a ‘a range of expertise in US and international privacy and data protection laws’, the DLA Piper LLP (US) supports clients in their data privacy and compliance programs. The firm leverages its global office network to further assist its clients with cross-border issues. It is also a seasoned advisor in incident response matters, including data breaches, IT outages and cyberattacks. Based in San Diego, Andrew Serwin leads the team, supporting clients in fintech companies, IT service providers and pharmaceutical companies. Miami-based Carol Umhoefer is well-versed in advising multinationals in their expansions into new markets across the world. Kate Lucente, in the Seattle office, acts as incident response counsel, as well as risk management and governance advisor, to games companies and automobile manufacturers. Dallas-based Hayley Curry supports clients in cyber and privacy matters. James Sullivan departed from the practice in January 2024.
Responsables de la pratique:
Andrew Serwin
Autres avocats clés:
Carol Umhoefer; Hayley Curry; Kate Lucente; Ron Plesco
Les références
‘The team has global locations and global practitioners making DLA uniquely situated to deliver results.’
‘Hayley Curry and Ron Plesco give practical advice in real-time without needing to perform unnecessary expensive research.’
‘The team at DLA have a range of expertise in US and international privacy and data protection laws and practices. The team works diligently to respond to requests and asks sensible questions to ensure delivery is as accurate as possible.’
Principaux clients
CrowdStrike, Inc.
OpenAI
Eli Lilly & Company
Progress Software Corporation
Visa International, Inc.
The 3M Company
See Tickets
Dropbox, Inc.
Chemonics International, Inc.
Principaux dossiers
- Represented CrowdStrike in response to the outage in July 2024 that affected roughly 8.5 million systems, the largest in the history of information technology.
- Modernized Eli Lilly and Company’s global privacy program to mitigate regulatory, class action, and resiliency risk.
- Advised Progress Software in connection with its MOVEit software and alleged potential cyber incidents, widely considered to be the biggest incident in 2023.
Hogan Lovells US LLP
‘A pragmatic minded team with commercially sensitive leaders’, Hogan Lovells US LLP supports a wide range of market-leading companies, with especial strength in the application cybersecurity and AI advice in the sports and health sectors. The firm leverages its global network of cyber and data specialists to assist clients with market entries and global privacy controls. It is also highly knowledgeable of regulations and risk managements relating to machine learning and biometric controls. Scott Loughlin, who heads the team, advises on global compliance and privacy issues, with experience in new technologies including AI, blockchain and virtual reality. Marcy Wilder is an expert in privacy, cybersecurity and data protection in the health sector. Bret Cohen focuses on global privacy frameworks, such as GDPR, PIPL and LGPD. Paul Otto supports clients in cybersecurity assessments and incident investigations. Mark Brennan advises clients on privacy investigations, TCPA matters and AI-related compliance programs. All named lawyers are based in Washington DC. In August 2024, Peter Marta left the firm.
Responsables de la pratique:
Scott Loughlin
Autres avocats clés:
Mark Brennan; Bret Cohen; Marcy Wilder; Paul Otto
Les références
‘Hogan has a pragmatic minded team with commercially sensitive leaders that supplement our team to help us execute quickly and intelligently. They’re experts on both the regulatory environment and commercial realities for global companies dealing with ever increasing cyber laws and risks.’
‘Hogan’s team understands the need to respond to legal challenges in the data protection/cyber/security space correctly under pressure.’
‘The team at Hogan Lovells is outstanding from beginning to end. Bret Cohen and Paul Otto are extremely knowledgeable and subject matter experts.’
Principaux clients
Major League Baseball
Salesforce
Fox Corporation
National Football League
Autodesk
Sports, Media and Entertainment ISAC
Globe Life
Quora
Diligent Corporation
City of Hope Center
Principaux dossiers
- Serving as the go-to cybersecurity and technology counsel for Major League Baseball, advising on a wide range of cybersecurity, artificial intelligence, and technology matters in support of America’s pastime.
- Advising Fox Corporation on its third-party risk management strategy and implementation, including in connection with its negotiation of significant enterprise agreements.
- Leading cybersecurity counsel to Globe Life, a major provider of life insurance and related health products across the United States.
Hunton Andrews Kurth LLP
Hunton Andrews Kurth LLP advises clients on data privacy law compliance at the state, federal and global level, including advising clients on their data transfer strategies under the EU-US Data Privacy Framework. The firm also assists with cybersecurity preparedness plans and handles data issues around AI and biometrics. Lisa Sotto, the practice head, focuses on cybersecurity incident response and AI governance projects. In the Washington DC office, Phyllis Marcus is a market-leading expert on children’s privacy, specializing in the impact of adtech and digital environments on children. Aaron Simpson supports private equity firms and pension funds on transatlantic privacy and data security matters. Brittany Bacon is noted for her knowledge in comprehensive privacy and cybersecurity projects. Adam Solomon is an expert on privacy and data monetization compliance programs, whilst Michael La Marca focuses on matters regarding emergent technologies, such as machine learning. Danielle Dobrusin regularly advises clients on the CCPA and CPRA. All mentioned lawyers are based in New York unless stated otherwise.
Responsables de la pratique:
Lisa Sotto
Autres avocats clés:
Aaron Simpson; Phyllis Marcus; Brittany Bacon; Danielle Dobrusin; Michael La Marca; Adam Solomon; Jenna Rode; James Henderson
Les références
‘This team is THE #1 team in the business. No one better to guide and counsel senior executives and Boards of Directors and also handle cyber response.’
‘Lisa Sotto is the best lawyer in this area. The best. Amazing talent, great skills, super wise, great with boards of directors. I hope to never have a reason to hire her again, but if I need to she is on speed dial.’
‘Brittany Bacon is a super talent. My team across various corporate functions believes Brittany is an absolute rock star.’
Principaux clients
Google NTPG Global
Tiffany & Co.
Silver Lake Technology Management
Comcast Corporation
Paramount Global
LivaNova PLC
The Procter & Gamble Company
MUFG Bank
The TJX Companies, Inc.
ScanSource, Inc.
Principaux dossiers
- Providing myriad legal advice to a well-known global technology company, including advising on compliance with US and EU privacy laws, assisting with AI governance issues, and providing advice on its data transfer strategy and other privacy issues.
- Advising a luxury retailer on global data protection and privacy issues, including compliance efforts withUS, EU and China privacy laws.
- Assist a global medical device manufacturer with its response to a ransomware attack, including all aspects of the incident management and response efforts.
Latham & Watkins LLP
Latham & Watkins LLP is highly experienced acting as defense counsel for clients in class action litigation as well as regulatory investigations and enforcement proceedings brought by the SEC and FTC. The firm also supports clients with incident response matters concerning ransomware attacks. Its clientele includes tech companies, sports teams, oil & gas distributers and life sciences companies. Michael Rubin spearheads the team from San Francisco and advises on global regulatory investigations and data breach litigation. Jennifer Archie specializes in defending clients before the FTC, DHS and state attorneys, while Antony Kim guides clients through cyberattack and data breach responses. Serrin Turner, based in New York, is highly knowledgeable in SEC enforcement actions and class action litigations. Marissa Boynton advises multinational corporations in healthcare, retail, professional services and tech. Clayton Northouse supports clients with global privacy and cybersecurity governance. Unless stated otherwise, mentioned lawyers are based in Washington DC.
Responsables de la pratique:
Michael Rubin
Autres avocats clés:
Jennifer Archie; Antony Kim; Serrin Turner; Robert Blamires; Marissa Boynton; Clayton Northouse
Les références
‘The team is unsurpassed at providing key practical advice and experience dealing with regulators.’
‘Robert Blamires in particular is very responsive, helpful and practical at solving our data privacy concerns and issues.’
Principaux clients
Apple, Inc.
Meta Platforms, Inc.
Otonomo, Inc.
Truthfinder
Accellion, Inc.
Thomson Reuters, Inc.
Binance.US
Gen Digital, Inc.
AppsFlyer, Inc.
Goldman, Sachs & Co.
Discord, Inc.
