Privacy & Data Security


Contributed by Baker & Hostetler LLP

Enforcement actions, NSA leaks and security events in 2013, with consequences continuing into 2014, elevated privacy and data protection to a boardroom issue. Companies are increasingly turning to outside counsel for advice on issues ranging from incident response to privacy impact assessments to transaction due diligence as they look to protect their reputation and stay out of the headlines and courtroom. Once a specialization of its own, law firms are building “sub-specialty” areas of cross-practice privacy teams to address compliance issues caused by new laws, technology (from BYOD to the Internet of Things), and the regulatory landscape.

Data Security  

High-profile thefts of payment card data from retailers brought 2013 to a close. Their executives began 2014 testifying before Congress and explaining declining sales. These attacks pushed payment card networks to continue with EMV adoption and led to discussions of alternate payment methods. No industry is immune – attackers seek customer data, employee data, intellectual property and, as at least one bitcoin exchange discovered, virtual currency. They attack for political reasons or simply to sabotage. Reports identified over 2,000 publicly disclosed breaches in 2013. The consequences extend beyond legal fees, remediation costs, regulatory scrutiny and third-party liability. An incident can impact customer relationships and the bottom line, especially if the company is viewed as not handling the incident well.

State Breach Notification Laws 

Nearly every US state and territory has a breach notification law. Differences across these laws are often discussed – the definition of personal information and breach of security, AG notification, and timing – but usually do not change the outcome (i.e., companies usually notify all individuals even if only some state laws are triggered). The expansion of California’s definition of personal information, making it the first state to include a user name/email with a password for an online account in the definition, was the most significant change. Trends from other state law changes include the continued expansion of the definition of personal information, adding obligations to notify state regulators, and covering paper records.

Federal Legislation 

Requests for a national notification law continued in the wake of the high-profile incidents. Attorney General Eric Holder and FTC Commissioner Edith Ramirez both urged Congress to enact a national breach notification standard. Issues of whether a federal law would preempt state law, notification timing, reporting safe harbor, private right of action, and security standards continue to confound these efforts.

Privacy Litigation 

Privacy class actions continued to fall into two categories: (1) actions following a data breach, and (2) statutory-based claims. For non-statutory claims, key decisions applying the Clapper precedent continued to strengthen the prevailing view that, without an actual injury, plaintiffs cannot establish the “concrete” and “particularized” injury necessary to confer standing and state a claim. Some actions are adding breach of contract claims based on a representation in a privacy policy. One notable settlement of claims following a breach provided compensation to all class members even if they did not suffer actual harm. Plaintiffs have had some success bringing claims under statutes that permit an award of statutory damages, such as the Telephone Consumer Protection Act and California’s Confidentiality of Medical Information Act. A common question in statutory damages cases is whether the plaintiff must prove an injury to recover statutory damages – some courts have found that a statutory violation of the statute confers standing.


The FTC continues to use its Section 5 authority to pursue companies that do not live up to promises they made about the use and protection of customer information. In a much-watched case testing the FTC’s authority to bring unfairness and deception claims based on representations in a company’s online privacy policy following a data breach, a federal district court judge in April 2014 denied the hotel operator’s motion to dismiss the FTC’s complaint. This decision and FTC consent orders may serve as informal precedent of what constitutes reasonable data security standards. The FTC’s enforcement agenda continues to include a US-EU Safe Harbor program, protecting children under COPPA, mobile apps, and data brokers. In May 2014, the Obama Administration sounded a fresh warning to “big data analytics” companies with its report that tasked experts to review the benefits and pitfalls of big data.

Certain state attorneys general remain active in privacy enforcement. Notable actions included the California Attorney General’s settlement with a healthcare provider for failing to timely notify affected employees on a rolling basis; the Vermont Attorney General’s legal action under its data breach and consumer protection statutes against a grocery chain related to a data breach; and the New Jersey Attorney General’s settlement under its Consumer Fraud Act against an online advertising company that used hidden code to bypass privacy settings. A number of state attorneys general have established privacy units – a sign that enforcement actions will continue.


As more healthcare entities use electronic health records, use mobile devices in the clinical setting, and share data in health information exchanges, federal and state agencies continue to aggressively monitor compliance with obligations to safeguard protected health information (PHI) and ePHI under HIPAA and HITECH.