Drizly
Cory Rellas
Principaux dossiers
Morrison Foerster
The ‘incredibly experienced’ team at Morrison Foerster supports clients in a range of privacy litigation, including over data breaches, data security, HIPAA, FCPA, TCPA, COPPA and ECPA. The firm is also well-versed in multistate attorney general investigations and FTC investigations. It advises clients in data security incidents in the public and private sectors, and it supports clients in AI-related privacy issues. Miriam Wugmeister oversees the team, supports companies with incident response plans and execution of global compliance strategies. Marian Waldmann Agarwal supports clients with privacy and data protection laws in across the globe. Purvi Patel, in Los Angeles, is an expert advisor to retail and e-commerce companies. San Francisco-based Tiffany Cheung supports clients in class actions suits concerning privacy law, including over AI and wiretapping. Based in Washington DC, Melissa Crespo is well-versed in healthcare privacy, with expertise in the HIPAA framework. All mentioned lawyers are based in New York unless stated otherwise. Kaylee Cox Bankston and Boris Segalis joined the firm from Goodwin in March 2024. Kristen Matthews exited in September 2024.
Responsables de la pratique:
Miriam Wugmeister
Autres avocats clés:
Purvi Patel; Marian Waldmann Agarwal; Tiffany Cheung; Melissa Crespo; Kaylee Cox Bankston; Boris Segalis
Les références
‘The MoFo team is incredibly experienced and led by industry veteran Miriam Wugmeister. This team has handled some of the largest data breaches in history and has the depth and bench to handle any type of cybersecurity issue.’
‘Kaylee Bankston is a young partner with deep, hands-on experience solving complex data security issues. Kaylee has led many investigations as an associate and partner and understands the life cycle of an incident.’
‘Linda Clark leverages her many years of in-house expertise in providing actionable advice.’
Principaux clients
Aqua Capital
Adidas
Alpine Investors
Amazon
American Bankers Association
Bumble Trading
California Attorney General’s Office
Capital One
Marriott International
OpenAI
Oracle
Palladium Equity Partners
Pfizer
Prudential
Salesforce
Samsonite
Sony Interactive Entertainment
SoftBank
Target
Twitch Interactive, Inc.
Unisys
Unity Technologies
Principaux dossiers
- Leading the defense of Oracle in a putative class action asserting wiretapping, invasion of privacy, and other claims under California, Florida, and federal laws.
- Advising OpenAI, the AI research lab that developed ChatGPT and DALL-E, on privacy and cyber compliance matters.
- Representing defendant IQVIA, a data analytics healthcare company, in two putative TCPA class actions.
Orrick, Herrington & Sutcliffe LLP
Supporting clients in their contentious and non-contentious matters, Orrick, Herrington & Sutcliffe LLP advises on class actions brought against major corporations as well as cross border compliance projects, concerning both privacy and data transfer. The firm frequently assists with the internal and external use of AI. When necessary, the firm is also able to guide companies through the crisis response process. The team is led by Shannon Yavorsky in San Francisco, who advises on global privacy, cybersecurity and AI regulatory matters. Heather Egan is based in Boston, focusing on cybersecurity, privacy and information management. Based in Washington DC, Thora Johnson is an expert in the handling of health data, regularly designing compliance programs. Both in the Boston office, Aravind Swaminathan supports clients in cybersecurity incidents, high-stakes litigation and enforcement actions, while Joe Santiesteban advises telecoms and entertainment companies on crisis management. Also working in Boston, Emily Tabatabai is instructed on privacy, consumer protection and online safety matters. The San Francisco-based Michelle Visser is a seasoned litigator in the tech space, supporting clients in cyber, privacy and online safety matters.
Responsables de la pratique:
Shannon Yavorsky
Autres avocats clés:
Heather Egan; Aravind Swaminathan; Michelle Visser; Emily Tabatabai; Thora Johnson; Joe Santiesteban
Les références
‘Incredible resources, from senior partners to associates. Their whole team was deeply experienced and showed that throughout our matter. They knew what was going to happen before it happened based on their experience.’
‘Michelle Visser is a truly fantastic lawyer. She came up with a strategy that saved us years and tons in cost, and executed the strategy perfectly. Joe Santiesteban was great on incident response, clearly in control the entire time.’
Principaux clients
Arietis Health
Bark.com Global Limited
Block, Inc.
Capital One Financial Corp.
Carnival Corp.
Evolve Bank & Trust
Fenix International Limited
Meta Platforms
Internet Society
Kimberly-Clark Corporation
NVIDIA Corporation
Oregon Department of Transportation
Regents of the University of California
Sinclair Broadcast Group
Unilever
X Corp.
Principaux dossiers
- Represented RingCentral in San Mateo County Superior Court concerning a class action brought under the California Invasion of Privacy Act(CIPA).
- Defending Evolve Bank & Trust in a multidistrict litigation in the Western District of Tennessee that consolidates 22 lawsuits alleging a threat actor stole customer information during a preventable data breach in violation of state and federal laws.
- Represented Block, Inc. and Cash App Investing in a class action filed in the Northern District of California.
Venable LLP
‘Uniquely’ positioned to advise in the digital advertising space, the team at Venable LLP contains experts in the adtech sector, advising on data privacy in the social media, education, automotive, healthcare and entertainment sectors. In addition, the firm regularly handles AI-related matters. It also handles investigations and regulatory developments made by the FTC and state attorney generals. The team, which operates out of Washington DC, contains Kelly DeMarchis Bastide, who advises on privacy compliance, and Stuart Ingis, an advisor to trade associations and coalitions on privacy issues. Emilio Cividanes supports clients with the implementation of regulatory and litigation strategies concerning data privacy. Michael Signorelli is frequently instructed by marketers, advertisers, data providers and streaming platforms. Julia Tama is also noted for her work on financial, children’s and health privacy. Desirée Moore joined the firm from K&L in December 2023 followed by Emily Keimig and Jessica Arett from Sherman & Howard LLC in May 2024.
Responsables de la pratique:
Kelly DeMarchis Bastide; Emilio Cividanes; Julia Tama; Stuart Ingis; Michael Signorelli
Autres avocats clés:
Tara Potashnik; Desiree Moore; Emily Keimig; Jessica Arett
Les références
‘The insight that the Venable team brings combines their expertise in the substance of the business issues that our industry faces along with their deep knowledge of the policy and legal environment that create constraints and opportunities.’
‘The two things that come most to mind when I think about my work with Stuart Ingis and Tara Potashnik is the combination of deep expertise and commitment to customer service. It isn’t just that their advice is sound but that I can access that expertise in a timely manner.’
‘I work with Venable because they are very responsive and the guidance provided is excellent.’
Principaux dossiers
- Representing and advising Privacy for America and have guided it through some of the most important privacy milestones in recent years, including working across the federal government on issues such as children’s privacy and safety.
- Providing general counsel the Association of National Advertisers.
- Negotiated a final order settling allegations made by the FTC again InMarket and its practices around precise location data.
Akin
Akin is at the forefront of emerging state privacy law, regularly advising clients on the new California Consumer Privacy Act. The firm is also experienced in government and internal investigations brought due to cybersecurity and data privacy concerns. Its sector expertise covers a wide variety of industries, including the financial sectors, healthcare, retail and defense sectors. Located in San Francisco, Natasha Kohne heads the team, advising on AI regulation and representing in investigations and class action. Jo-Ellyn Sakowitz Klein, found in Washington DC, is an expert on a range of regulatory frameworks, such as HIPAA, HITECH, CCPA and the FTC Act. Jo-Ellyn Sakowitz Klein, located in California, is seasoned in consumer and data privacy class actions. Peter Altman works from Los Angeles and advises clients in the public and private sectors, representing companies in government enforcement procedures. Dario Frommer left the team in May 2024, followed by Corey Roush in June 2024 and Michelle Reed in July 2024.
Responsables de la pratique:
Natasha Kohne
Autres avocats clés:
Jo-Ellyn Sakowitz Klein
Principaux clients
Altice USA, Inc.
ClearBalance Healthcare
Waste Management, Inc.
National Cotton Council of America
Principaux dossiers
BakerHostetler
BakerHostetler's team is highly knowledgeable in incident response and attorney general investigations, supporting companies in the healthcare, financial services, tech and education sectors. The firm is particularly experienced in data breach-related matters, including ransomware attacks. It also advises companies on AI and blockchain issues. Theodore Kobus III, who is well-versed in class action defense and regulatory suits, leads the team from New York. Cincinnati-based Craig Hoffman is an expert on payment card security incidents. In the Houston office, Lynn Sessions is adept at handling cybersecurity incident response and regulatory investigations, particularly within the healthcare sector. Denver lawyer Casie Collignon is an expert litigator in privacy class action defense. Jennifer Mitchell is based in Los Angeles and advises on compliance matters concerning GDPR, HIPAA and CCPA. In November 2024, Raymond Aghaian joined the team.