The US Department of Health & Human Services' Office for Civil Rights (OCR) created standards for protecting patient information and is responsible for investigating violations. In 2013, OCR enforcement actions resulted in six resolution agreements involving civil monetary penalties ranging from $50,000 to $1.7 million and the imposition of stringent corrective action plans. The resolution agreements are representative of OCR’s focus on two primary areas: (1) ongoing failure to comply with the HIPAA Privacy and Security Rules, and (2) unforgivable disclosures. Enforcement activity is likely to increase in 2014 given the Office of Inspector General’s November 2013 report regarding OCR oversight and enforcement. Based on risk of OCR enforcement and class action litigation, covered entities and their business associates must continue to conduct ongoing risk management by maintaining organization-appropriate incident response plans, policies and procedures for safeguarding PHI and ePHI, education and awareness training, vetted vendor lists and contracts, and risk assessments.


Privacy concerns are not limited to consumer protection and identity theft. In February 2013, President Obama issued an Executive Order which called on critical infrastructure companies and the government to cooperate in raising cybersecurity standards. As mandated by the Executive Order, the National Institute of Standards and Technology issued its “Cybersecurity Framework” in February 2014. The Framework identifies existing best practices and provides assessment tools to help critical infrastructure operators implement safeguards in a way that is tailored to their business models. NIST also issued a Roadmap of next steps it is pursuing to raise cybersecurity standards, including initiatives focused on authentication, automatic threat indicators, and big data analytics.

Consistent with the Executive Order, in November 2013 the Department of Defense implemented its Voluntary Cyber Security and Information Assurance program, which provides for sharing information regarding cybersecurity threats among selected defense contractors. In April 2014, the SEC issued a Risk Alert warning that regulated financial services companies face regulatory risks if they do not adopt robust cybersecurity compliance programs. The SEC also announced that it is examining more than 50 registered broker-dealers and investment advisers to determine what additional steps it should take to address cybersecurity threats.

Privacy & Data Security - Nationwide


第一等 |

Basic facts about the department
Key office is Washington, DC.

What the team is known for Involvement in all areas related to public policy, including white papers on national security, industry advocacy and international forums. Dedicated health privacy team with significant expertise in complex issues related to Health Insurance Portability and Accountability Act (HIPAA) and healthcare data privacy breaches. Global practice that can deploy resources in all major jurisdictions to assist US-based multinationals.

Strengths (Quotes mainly from clients)
"The firm has a first-class collection of people when it comes to new technologies. They have been sage on these issues and have helped us to shape emerging areas of law."

"We have always been impressed by the caliber of people across the board at Hogan."

Work highlights Completed a comprehensive review of Bloomberg's worldwide data security and privacy policies and continued to provide ongoing advice on compliance issues.

Advising Verizon Healthcare Technology Solutions on the privacy compliance aspects of new Health Information Technology-related business initiatives.

Notable practitioners  

The "amazing" Christopher Wolf is a "dean of the industry" who is frequently revered as "the best in the business." Sources note that he is "very wired in" to policymaking in DC and uses his substantial knowledge of the political environment to counsel some of the world's most prominent companies.

"HIPAA expert" Marcy Wilder is a thought leader on privacy and data security within the healthcare sector and, as a former deputy general counsel to the US Department of Health, assisted in the development of the current regulatory framework. Clients laud her as "a consummate professional" and "an invaluable resource." 

Significant clients Cisco Systems, GE, LexisNexis, American Express, HSBC.

第一等 |

Basic facts about the department
Key office is New York.

What the team is known for Deep experience in the full spectrum of privacy work, including complex breaches, regulatory investigations, managing cyber events and policy work related to national security. Leading the way in cutting-edge areas such as cloud computing, mobile applications and online behavioral advertising issues.

Strengths (Quotes mainly from clients)
"Their partners are rock stars. They are deep in terms of their knowledge of the regulators and they have the relationships that drive this area of work."

"Hunton & Williams is top of its game." 

Notable practitioners  

Peers recognize the "fabulous" Lisa Sotto as "a leader in the privacy field." She maintains a broad practice and counsels an impressive roster of clients that includes the likes of Google, Estée Lauder, MasterCard and GE. Clients report that she "provides excellent advice" and is always "very responsive and very knowledgeable."

Significant clients Tiffany & Co, Northrop Grumman, LexisNexis, Ralph Lauren, The Scotts Company.

第一等 |

Basic facts about the department
Key offices include New York, Palo Alto, San Diego, San Francisco and Washington, DC.

What the team is known for Comprehensive practice covering investigations by the FTC and state attorneys general, healthcare compliance, complex security breaches and class action litigation. Specialty in helping companies comply with new cybersecurity standards and in the protection of data from online theft. Significant capabilities in cross-border work thanks to broad international network.

Strengths (Quotes mainly from clients)
"MoFo is a top-quality firm with a good reputation particularly in consumer class action and privacy work."

"They have individuals who are thought leaders and they offer good client service."

Work highlights Defended various major retailers, including Kmart, Target and Bed Bath & Beyond, in 30 putative class actions brought in California and Massachusetts arising from the capture of personal information from credit card transactions.

Represented MySpace in an FTC investigation related to an alleged violation of US federal information privacy law.

Notable practitioners  

Richard Fischer specializes in counseling major entities at the confluence of privacy and financial services, with a particular emphasis on payment system issues. Peers respect him for his place "at the forefront" of developments in privacy law and describe him as a "top-drawer" practitioner.

The "awesome" Miriam Wugmeister is the chair of the global privacy and data security practice and maintains an active practice advising clients on the collection, use and disposal of personal information. Clients applaud her pragmatic approach and report that "she is tremendous at helping you come up with practical solutions to real problems."

Andrew Serwin is a go-to on healthcare issues and also regularly advises on enforcement matters before the FTC. "He is very savvy when dealing with regulatory bodies" and attracts praise from sources for being "very good on international issues."

Significant clients Citibank, Wyndham Worldwide, Prime Healthcare, Restoration Hardware.

第二等 |

Basic facts about the department
Key offices include Chicago, Palo Alto and Washington, DC.

What the team is known for Expertise across the gamut of cybersecurity work, with a particular focus on offering cutting-edge solutions to problems concerning the protection of online data. Wide-ranging experience of responding to global data breach crises. Counseling some of the world's largest corporations on privacy mandates, including information management, compliance exercises and e-commerce issues.

Strengths (Quotes mainly from clients)
"They bring a vast global network that is capable of advising on the many complicated nuances of international privacy law."

"Their understanding of transactional investigations and their ability to get us information quickly are unmatched."

Notable practitioners  

The "incredibly smart and nimble" Lothar Determann's core expertise is advising technology companies on the compliance implications arising from cross-border transactions. The breadth of his practice elicits praise from sources, who say that he is "a 'Renaissance attorney' because he understands so many different areas of law." 

Years of experience in the privacy space have given Brian Hengesbaugh "a unique ability to see the bigger picture." He specializes in counseling companies on the development and implementation of privacy policies and on issues surrounding the capture, use, transfer and disposal of data.

Significant clients Facebook, NetSuite, VeriSign, Zynga,

第二等 |

Basic facts about the department
Key office is Washington, DC.

What the team is known for Large, deep and integrated team of privacy and data security practitioners, with the ability to draw on the resources of a strong regulatory practice. Counseling Fortune 500 companies on a range of privacy issues and on responses to large-scale data security incidents. Considerable knowledge across all major industries, including financial services, IT, media and telecom.  

Strengths (Quotes mainly from clients)
"They have a broad privacy practice and the quality of their attorneys is very good."

"Covington is extremely capable."  

Work highlights Acting for Microsoft in a broad array of matters, including advising on regulatory compliance, privacy issues surrounding new mobile products and data breach incident response.

Providing ongoing advice on global privacy issues to Facebook as primary outside counsel.

Notable practitioners  

David Fagan advises clients on the creation of innovative precautionary measures against cybersecurity attacks and on how to respond when they do occur. His client roster includes some of the most prominent technology companies in the market, such as Microsoft.