Responsables de la pratique:
Theodore Kobus III
Autres avocats clés:
Lynn Sessions; Craig Hoffman; Casie Collignon; Sara Goldstein; Jennifer Mitchell
Principaux clients
Panda Restaurant Group
Dell Technologies
Forty Niners Football Company LLC
Publicis Groupe
Sephora
The Coca-Cola Company
Qurate Retail Group
Fred Hutch Cancer Center
The Cleveland Clinic
University of Texas M.D. Anderson Cancer Center
Northwestern Medicine
Banner Health
Mayo Clinic
Boston Children’s Hospital
MedStar Health
Prisma Health
University of Florida Health Sciences Center
University of California Regents
Volkswagen
Chick-fil-A
Marriott International
Principaux dossiers
- Representing over 130 health systems in Facebook Pixel healthcare litigation.
- Defending AT&T in multi-state attorney general investigations and dozens of lawsuits related to AT&T’s notification to 54 million people in March 2024 of a security incident.
- Providing litigation, regulatory, and strategic counsel to Marriott International, six years after the Starwood database security incident.
Debevoise & Plimpton LLP
Debevoise & Plimpton LLP ‘has significant expertise and delivers quality work’, advising global clients on incident response matters and investigations brought by state attorney generals. The firm is experienced advising clients on the SEC cybersecurity rules. Its members include experts on privacy, AI, M&A due diligence and data governance. Both leading the practice, Washington DC-based Luke Dembosky specializes in cyber risk management and internal investigations, while Avi Gesser supports private equity funds, insurance companies and hedge funds in ransomware and nation-state cyber attacks. Erez Liebermann is knowledgeable of data-related regulatory requirements, and Jim Pastore is an expert litigator in the cyber field. Matt Kelly leverages his expertise in governance, compliance and risk management matters relating to AI. Unless otherwise stated, lawyers are based in New York.
Responsables de la pratique:
Luke Dembosky; Avi Gesser
Autres avocats clés:
Erez Liebermann; Jim Pastore; Johanna Skrzypczyk; Matt Kelly
Les références
‘Luke Dembosky and Erez Lieberman both have tremendous experience in the cybersecurity area and are true trusted partners. Their stellar reputation in the cyber legal community is well earned. They provide informed, realistic, and actionable guidance.’
‘The Debevoise cyber team is one of the larger and stronger teams. It has significant expertise and delivers quality work. ’
‘Standout partners include Erez Liebermann and Luke Dembosky.’
Principaux clients
American Express
Capital One
Glaxosmithkline
GoDaddy
Microsoft
Prudential Financial
Securities Industry Financial Markets Association
Warner Music Group
WPP Group
Principaux dossiers
- Advising the leading financial services trade associations on the industry’s comment letter responses to multiple proposed regulations or other requests for comment.
- Advising MassMutual in a multidistrict litigation stemming from the MOVEit cyberattack.
- Assisting the client with subsidiary Rockstar Games’ September 2022 cybersecurity incident and related matter at 2K Games relating to the theft of 4 million records from a support database.
Dechert LLP
Dechert LLP is a highly versed litigation expert, representing clients in class actions and DOJ and state attorney general enforcements. The firm acts in disputes concerning AI, machine learning and consumer protection. It also regularly advises clients on cyber incidents, including ransomware attacks and data breaches. The team is led from Boston by Brenda Sharton, is a seasoned advisor in data breach investigations and cyberattacks. Also in Boston, Timothy Blank advises on compliance matters concerning US and EU privacy laws. Based in Los Angeles, Benjamin Sadun is an expert in issues surrounding AI, large language models and biometrics. Hilary Bonaccorsi, who specializes in the design and application of compliance programs under the FTC Act, CCPA and GDPR, works from Charlotte, North Carolina.
Responsables de la pratique:
Brenda Sharton
Autres avocats clés:
Timothy Blank; Hilary Bonaccorsi; Benjamin Sadun; Theodore Yale; Bailey Dervishi
Les références
‘The team is responsive, agile and uniquely creative.’
‘Brenda Sharton is definitely someone you want by your side. She is fully committed to delivering the best service to her clients, always available, creative and a pleasure to work with.’
‘Benjamin Sadun is a stand-out partner. Brilliant and engaged.’
Principaux clients
Ivy Fertility Services, LLC
Prisma Labs, Inc.
Easy Healthcare Corporation
Flo Health, Inc.
Microsoft
Select Medical Holdings Corporation and Concentra
Aquiline Capital Partners LP
Principaux dossiers
- Representing Ivy Fertility Services, LLC, and 13 other fertility clinics in lawsuits concerning the use of website tracking technology like the Meta Pixel and Google Analytics.
- Defending Prisma Labs, Inc. in a class action lawsuit concerning the uploading of photos of Illinois residents to the internet.
- Advising Microsoft in eight federal lawsuits regarding a major data breach in 2023.
Eversheds Sutherland
‘Truly global, with expertise in all of the major regions of the world’, Eversheds Sutherland supports major international corporations on privacy and data security matters in a wide range of industries, including banking, consumer goods, healthcare, life sciences, media and tech. The firm advises on regulatory frameworks from the state to international level, such as COPPA, HIPPA, GDPR and PIPL. It is also able to leverages its international network of offices to enhance its advice. Michael Bahar is based in Washington DC and advises on data security and privacy. Bahar leads the practice alongside San Francisco-based Brandi Taylor, who specializes in the emerging state privacy laws, and Atlanta-based Rachel Reid, an expert on AI regulation and deployment. Mary Jane Wilson-Bilik, who works from DC, is well-versed in CCPA, FCRA and GDPR compliance. Made partner in January 2025, Alexander Sand is located in Austin, Texas and is an expert in cybersecurity and virtual currency regulation.
Responsables de la pratique:
Michael Bahar; Brandi Taylor; Rachel Reid
Autres avocats clés:
Mary Jane Wilson-Bilik; Alexander Sand
Les références
‘Eversheds Sutherland’s cyber practice is truly global with expertise in all of the major regions of the world.’
‘Michael Bahar and Alexander Sand are very experienced cyber lawyers with an excellent understanding of the challenges that large tech companies face regarding data privacy and protection.’
‘Michael Bahar is excellent and knowledgeable on privacy and cybersecurity matters.’
Principaux dossiers
Gibson, Dunn & Crutcher LLP
Gibson, Dunn & Crutcher LLP contains seasoned advisors in major regulatory investigations and litigation, including acting in class actions and suits brought by state attorney generals following major data breaches. It is also well-versed in privacy violations and data misuse allegations. Ashlie Beringer, based in Palo Alto, advises media and tech companies on compliance issues regarding privacy, cybersecurity, the blockchain and AI. Advising from New York, Lauren Goldman is an expert litigator in class actions, representing clients in proceedings brought under the TCPA, the Wiretap Act and new state privacy laws. Jane Horvath, in Washington DC, specializes in multijurisdictional privacy matters, working with regulators and policy makers. Rose Ring regularly represents clients in social media, online advertising AI and cloud platforms. In September 2024, Palo Alto-based Keith Enright joined from an inhouse position at Google, and Alexander Southwell left the practice.
Responsables de la pratique:
Ashlie Beringer; Jane Horvath; Rose Ring; Lauren Goldman; Keith Enright
Autres avocats clés:
Ryan Bergsieker; Cassandra Gaedt-Sheckter; Vivek Mohan; Ashley Rogers; Sarah Erickson
Principaux clients
DoorDash Inc
Zoom Video Communications
Principaux dossiers
Jones Day
‘A leading firm nationally’, Jones Day runs the gamut of data protection and data privacy matters. The firm is expert in a range of emergent tech, including generative AI, autonomous vehicles, the internet of things, gaming, and satellite tech. It provides national and international incident response support as well as representation in regulatory investigations and litigation. ‘Truly a superstar’, Lisa Ropple, leading the team from Boston, acts for clients in government enforcements, regulatory investigations and class actions. New York-based Mauricio Paez is ‘a trailblazer in global privacy assessments and tech transactions’, with expertise in both terrestrial and space-based commercial data services. Working in California, John Vogt specialises in class actions over the theft of consumer data and healthcare records. Atlanta-based Mary Alexander Myers is noted for her work in the healthcare, gambling and financial services sectors. Ryan Blaney joined the Washington DC team from Proskauer Rose LLP in February 2024.