Mark Plotkin undertakes work at the intersection of data privacy, national security and financial services, and regularly advises clients on matters that engage all these areas, such as Gramm-Leach-Bliley Act compliance. He also acts for major entities in investigations by regulators such as the FTC, Federal Reserve Board and Office of the Comptroller of the Currency.

Andrew Smith focuses on advising leading financial institutions, such as banks, insurance companies and credit unions, on privacy issues. He is praised by peers for his work on FTC and state attorneys general investigations. He recently joined the firm from Morrison & Foerster LLP.

Significant clients AOL, eBay, Expedia, Kaplan, Procter & Gamble, The Washington Post.

第二等 |

Basic facts about the department
Key office is Washington, DC.

What the team is known for Involvement in the influencing and drafting of new privacy and data security regulations at both the state and national level. Very active privacy class action defense practice with substantial experience in Fair Credit Reporting Act and Telephone Consumer Protection Act cases, including highly publicized mobile identifier and cookie actions. Capable of working with a range of clients from new startups to established Fortune 500 companies.

Strengths (Quotes mainly from clients)
"They are very thorough in breach situations and I have the utmost confidence when dealing with them."

"DLA has broad coverage and a big international footprint."

Work highlights Acted as general counsel to the State Privacy & Security Coalition, whose members include prominent corporations such as Facebook,, Microsoft, News Corporation and Hewlett-Packard. Work involved tracking and influencing legislative developments.

Representing TransUnion in consolidated litigation involving numerous privacy-related class actions.  

Notable practitioners  

James Halpert is "right at the forefront" of legislative innovations in the privacy and data security space and is respected by peers for his influence and shaping of policy. His practice has recently seen him representing the interests of the State Privacy & Security Coalition and the Internet Commerce Coalition in the development of novel privacy regulations. He is greatly valued by his clients for his inside knowledge of the political process and his "technically excellent written work."

Jennifer Kashatus maintains an active practice counseling startup companies on privacy and data security, particularly those operating in communications, cloud computing and sourcing. She is valued by clients for being "very responsive."

Thomas Boyd draws plaudits from clients for being "very astute and knowledgeable" on privacy issues. He focuses on government relations and sources say he is "extremely plugged in to US legislative developments."

Significant clients Accenture, Pfizer, LA Lakers, Huffington Post, NBC.

第二等 |

Basic facts about the department
Key offices is Washington, DC.

What the team is known for Successfully representing high-profile clients in FTC investigations. Specific expertise in issues surrounding cutting-edge technologies, including compliance with the Telephone Consumer Protection Act, regulation of mobile applications, cloud platforms and third-party liability. Contributing to the development of privacy legislation through seminars and presentations with professional bodies.

Strengths (Quotes mainly from clients)
"They are extremely responsive, on top of things and look for creative ways to get things done."

Work highlights Represented Kohl's Department Stores in a consumer class action alleging that the defendant made unsolicited calls to customers' cell phones in breach of the Telephone Consumer Protection Act.

Notable practitioners  

Dana Rosenfeld heads the team and maintains a presence in all facets of privacy and data security law. She formerly held a post in the FTC's Bureau of Consumer Protection and brings her intimate knowledge of the FTC to bear in advising clients on large-scale investigations.

The leader of the firm's telecom group, John Heitmann's privacy work focuses on matters that arise at the junction of information security and telecom law. He works for both customers and service providers in regulatory investigations and strategic compliance counseling.

Clients "have a lot of confidence" in Alysa Zeltzer Hutnik's skills and abilities and report that she is "goal-oriented, very proactive and extremely hard-working." She acts for prominent technology clients in FTC investigations as well as general compliance counseling.

Significant clients Disney, Toshiba, DISH Network, Honeywell.

第二等 |

Basic facts about the department
Key offices include Palo Alto, Seattle and Washington, DC.

What the team is known for Distinguished Electronic Communications Privacy Act practice assisting the nation's leading telecom and internet service providers to respond to requests for user information. Special focus counseling clients on privacy and data security issues arising in the e-commerce context.

Strengths (Quotes mainly from clients)
"They have a deep connection to the technology world and know a lot about technology from their base in Seattle."

"They are well situated to advise on digital and social media through having a diverse range of clients and seeing a lot of the leading edge on initiatives in this space."