Responsables de la pratique:
Lisa Ropple
Autres avocats clés:
Mauricio Paez; John Vogt; Kerianne Tobitsch; Edward Chang; Mary Alexander Myers; Ryan Ball
Les références
‘Jones Day offers complete global coverage and is one of the best at managing complex cross-border data security issues.’
‘Lisa Ropple leads the practice and works tirelessly for clients. She is a leader and her expertise navigating cyber security issues and data breaches is unparalleled.’
‘Maurico Paez has been at the forefront of cybersecurity and data privacy and is a trailblazer in global privacy assessments and tech transactions.’
Principaux clients
Point32Health, Inc.
Aireon, LLC
Experian Information Solutions, Inc.
American Hospital Association
Internet Corporation of Assigned Names and Numbers
Cart.com
Ascension Health
NerdWallet
JP Morgan Chase & Co.
Kia Motor America
Principaux dossiers
- Representing Point32Health in range of matters arising from a high profile ransomware attack on Harvard Pilgrim Health Care.
- Representing Experian Information Solutions, Inc. in a lawsuit alleging that a plaintiffs’ law firm constructed a nationwide scheme to extort Experian into settling “sham” lawsuits.
- Representing Ascension in an ongoing privacy investigation by numerous state attorneys general and the United States Department of Health and Human Services related to Ascension’s collaboration with Google to develop health care AI.
Linklaters LLP
Linklaters LLP has a wide range of experience in international cyber and data law matters, advising on the implementation of compliance programs, incident response and governance work. The firm also specializes in the commercialization of data in an array of industries. It is highly knowledgeable in matters concerning emergent technologies, including AI, adtech, biometric and geolocation capabilities. Ieuan Jolly is the New York-based practice head, specializing in data commercialization. Caitlin Potratz Metcalf, in Washington DC, focuses on multi-jurisdictional privacy matters. In New-York, Kris Ekdahl is well-versed in state and federal privacy laws, while Ekta Oza advises on privacy regulatory compliance and cybersecurity incidents.
Responsables de la pratique:
Ieuan Jolly
Autres avocats clés:
Kris Ekdahl; Caitlin Potratz Metcalf; Ekta Oza
Principaux clients
Microsoft
Volkswagen
Clear Channel
Viking River Cruises
iHeart
Media Inc.
Brookfield
SMBC
Corebridge Financial
Samsung
Vitesco
Sibanye
Stillwater
Wynn Las Vegas Hotels & Resorts
Principaux dossiers
- Represented multiple leading publishers on first of their kind data and digital content licensing with Big Tech AI developers building LLMs, including OpenAI, Google, Amazon, Apple, Mistral, Perplexity.
- Advised on the most significant data-driven transaction in the auto sector, advising Volkswagen on a landmark joint venture with Rivian, guiding them through the legal and strategic aspects of integrating Rivian’s advanced AI and software-defined vehicle technology.
- Advised Eaton on implementing a data governance and AI strategy to transform its power management solutions, addressing a range of cybersecurity, and data privacy issues associated with its expanding AI initiatives.
Mayer Brown
‘An excellent resource’, Mayer Brown covers global data breaches and putative class actions in a wide range of industries, including tech, social media, food & beverages and financial services. It is also well-versed in compliance matters for AI and privacy issues. Leading the team from Washington DC, Rajesh De specializes in AI, national security, enforcement and privacy. Stephen Lilley, also in DC, advises on internet of things, medical devices and critical infrastructure. Arsen Kourinian works in Los Angeles, advising on adtech, cross-border data transfers and M&A-related privacy and security due diligence. Splitting his time between DC and New York, Adam Hickey is an expert on combating cyber threats in the private sector and critical infrastructure. Dominique Shelton Leipzig left the firm to an inhouse position in October 2024.
Responsables de la pratique:
Rajesh De
Autres avocats clés:
Arsen Kourinian; Stephen Lilley; John Nadolenco; Adam Hickey
Les références
‘The Mayer Brown team is an excellent resource for my team and I. It has the expertise to help us figure out the many nuanced considerations relating to our business.’
‘Raj De is an excellent leader and a true pleasure to work with. He manages to stay on top of his own business, but also my company’s business.’
‘Stephen Lilley is incredibly responsive and provides excellent legal guidance regarding what can often be very political matters.’
Principaux clients
TikTok, Inc.
ByteDance, Inc.
Boeing Employees’ Credit Union
Yum! Brands
Cloudflare
Google, Inc.
Principaux dossiers
- Representing TikTok Inc. and ByteDance Inc. in a variety of complex legal matters, including high-profile class action lawsuits alleging privacy violations related to data collection and usage on both the TikTok and CapCut platforms.
- Advising Cloudflare, a global leader in cloud services, on a wide range complex cybersecurity and data privacy challenges.
- Representing Yum! Brands, Inc. in its defense of several class action lawsuits alleging that Yum! Brands failed to protect the personal information of its employees and former employees following a ransomware attack that it experienced in January 2023.
McDermott Will & Emery LLP
McDermott Will & Emery LLP assists international corporations in investigations, defenses against enforcement, privacy litigation and data breach response. The firm’s investigations experience includes those brought by the FTC, OCR, FCC and state attorney generals. Its clientele is broad, with companies from the life science, tech, telecoms, financial services, media and automotive sectors. The team is led by Michael Morgan from Los Angeles and Silicon Valley, advising both on incident response and data monetization. Edward Zacharias, based in Boston, specializes in the healthcare sector as does the Chicago-based Daniel Gottlieb, whose clients include health IT vendors, healthcare providers, health plans, universities and life sciences firms. Joining from Gibson, Dunn & Crutcher LLP in September 2024, Alexander Southwell works from New York, focusing on litigation and investigation relating to the tech sector. Scott Weinstein left for an in-house position in April 2024.
Responsables de la pratique:
Michael Morgan
Autres avocats clés:
Edward Zacharias; Daniel Gottlieb; David Saunders; Alexander Southwell; David Gacioch; Jiayan Chen; Ryan Higgins; Elliot Golding; Kathryn Linsky; Amy Pimentel
Principaux clients
Charles Schwab
National Spine and Pain Centers
Southern Illinois Hospital Services
TD Ameritrade
Principaux dossiers
- Defended social media giant TikTok against multiple Attorney General lawsuits asserting consumer protection “teen mental health” claims related to the app’s alleged addictiveness.
- Represented Charles Schwab and TD Ameritrade in one of the largest data breach class action multidistrict litigations ever, following the massive MOVEIt data breach.
Quinn Emanuel Urquhart & Sullivan, LLP
‘The ultimate strategists’, Quinn Emanuel Urquhart & Sullivan, LLP maintain a broad expertise in different industries, from mobile apps and digital advertising to healthcare and insurance. It has particular strength representing its clients in class actions, concerning data breaches and ransomware attacks. Splitting their time between Los Angeles and New York, Stephen Broome practices in security and data privacy investigations brought by the government and regulators, while Viola Trebicka advises on data privacy, data security, the use of AI and IP. Working in New York, Jennifer Barrett is an expert in data breach responses, with clients in banking, insurance, publishing and marketing. Los Angeles-based Alyssa Olson is noted for her work in data privacy class actions.
Responsables de la pratique:
Stephen Broome; Viola Trebicka; Jennifer Barrett
Autres avocats clés:
Alyssa Olson
Les références
‘Complex litigation attorneys for the biggest matters. The ultimate strategists.’
Principaux clients
Google LLC
Snowflake Inc.
Ancestry.com
KIK Custom Products, Inc.
Kaseya US LLC
Match Group Inc
ZoomInfo Technologies
Entertainment Partners LLC
Cyderes Inc
Take-Two Interactive, Inc.
Google LLC
Snowflake Inc.
Ancestry.com
Principaux dossiers
- Defended Google against a nationwide class action alleging Google improperly collects browsing data while users are in their browsers’ “private browsing” mode.
- Defending Snowflake Inc. in the In re: Snowflake Data Breach MDL—an MDL involving over 100 class actions.
- Representing Ancestry.com in six putative class actions premised on electronic yearbook excerpts hosted on Ancestry’s website.