Work highlights Defended Google in a purported class action in which it was alleged that the company's social networking program violated provisions of the Stored Communications Act.

Defended Twitter in a Northern California class action alleging breaches of the Federal Wiretap Act, Computer Fraud and Abuse Act and various other state laws through the scanning of mobile users' address books.

Notable practitioners  

Albert Gidari has represented Google in a number of matters, including negotiating with the FTC to obtain the first ever 'privacy by design' consent decree in relation to the Buzz social networking service. He earns the respect of peers for having "a very strong history of working with telecom and internet service providers."

Associate Miriam Farhi is endorsed for being "very smart, personable and diligent." She assists in advising some of the team's most high-profile clients on a range of privacy and data security issues.

Significant clients Facebook, Outerwall, Sprint, Nintendo, J.Crew.

第二等 |

Basic facts about the department
Key office is Washington, DC.

What the team is known for Broad practice with capabilities across the entire spectrum of privacy matters, including litigation, consumer class actions, investigation response work and counseling on compliance issues. Deep industry-specific experience in a range of areas, including technology, media, pharmaceuticals and financial services.

Strengths (Quotes mainly from clients)
"I rate them very highly for their breadth, competence and excellent work product."

Work highlights Obtained a favorable class action settlement for PointRoll in a case claiming that online ad delivery companies had evaded cookie settings on Apple's Safari browser.

Working with a major US consumer pharmacy to overhaul its privacy and social media policies. Also advising on new mobile device apps for medical and health information.

Notable practitioners  

Peers are "super impressed" by Alan Raul, who is identified by sources as "a very smart person" and "a very good adviser." His practice covers counseling on noncontentious privacy issues, but he is especially well known for his litigation work. He recently led the representation of individual plaintiffs alleging violations of privacy rights in the high-profile Kelley v FBI case.  

"Terrific lawyer" Edward McNicholas specializes in advising clients confronted by complicated privacy issues, particularly in the context of cybersecurity, cloud computing, electronic surveillance and national security. He took the lead representing internet advertising company PointRoll in a class action related to the use of cookies and browser settings.

Significant clients AT&T, Citibank, GE, MasterCard, Microsoft, Disney.  

Band 2 | Venable LLP

第二等 |

Basic facts about the department
Key office is Washington, DC.

What the team is known for Outstanding record advising high-profile clients in enforcement actions brought by the FTC and other regulatory bodies. Highly experienced defending major corporations in privacy litigation, including consumer class actions. Excellent understanding of the emerging regulatory environment thanks to close ties with government bodies.

Strengths (Quotes mainly from clients)
"They did a phenomenal job in representing us and we were in extremely good hands throughout the litigation."

"They have been extremely effective. The attorneys combine subject matter expertise with knowledge of how to get things done in DC."

Work highlights Developed privacy principles related to the capture and use of web browsing data on behalf of the Digital Advertising Alliance, an ad hoc body made up of prominent industry associations, including the Direct Marketing Association and the American Advertising Federation.

Advised Experian on privacy issues relating to due diligence in a corporate acquisition.

Notable practitioners  

Clients say Stuart Ingis is "very wired in on the regulatory side" and has "deep subject matter expertise combined with sound executive decision-making skills." His clients are drawn from numerous industries, including advertising, media, communication, retail and information services.

Emilio Cividanes's practice covers a wide variety of privacy matters, but he is particularly well known among peers for his work on data breach cases. He is appreciated by clients for his ability "to provide guidance and to do so in a very responsive way."

Significant clients Reed Elsevier, Vibrant Media, Interactive Advertising Bureau.

Band 2 | Wiley Rein LLP

第二等 |

Basic facts about the department
Key office is Washington, DC.

What the team is known for Eminent healthcare practice with broad capabilities advising on regulatory issues such as HIPAA compliance, privacy procedures and policies, investigations and breach-related matters. Considerable experience in privacy matters falling outside traditional regulatory work, including the maintenance of electronic medical records and health information exchanges.

Strengths (Quotes mainly from clients)
"They are very strong because they have the subject matter expertise combined with proactiveness."

"The firm has been stellar in giving spot-on advice that combines the legal perspective with the practical implications."