WilmerHale
Operating out of Washington DC, the team at WilmerHale is highly knowledgeable of the healthcare sector, advising on sensitive data breaches response. The firm’s expertise stretches to class actions and investigations before the FTC, state attorney generals and federal regulators. Its wider industry knowledge includes the retail, manufacturing, adtech, ecommerce and financial sectors. Kirk Nahra, who represents clients in enforcement actions and regulatory investigations at the state and federal level, and Benjamin Powell, an advisor on incident response and preparedness, head the practice. Advising on data security and privacy issues in M&A transactions, Jason Chipman is also noted within the team. In January 2025, Arianna Evers, experienced in AI-related issues, was made partner. Ali Jessani brings experience in privacy, cybersecurity and data protection regulation to the practice.
Responsables de la pratique:
Kirk Nahra; Benjamin Powell
Autres avocats clés:
Jason Chipman; Arianna Evers; Ali Jessani
Principaux dossiers
Alston & Bird LLP
Standing out for its lawyers’ ‘technical expertise’, Alston & Bird LLP advises clients on cybersecurity preparedness, privacy and data protection compliance. The firm guides clients through compliance programs and has expertise in data breach responses relating to ransomware attacks, including attacks brought by nation states. The team is led by Atlanta-based David Keating, who advises on national and international data protection matters, and Washington DC-based Kimberly Peretti, an expert in the healthcare, hospitality, telecoms and insurance industries. In Atlanta, Maki DePalo assists clients with state privacy law compliance programs, while Kellen Dwyer is an experienced cyber litigator, working in Washington DC.
Responsables de la pratique:
David Keating; Kimberly Peretti
Autres avocats clés:
Kellen Dwyer; Maki DePalo
Les références
‘The data breach & data protection team are extraordinarily experienced in all aspects of data protection and breach response work.’
‘The individual lawyers are responsive, knowledgeable, and very thorough. They are also used to working with technically inclined business folk, rather than attorneys, which is a unique skill set.’
‘Alston & Bird is unique in several ways, especially due to the highly specialized staff and their overview of the evolving nature of privacy law.’
Principaux clients
United Parcel Service, Inc.
McDonald’s Corporation
Cross-Border Data Forum
Principaux dossiers
- Advised UPS on privacy notices and global data transfer issues as well as advice related to the American Privacy Rights Act.
Cleary Gottlieb Steen & Hamilton LLP
Cleary Gottlieb Steen & Hamilton is highly knowledgeable of the privacy and data security issues surrounding major M&A transactions across industries. The firm is also well-versed in providing support in incident response, data breach litigation, enforcement actions and corporate governance. Working from the New York office, practice head Daniel Ilan specializes in data, AI and tech transactions for major multinational corporations and private equity firms. Marcela Robledo is based in San Francisco and maintains expertise in data privacy for tech companies. Melissa Faragasso brings experience in AI-related matters, while New York-based Rahul Mukhi focuses on cybersecurity issues, from data breach and ransomware attacks to regulator inquiries. Also in New York, Jonathan Kolodner supports clients in cyber compliance programs.
Responsables de la pratique:
Daniel Ilan
Autres avocats clés:
Jonathan Kolodner; Rahul Mukhi; Marcela Robledo; Melissa Faragasso
Principaux clients
American Express
Amundi S.A.
Atlassian
FullBeauty Brands, Inc.
Global Healthcare Exchange, LLC
GMO-Z.com Trust Company Inc.
Ionic Digital Inc.
Miami International Holdings Inc.
Midjourney
NFL Players Association Trust
Olympus Technologies Inc.
Tempur Sealy International Inc.
Thales
T-Mobile
Warburg Pincus
Principaux dossiers
Davis+Gilbert LLP
Based in New York, Davis+Gilbert LLP is highly experienced in data and privacy issues concerning adtech and advertising-related matters, advising leading players in this space. The firm’s experiences includes advising on ad fraud, affiliate marketing and the application of emerging technologies, including AI. It is also experienced in providing crisis management supports, relating to data breaches and regulatory inquiries. The team is led by Richard Eisert, an experienced litigator for IP and tech matters, and Gary Kibel, who advises on the CCPA, GDPR and recent legislation. Within the team, Zach Klein is well-versed in data security incidents and breach response, while Jeremy Klein advises clients on the collection, use and transfer of information. Oriyan Gitig is also recommended.
Responsables de la pratique:
Richard Eisert; Gary Kibel
Autres avocats clés:
Zach Klein; Jeremy Merkel; Oriyan Gitig
Les références
‘The team is extremely responsive and pragmatic. The advice is always tailored to the client’s specific circumstances and always takes into account latest development in the particular area of law, no matter how recent it is.’
‘Gary Kibel responds to queries with utmost care. He is extremely knowledgeable, pragmatic and approachable.’
‘Knowledgeable, gracious and patient experts in the field of Cyber law including data privacy and data protection.’
Principaux clients
Actable Data
Arcspan Media
Forbes Media LLC
Giant Spoon
Kerv Interactive
Magellan AI
Roofstock
StackAdapt
theBalm
Tradeswell
Vistar Media
Principaux dossiers
Fenwick & West LLP
Fenwick & West LLP advises private and public sector clients on privacy and data security matters, including reviews of governance and policies as well as in class actions. The firm is also well-versed in cutting-edge technologies, including adtech, AI, autonomous vehicles, cryptocurrency and geolocation data. Members of the team regularly work with the firm’s wider departments, with particular experience support the M&A team in transactions. The team is overseen by the San Francisco-based Tyler Newby, a specialist in privacy and data security litigation, and the Washington DC-based Michael Sussmann, who enhances the firm’s expertise in cybersecurity. In New York, David Feder supports tech and life sciences companies in government investigations and regulatory litigation. Made partner at the start of 2025, Ana Razmazma, who is based in Silicon Valley, is very experienced in M&A-related privacy issues. Brent Tuttle work in the San Francisco office, advising on the privacy and cybersecurity issues in new products.
Responsables de la pratique:
Tyler Newby; Michael Sussmann
Autres avocats clés:
David Feder; Ana Razmazma; Brent Tuttle
Principaux clients
Amazon
Cisco Systems, Inc.
Databricks
Moloco, Inc.
Morphic Holdings, Inc.
OpenAI
SoundHound AI
Spotter, Inc.
Squarespace
Wonder Dynamics
Principaux dossiers
- Advised Morphic Therapeutic a publicly-traded biopharmaceutical company, on its response to a ransomware incident, and related diligence issues that arose during Eli Lilly’s purchase of Morphic in 2024.
- Represented Databricks, a data and AI company, in its pending acquisition of Arcion, a Databricks Ventures portfolio company.
- Representing Squarespace, a design-driven platform helping entrepreneurs build brands and businesses online, in its agreement to sell Tock.
Freshfields
Freshfields advises clients as claimants and defendants in a wide array of litigation, including class actions and enforcement actions. Its lawyers are experienced in forensic investigations as well as in conducting reviews of company governance policies. Working in Silicon Valley and New York respectively, Christine Lyon, an expert in privacy programs, GDPR and CCPA, and Timothy Howard, a specialist in white-collar crime and data protection, oversee the practice. Advising on risk management and governance, Beth George is based in Silicon Valley. Washington DC-based Brock Dahl is expert in global incident response. Megan Kayo, in Silicon Valley, leads forensic investigation and global response.
Responsables de la pratique:
Christine Lyon; Timothy Howard
Autres avocats clés:
Brock Dahl; Beth George; Megan Kayo
Les références
‘Freshfields does an amazing job of building a close relationship across a business such that they can really share the global business view of the client and tailor their guidance based on that understanding. They answer the questions you should be asking but didn’t know to ask.’
‘Christine Lyon’s insights and guidance are targeted, practical, and balanced.’
Principaux clients
Principaux dossiers
- Filed a civil lawsuit, on behalf of Google, against two members of a criminal scheme for engaging in an online consumer investment fraud scheme known as “pig butchering”.
Kelley Drye & Warren LLP
The lawyers at Kelley Drye & Warren LLP are well-versed in the enforcement of COPPA, GLBA and the Fair Credit Reporting Act as well as FTC and state attorney general investigations. The firm is a frequent advisor in compliance matters concerning privacy and data protection. Alysa Hutnik leads the team, advising on investigations, enforcement actions and disputes. Lauri Mazzuchetti, based in New Jersey, advises telecoms, retailers, food companies and emergent tech companies. Aaron Burstein is an expert in data security, privacy and consumer protection law. Kate White adds investigatory, enforcement and compliance knowledge. Laura Riposo VanDruff is noted for her work in FTC and state attorney general investigations. Unless specified otherwise, lawyers are based in Washington DC.