Work highlights Advised Motorola Mobility in relation to a process conducted by the National Telecommunications & Information Administration to create a model code encouraging greater transparency in the privacy policies of mobile applications.

Notable practitioners  

Kirk Nahra is a thought leader on nationwide healthcare policy and "the guy you need to call" for complex HIPAA issues. His impressive roster of clients includes high-profile industry players in the healthcare sector, such as the Healthcare Leadership Council and the Blue Cross Blue Shield Association, as well as those in other sectors, such as PwC and Dell.

Significant clients H&R Block, Genworth Financial, Wolters Kluwer Health, HMSA.

Band 2 | ZwillGen PLLC

第二等 |

Basic facts about the department
Key offices include Chicago, New York and Washington, DC.

What the team is known for Boutique practice capable of servicing leading technology companies across the whole range of privacy matters, including compliance counseling, data breach response, privacy class action litigation and FTC investigations.

Strengths (Quotes mainly from clients)
"They are outstanding. The attorneys are very smart, responsive and able to give excellent practical advice, not just general advice."

"They are really good at taking complex laws and summarizing them in very clear guidance." 

Work highlights Represented Yahoo! in litigating the first challenge to the Foreign Intelligence Surveillance Act before the Foreign Intelligence Surveillance Court and the Court of Review.

Notable practitioners  

Marc Zwillinger is a practitioner who is "able to spot issues, analyze them quickly and efficiently come up with a spectrum of ways to address those issues, which is incredibly helpful for an in-house lawyer." His practice sees him advise an impressive roster of technology clients, including Apple and Yahoo!.

Significant clients Cablevision, Electronic Arts, LinkedIn, Quora, Airbnb.

第三等 |

Basic facts about the department
Key offices include Atlanta, Los Angeles and Washington, DC.

What the team is known for Accomplished practice with strength in a number of areas, including managing cyber intrusions, healthcare compliance and privacy litigation. Ability to draw on a substantial international network, with a particular focus on tackling privacy issues arising in the EU and Asia.

Strengths (Quotes mainly from clients)
"When it comes to cybersecurity, they have a good number of people who have handled major intrusions."

"I think they are good and commercially minded." 

Work highlights Advised UPS as global privacy counsel in a number of different areas, including cross-border data protection compliance, the development of global privacy policies and negotiating contracts involving the use of data.

Assisted Walmart in responding to the theft from Vudu, a subsidiary of the supermarket giant, of hard drives containing customers' personal data.

Notable practitioners  

David Keating and James Harvey are the chairs of the firm's privacy and security group.

Significant clients  The National Retail Federation, McDonald's, eBay, Global Payments, Maritz.

第三等 |

Basic facts about the department
Key offices include New York and Washington, DC.

What the team is known for Well versed in data breach litigation claims, including those under the Fair Credit Reporting Act, Gramm-Leach-Bliley Act, and Fair and Accurate Credit Transactions Act. Substantial experience counseling clients in the healthcare space on privacy and data security, with a particular emphasis on HIPAA regulations.

Strengths (Quotes mainly from clients)
"They are very good on high-level regulatory work." 

Work highlights Defended SAIC in eight class actions arising from the theft of back-up tapes containing personal data relating to customers of Tricare Management Activity.

Notable practitioners  

Clients are keen to endorse Nancy Perkins and say that she is "a good listener who is very responsive and very comforting." She continues to build a strong litigation practice while also offering HIPAA compliance advice to prominent healthcare and pharmaceuticals companies.

Peers respect Ronald Lee as a "very able" and "smart" practitioner who is particularly strong on government access to private sector data and national security issues. He also leads the team in advising a number of private equity firms, public companies and individuals on security matters, including personnel and facility security clearance.

第三等 |

Basic facts about the department
Key offices include Cleveland, Denver and New York. 

What the team is known for Deep expertise in data breach incidents, having handled over 500 such matters on behalf of clients. Proficient compliance practice with capabilities in counseling large companies on healthcare, contract negotiation and the drafting of privacy policies.

Strengths (Quotes mainly from clients)
"They are just terrific lawyers - very knowledgeable, good with clients and very savvy on cybersecurity."