Responsables de la pratique:
Alysa Hutnik
Autres avocats clés:
Lauri Mazzuchetti; Aaron Burstein; Laura Riposo VanDruff; Kate White
Les références
‘They take the time to understand our business before delving into the issues. So appreciated!’
Principaux clients
Interactive Advertising Bureau
Maplebear, Inc.
Keurig Dr Pepper
Kohl’s Department Stores
Five9
Grocer and pharmacy retailers
LendingTree
Chipotle
Principaux dossiers
King & Spalding LLP
Advising on FTC, DOJ and SEC investigations and enforcement actions, King & Spalding LLP is well-versed in federal regulatory matters, in addition to investigations brought by state attorney generals and regulators. The firm is adept at providing incident response support and assisting in incident preparedness. It is also expert in class action defense. Phyllis Sumner leads the team from Atlanta, advising corporate boards and senior executives in their incident response processes. In Washington DC, Robert Hudock advises healthcare and financial services companies, conducting risk assessments and IT audits. Working in the Atlanta office, Elizabeth Adler in privacy and data breach class actions.
Responsables de la pratique:
Phyllis Sumner
Autres avocats clés:
Robert Hudock; Elizabeth Adler
Principaux dossiers
Manatt, Phelps & Phillips, LLP
Offering ‘well-reasoned advice in a prompt manner’, Manatt, Phelps & Phillips, LLP covers the spectrum of cyber law matters, from program development and incident preparedness to reactive incident response, regulatory investigations and litigation defense. The firm advises clients on the various state and federal privacy legislation as well as on the TCPA. The team is led by the ‘exceptional privacy attorney’ Brandon Reilley in San Francisco, who is well-versed in compliance, regulatory and incident response matters. Working in Boston, Amy MacDonald is a noted privacy and data security advisor. Paul Luehr, based in Washington DC, specializes in HIPAA, GDPR and state privacy law advice. In April 2024, Kareem Salem and Jessica Sklute joined from BakerHostetler and Schulte Roth & Zabel LLP. Scott Lashway and Christopher Lisy left the firm in May 2024.
Responsables de la pratique:
Brandon Reilly
Autres avocats clés:
Amy Macdonald; Kareem Salem; Jessica Sklute
Les références
‘The team works well with other practices and is always able to offer well-reasoned advice in a prompt manner.’
‘Brandon Reilly is an exceptional privacy attorney. He has an encyclopedic knowledge of various privacy laws and can advise on a wide range of data privacy issues in a reasoned, risk-based manner.’
‘Brandon Reilly is not only a wealth of privacy knowledge, he is very practical in his approach and gives very commercially minded advice.’
Principaux clients
New York eHealth Collaborative
Principaux dossiers
Norton Rose Fulbright US LLP
Norton Rose Fulbright is highly experienced in incident response and crisis management, including assisting clients with their investigations. The firm’s industry expertise includes the real estate, life sciences, healthcare, retail, insurance, telecoms and aviation spaces. In New York, Andrea D’Ambra focuses on data privacy, e-discovery and cybersecurity, while David Kessler advises clients in compliance matters concerning HIPAA, COPPA and FERPA regulations. Also in New York, Steven Roosa is an expert in biometric matters. Chris Cwalina, working from Washington DC, supports in cybersecurity and privacy compliance issues. Based in Houston, Will Daugherty acts on incident response, class action and investigations. Susana Medeiros, in the New York office, supports clients in cyber incidents and in information governance.
Responsables de la pratique:
Chris Cwalina; Andrea D’Ambra; David Kessler; Will Daugherty; Steven Roosa
Principaux dossiers
Paul Hastings LLP
Paul Hastings LLP offers expertise in class action defense for its clients, acting in a range of industries. The firm also acts for clients in regulatory investigations brought by state attorney generals and federal regulators, including the SEC, FCC and SEC. The Chicago-based Aaron Charfoos, an experienced litigator and privacy lawyer, and Dallas-based Michelle Reed, who acts in regulatory and enforcement matters, lead the team. Located in Washington DC, Sherrese Smith specializes in privacy and security law in the media, tech, retail and life sciences fields.
Responsables de la pratique:
Aaron Charfoos; Michelle Reed
Autres avocats clés:
Sherrese Smith; Susan Leader
Principaux clients
GlaxoSmithKline LLC
GoTo Group, Inc.
Dapper Labs, Inc.
National Basketball Association
Mr. Cooper
L’Oréal USA Inc.
Charlotte Tilbury Beauty, Inc.
City of Dallas
Altice USA, Inc.
Ubisoft
Principaux dossiers
Reed Smith LLP
The ‘exceptional’ Reed Smith LLP team boasts knowledge in a wide range of industries, including financial services, manufacturing, food & beverage, healthcare, energy and IT. The firm advises on generative AI issues as well as on technology related M&A transactions. Robert Newman, who focuses on privacy, marketing and IP issues, and Idara Udofia, whose data protection expertise includes understanding of CCPA, COPPA and BIPA, lead the team from Chicago. Catherine Castaldo is the New York-based practice head, advising on incident response, investigations and regulatory matters. In San Francisco, Sarah Bruno is well-versed in the entertainment, beauty, consumer goods and healthcare sectors. Wendell Bartnick, operating in the Houston office, advises on compliance of federal and state privacy law compliance. Tyler Thompson joined the firm from Greenberg Traurig, LLP in September 2024.
Responsables de la pratique:
Rob Newman; Catherine Castaldo; Idara Udofia
Autres avocats clés:
Gerard Stegmaier; Sarah Bruno; Monique Bhargava; Wendell Bartnick
Les références
‘The team at Reed Smith, led by Gerry Stegmaier, is exceptional in how they support my understanding of the law. They have taken the time to learn the intricacies of my business and understand the goals I aim to achieve.’
‘Gerard Stegmaier is renowned for his concise and direct legal advice, making him a practical problem solver.’
‘Gerry Stegmaier stands out as a uniquely commercial law firm partner. Gerry is an expert in cybersecurity law and data privacy.’
Principaux dossiers
Seyfarth Shaw LLP
Seyfarth Shaw LLP is experienced in supporting clients in both incident response and a wide array of disputes, including litigation and arbitration. The firm advises on cutting edge technologies, assisting with AI, biometrics, website tracking and the Internet of Things. The team is led from Houston by John Tomaszewski, a privacy specialist with multi-jurisdictional compliance expertise. Bart Lazar works in Chicago, acting on privacy and security matters. Also in Chicago, Jason Priebe focuses on the development of policies for the handling, transfer and disclosure of information. Karla Grossenbacher, who is based in Washington DC, is an expert on workplace privacy, including on data breaches involving employee information. In November 2024, Scott Carlson retired from practice.
Responsables de la pratique:
John Tomaszewski
Autres avocats clés:
Jason Priebe; Bart Lazar
Principaux clients
Prudential Financial Inc.
Principaux dossiers
Sheppard, Mullin, Richter & Hampton LLP
Sheppard, Mullin, Richter & Hampton LLP possesses notable expertise in putative class action defense, supporting clients across industries in their matters. The firm is well-versed in data breach incidents and privacy compliance, both at the state and federal level. In Los Angeles and Chicago respectively, the team is led by Craig Cardon and Liisa Thomas, who focuses on privacy and advertising matters. Wynter Deagle, based in Del Mar, is an experienced defense litigator in both individual and class actions relating to privacy and cybersecurity. Rachel Hudson brings privacy and advertising expertise to retail, fashion and beauty companies. Kari Rollins is adept in international commercial arbitration contexts.
Responsables de la pratique:
Craig Cardon; Liisa Thomas
Autres avocats clés:
Wynter Deagle; Rachel Hudson; Kari Rollins
Principaux clients
NextGen Healthcare
Delta Dental Plans Association
ZARA USA, Inc.
Jimmy John’s, LLC
Running Warehouse, LLC
Kaiser Foundation Health Plan
Snap, Inc.
AMN Healthcare, Inc. and AMN Language Services, Inc.
Lamps Plus, Inc.
JCPenney OPCO, LLC d/b/a JCPENNEY
Torrid LLC and Hot Topic, Inc.
Shipt, Inc.
Deckers Outdoor Corporation
Levi Strauss & Co.
Williams-Sonoma, Inc.
Digital Realty Trust
Principaux dossiers
- Represented long-time firm client NextGen Healthcare in a putative class arising from a data breach that occurred in March 2023.
- Acting in the first-of-its-kind MDL class action in the District of Massachusetts data breach litigation regarding the MOVEit breach.
- Serving as outside privacy counsel to international pizza company Papa John’s.
Shook, Hardy & Bacon LLP
Regularly representing clients in class actions and arbitrations, Shook, Hardy & Bacon LLP has expertise in cases relating to data breaches, biometric privacy and adtech, including website tracking. The firm is additionally skilled in incident response support and incident preparedness, advising on both state and federal law compliance. The team is overseen by the Miami-based Al Saikali, who is experienced in cybersecurity incident response and ransomware attacks. Colman McCarthy, located in Kansas City, supports clients in the retail, entertainment, financial, healthcare, education and government sectors. In Denver, Camila Tobón is expert in privacy and security compliance as well as AI governance. Also in Denver, Josh Hansen focuses on privacy policies and their compliance with domestic and international privacy laws. Jad Sheikali joined in October 2024 from Honigman Miller Schwartz and Cohn LLP.
Responsables de la pratique:
Al Saikali
Autres avocats clés:
Colman McCarthy; Camila Tobón; Josh Hansen
Principaux dossiers
Sidley Austin LLP
Sidley Austin LLP has a broad spectrum of expertise, advising on internal investigations, data breach litigation and generative AI initiatives. The firm’s clients cover a wide range of sectors, including technology, life sciences, defense and finance. David Lashway, an advisor on crisis management and investigations, and Alan Charles Raul, who advises tech, telecom and software clients, oversee the practice. Colleen Theresa Brown provides litigation and regulatory defense as well as support in internal investigations. Jennifer Seale is expert in regulatory compliance and data breach response. Jonathan Wilan specialises in compliance technology implementation. All mentioned lawyers are based in Washington DC.
Responsables de la pratique:
David Lashway; Alan Charles Raul
Autres avocats clés:
John Woods; Jennifer Seale; Jonathan Wilan; Colleen Theresa Brown
Principaux clients
ABB Asea Brown Boveri Ltd.
AT&T, Inc.
Univision NOW
SES Space & Defense, Inc.
Walmart Stores, Inc.
Principaux dossiers
- Acting as outside privacy and cybersecurity counsel for numerous leading global clients, such as Hilton, DXC Technology, and Ohio Farmers Insurance.
- Representing multiple clients on their exposure to the recent MOVEit data breach.
- Serving as lead counsel to multinational industrial technology giant ABB on cybersecurity matters with respect to the investigation and response to a global ransomware matter.
Skadden, Arps, Slate, Meagher & Flom LLP
With an international network, Skadden, Arps, Slate, Meagher & Flom LLP offers comprehensive data and cybersecurity support in cross-border matters. The firm’s experience includes advising on incident response, data protection, privacy and AI-related challenges. The team is led by the Chicago-based WIlliam Ridgway, an expert in incident response and white collar matters, and Washington DC-based David Simon, who advises on cyber, AI and privacy. Also in Washington DC, Joshua Silverstein solidifies the team’s expertise in white collar crime investigations. Located in New York, Lisa Zivkovic focuses on global data privacy compliance, cyber fraud and data protection.
Responsables de la pratique:
William Ridgway; David Simon
Autres avocats clés:
Joshua Silverstein; Lisa Zivkovic
Principaux clients
Carlyle Group
Gryphon Investors
Flagstar Bank
TransUnion
CyberPeace Institute
Principaux dossiers
- Advising Carlyle Group, one of the world’s largest and most diversified global investment firms, on a broad range of cybersecurity, data privacy, and AI issues.
- Advising CyberPeace Institute, a Geneva-based non-governmental organization, on public international law relating to an investigation into alleged cyber war crimes in Ukraine.
- Defending Flagstar Bank in three high-profile nationwide data breach class actions.
Crowell & Moring LLP
With ‘deep cyber expertise’, the team at Crowell & Moring LLP supports companies in investigations and incident response issues, both relating to cybersecurity and data privacy. The firm’s experiences includes breaches caused by nation states and criminal groups. It is also experienced in state, federal and international compliance. Jeffrey Poston, who acts in regulatory investigations and class actions, and Evan Wolff, who advises on cybersecurity incidents and data breaches across the globe, oversee the team. Matthew Welling adds M&A experience to the team. Jennie VonCannon, in Los Angeles, conducts internal investigations and supports in enforcement actions. Members are based in Washington DC unless otherwise specified.
Responsables de la pratique:
Jeffrey Poston; Evan Wolff
Autres avocats clés:
Matthew Welling; Jennie VonCannon
Les références
‘The Crowell & Moring data breach team excels in rapid response, mobilizing resources immediately to contain breaches and prevent further damage.’
‘Jeffrey Poston is my go to partner for data breaches that have high risk of litigation, regulatory action, customer disputes or reputational fall-out.’
‘Matthew Welling has deep experience, and I would not hesitate to call either of them in the event of a data breach.’
Principaux clients
Capsule Corporation
Fox Corporation
Honeywell International
Microsoft
Principaux dossiers
- Developed a robust botnet litigation practice for Microsoft, representing clients in affirmative litigation against threat actors who use hijacked computer networks for scams and cyberattacks.
- Worked closely with Fox Corporation’s information security and privacy teams to design and conduct a bespoke cybersecurity-focused tabletop training exercise for Fox’s top executives.
- Worked with Honeywell’s legal and IT compliance functions to prepare for an anticipated third-party cybersecurity audit in accordance with the Department of Defense Cybersecurity Maturity Model Certification.
Davis Polk & Wardwell LLP
Davis Polk & Wardwell LLP regularly advises social media companies, financial institutions, investment firms and industrial manufacturers across issues of cyber law and data privacy. The firm is knowledgeable of national and international privacy frameworks and supports clients in licensing agreements and regulatory investigations. James Haldin, an expert in administrative issues and regulatory investigations, and Matthew Bacal, who advises on strategic licensing and outsourcing transactions, are based in New York. Located in Washington DC, Robert Cohen assists in cybersecurity incident response and enforcement actions.
Responsables de la pratique:
Robert Cohen; James Haldin; Matthew Bacal
Principaux clients
26North Holdings
AIG
Alarm.com
Annaly Capital Management
Antares Capital
Assurant
Atairos
Avenue Capital Management
Banco Santander
Baker Hughes
Billtrust
Braze
Brookfield Capital Partners
Capital One
Comcast
Cornell Capital
Crowdstrike
CSFC Management Company
Dollar Tree Stores
Dow Jones Indices
Principaux dossiers
- Representing Meta in a first-of-its-kind administrative proceeding that seeks to substantially rewrite a court-approved 2020 Consent Order.
- Obtained a termination notice without charges in an SEC investigation of a global aerospace and defense company concerning cybersecurity disclosures.
- Representing Meta in its challenge to the FTC’s administrative proceeding to reopen and rewrite the parties’ 2020 Consent Order.
Goodwin
Goodwin advises clients on cyber incident response in the tech, life sciences, financial services, private equity and real estate industries. The firm leverages its knowledge on federal and state privacy law, as well as AI regulation, to support clients in litigation and policymaking. Its expertise also includes adtech, biometrics, generative AI, fintech and crypto matters. Based in New York, AI expert Peter Marta, data litigator Mark David McPherson and risk management advisor Jud Welle lead the team. McPherson and Marta joined from Morrison Foerster in January 2024 and Hogan Lovells US LLP in September 2024 respectfully. Fellow practice head Kyle Tayman works out of Washington DC and represents clients before the FTC and other government agencies in their investigations. Omer Tene, in the Boston office, is a noted privacy expert in the team. In August 2024, Kaitlin Betancourt joined from an in-house position.
Responsables de la pratique:
Pete Marta; Mark David McPherson; Jud Welle; Kyle Tayman
Autres avocats clés:
Omer Tene
Les références
‘Goodwin stands out for its exceptional balance of strategic insight and practical, actionable advice.’
Principaux clients
Meta Platforms, Inc.
National Public Radio
New Balance Athletics, Inc.
Qualtrics International LLC
Principaux dossiers
Greenberg Traurig
‘A large, highly qualified, geographically-dispersed team’, Greenberg Traurig LLP supports clients across a broad range of industries, including e-commerce, financial services, healthcare, retail and entertainment. The firm is well-versed in privacy and security compliance across jurisdictions, with expertise in cross-border transfers. Based in San Francisco, Gretchen Ramos assists clients in the development of their data protection and security practices. Jena Valdetero works from Chicago, advising on compliance issues under the GDPR, CCPA and HIPAA. The Denver-based David Zetoony is noted for his work on data privacy and cyber security matters, including advice on regulatory investigations.
Responsables de la pratique:
Gretchen Ramos; Jena Valdetero; David Zetoony
Autres avocats clés:
Darren Abernethy; Reena Bajowala; Rebekah Guyon; Karin Ross
Les références
‘Gretchen Ramos is the best lawyer I’ve ever worked with – by a mile.’
‘Greenberg Traurig has a large, highly qualified, geographically-dispersed team. They have proven incredibly responsive, particularly in a crisis. They are also effective.’
‘Jena Valdetero is a star. She is smart, talented and extremely responsive.’
Principaux dossiers
- Serving as privacy and cybersecurity counsel to genetic testing company, 23andMe, and directed the investigation of a security incident the company became aware of in October 2023.
- Providing both data privacy and data security advice to Avant.
- Acting as primary data privacy counsel to The Clorox Company.
Hausfeld LLP
Hausfeld LLP has a strong specialism in representing claimants in class actions for victims of data breaches and privacy violations. The firm is well-versed in cross-border issues across the US and Europe. The team is led by James Pizzirusso, a seasoned class action litigator with wider expertise in consumer protection and antitrust. Swathi Bojedla brings an expertise in healthcare class actions. Mandy Boltax acts in privacy and competition litigation, while Ian Engdahl advises on consumer-protection, data privacy and antitrust. All mentioned lawyers are in Washington DC.
Responsables de la pratique:
James Pizzirusso
Principaux dossiers
- Acted in one of the first cases in the country on behalf of victims of the T-Mobile data breach in August 2021.
- Acted in the first Marriott Data Breach complaint with named plaintiff representatives residing in all fifty states.
- Acting in a consolidated action asserting that ParkMobile was negligent in allowing attackers to access records of 21 million customers.
Hintze Law
Placing ‘a strong emphasis on client-centric services’, Hintze Law provides strategic governance advice and support in privacy programs. The firm is particularly strong in data issues relating to AI and advises clients on the development of new AI tools. Based in Seattle, Susan Hintze, who supports clients in the tech, advertising, entertainment and social media sectors, and Mike Hintze, who is an expert advisor on regulatory issues relating to AI, lead the team. Also in Seattle, Sam Castic leverages experience in data breach response as well as data processing and transfer agreements. Ro Friend left the firm for an in-house position in October 2024.
Responsables de la pratique:
Susan Hintze; Mike Hintze
Autres avocats clés:
Sam Castic; Jennifer Ruehr
Les références
‘Mike Hintze and team provides practical guidance about cutting edge privacy issues.’
‘Really great deep practical and helpful advice.’
‘Mike Hintze is easy going, practical, and well-versed in data privacy issues.’
Principaux dossiers
Loeb & Loeb LLP
Loeb & Loeb LLP advises clients on compliance and governance issues relating to privacy. The firm also assists clients in litigation defense, including against class actions. Its clients include media, adtech and companies developing emergent tech. The department's New York-based practice head, Jessica Lee, is an expert in privacy programs and data security. In Chicago, Nerissa Coyle McGinn specializes in advertising and fintech. Melanie Howard, based in Los Angeles, adds experience in M&A transactions. In February 2024, Robyn Mohr and Ryan Martin were promoted to partner, with Michael Barry joining from Morrison Cohen LLP in the same month.
Responsables de la pratique:
Jessica Lee
Autres avocats clés:
Melanie Howard; Nerissa Coyle McGinn; Nathan Hole; Robyn Mohr; Ryan Martin; Michael Barry
Principaux clients
Johnson & Johnson
Henry Schein
Booking.com
Saks.com
WPromote LLC
Wyre
Principaux dossiers
- Advising Johnson & Johnson on its employee monitoring initiatives, including the use of badge scans and laptop device tracing as part of a new initiative to confirm employee onsite attendance.
- Advising on all litigation matters for payments company Wyre, including all privacy and cybersecurity matters.
- Defending retailer Saks in a novel class action complaint in the Southern District of New York in which the plaintiff, utilizing a new privacy theory, sued for violations of an Arizona statute barring certain types of electronic surveillance.
McGuireWoods LLP
McGuireWoods LLP provides a comprehensive practice in data and cyber law, including advising on compliance, incident response and class action matters. The firm is well-versed in a wide range of privacy regulatory frameworks at the state, federal and globe level. Leading the team from Virginia are, Andrew Konia, who advises on outsourcing agreements, and Janet Peyton, an expert in information governance support. Ashley Matthews, in Charlottesville, regularly advises retailers and financial institutions on privacy and security issues. In April and August 2024 respectively, New York-based Nancy Ryan and Washington DC-based David Hirsch joined from in-house positions.
Responsables de la pratique:
Andrew Konia; Janet Peyton
Autres avocats clés:
Anne Peterson; Alicia Baiardo; Ashley Matthews; Nancy Ryan; David Hirsch
Principaux dossiers
Paul, Weiss, Rifkind, Wharton & Garrison LLP
Paul, Weiss, Rifkind, Wharton & Garrison LLP covers a wide range of matters for its cyber and data clients, including advising on cyber incident response, compliance, enforcement and litigation matters. In particular, the firm represents clients in data breach class action defense and regulatory enforcement brought by federal bodies. In Washington and New York, John Carlin advises on data protection for his clients. New York-based Jeh Johnson specializes in data privacy matters and emergent technologies.
Responsables de la pratique:
John Carlin; Jeh Johnson
Autres avocats clés:
Steven Herzog
Principaux clients
Amazon.com, Inc.
OpenAI
The Kraft Group
Sandvine Corporation
Principaux dossiers
Willkie Farr & Gallagher LLP
Willkie Farr & Gallagher LLP advises on transaction-related data issues, regulatory compliance and litigation representation. The firm additionally advises on emerging technologies including on the data and privacy implications of generative AI. Based in Washington DC, Daniel Alvarez specializes in data transfer contracts and policy drafting, while Laura Jehl is an expert on the collection use and storage of data. In Illinois, Craig Martin supports clients in internal investigations. ‘Highly effective’ Susan Rohol supports pharmaceutical companies and entertainment agencies in cybersecurity and privacy matters. Ben Hur has left the firm.
Responsables de la pratique:
Daniel Alvarez; Laura Jehl; Craig Martin
Autres avocats clés:
Susan Rohol
Les références
‘Susan Rohol is what makes this practice unique. She is a very bright, talented lawyer and her extensive in-house experience makes her very effective when dealing with US privacy issues.’
‘Susan Rohol is highly effective, super-pragmatic and provides excellent client service. She is one of the best US privacy lawyers around.’
Principaux clients
Digital Dollar Project
Recorded Future
Insight Partners
Comcast Corporation
Veeam Inc.
Aon PLC
ClearPoint Health
Principaux dossiers
Winston & Strawn LLP
Containing ‘experts in the field’, Winston & Strawn LLP represents clients in privacy and data litigation, including acting class actions and biometric-related litigation. The firm is well-versed in state and federal regulatory frameworks including the TCPA, BIPA, CCPA and CIPA. Based in Chicago, Alessandra Swanson, an advisor to healthcare, retail, media and e-commerce companies, and Sean Wieber, an expert privacy litigator, lead the team. Los Angeles-based Kevin Simpson is well versed in privacy and consumer protection legislation.
Responsables de la pratique:
Alessandra Swanson; Sean Wieber
Autres avocats clés:
James Randall; Kevin Simpson
Les références
‘Experts in the field, which is so important as can be a very technical area.’
‘The team has a deep up to date understanding of the intricacies of international trade law. they often practical useable advice in an efficient and effective manner.’
‘The firm makes it seamless when colleagues need to be included to provide quality, pragmatic advice on short notice.’
Principaux clients
BAM Trading Services Inc.
Fenix International Limited
LexisNexis Special Services Inc.
Sanctus, LLC
ADG, LLC
Great Expressions Dental Centers, P.C.
Comcast Corp.
Principaux dossiers
- Represented Fenix Internet, LLC in a closely watched and hotly contested biometric privacy suit.
- Represented BAM Trading Services Inc. in a case involving alleged violations of the Illinois Biometric Information Privacy Act.
- Led a major victory for LexisNexis Risk in connection with a consumer protection case alleging violations of Illinois citizens’ right to privacy.