"Very responsive to our needs and work priorities as well being very solid on the substance of the work."

Work highlights Defending Sentara Healthcare in a class action following the theft of a laptop from a business associate containing confidential patient information.

Lead defense counsel for Vistaprint in a $5 million class action concerning the use of cookies on the defendant's website.

Notable practitioners  

Theodore Kobus is appreciated by sources for being "terrific on a personal level but also a very smart, zealous advocate for his clients." He focuses on security incident response and is applauded for being "very good at seeing both the big-picture and small-picture items" when advising clients on major breaches.  

Significant clients Schnuck Markets, Advocate Health, QVC, Harbor Freight Tool, Vantiv.

第三等 |

Basic facts about the department
Key offices include Chicago, Denver, Los Angeles, New York and Salt Lake City.

What the team is known for Boutique firm with a focus on counseling clients on the capture, use, storage and disposal of data. Innovative, low-overhead structure, with a group of highly specialized privacy attorneys servicing clients remotely. Comprehensive practice with capabilities across all major practice areas, including litigation, data security investigations and breach response.

Strengths (Quotes mainly from clients)
"What I like about them is their structure. It's truly a firm of the information age that practices what it preaches."

"They are extremely responsive and their advice is business-savvy and practical."

Work highlights Successfully obtained the disqualification of the lead plaintiff and subsequent dismissal of Opt It as a defendant in a major Telephone Consumer Protection Act class action brought in the Northern District of Illinois.

Drafted a new privacy policy for BrightTag's website and providing ongoing advice in the role of chief outside privacy counsel.

Notable practitioners  

Justine Gottshall advises on a host of privacy matters as well as issues related to offline and online marketing and promotion. Clients say she is "very responsive and sensitive to business needs" and excels in giving "practical business advice."

Notable practitioners, ZixCorp, Raleigh Enterprises, Sedgwick Claims Management Services.

Band 3 | Locke Lord LLP

第三等 |

Basic facts about the department
Key offices include Chicago, Los Angeles and New York.

What the team is known for Broad and multidisciplinary team involved in an array of privacy work, ranging from breaches to big data and litigation. Multinational presence with a strong US base, allowing attorneys to offer seamless advice when confronted with cross-border regulatory issues.

Strengths (Quotes mainly from clients)
"The attorneys are enjoyable to deal with and are very thorough, knowledgeable and on top of everything."

"Outstanding. I have been really satisfied by their work."  

Notable practitioners  

The "excellent" Thomas Smedinghoff is a "go-to guy for privacy." His focus is counseling clients on cutting-edge issues in developing area such as e-commerce. He directly contributes to the development of public policy on cybersecurity by speaking at forums, serving on State Department committees and publishing papers.

第三等 |

Basic facts about the department
Key offices include Boston and Chicago.

What the team is known for Broad privacy practice with the ability to draw on the resources of a top-tier healthcare team. Particularly renowned for advice on healthcare-related privacy matters, including HIPAA and HITECH compliance. Significant experience defending corporations in litigation and government investigations.

Work highlights Advised a notable nonprofit organization on the compliance issues arising from a large-scale outsourcing and data center transaction. 

Notable practitioners  

Heather Egan Sussman co-heads the privacy and data security practice and is the team's main point of contact.

Significant clients IBM, Steward Health Care, TD Bank, Valassis, Nuance Communications.

第三等 |

Basic facts about the department
Key offices include Los Angeles, New York and Silicon Valley.

What the team is known for Strong background in cloud computing, with a particular emphasis on newly developing areas such as virtual currencies and mobile payments. Dedicated 'cybersecurity task force' charged with providing a rapid and comprehensive cybersecurity response service.

Strengths (Quotes mainly from clients)
"They were very professional and thorough and we were very pleased with the work product."

"They are good at what they do, particularly in the healthcare space."

Work highlights Advised CBR Systems, the world's largest blood banking company, in responding to the theft of data relating to 200,000 CBR clients.

Provided ongoing domestic and cross-border advice on regulatory, privacy and compliance issues to NetSpend, a provider of processing and marketing services to MasterCard and Visa.

Notable practitioners  

Deborah Thoren-Peden is the practice group head and the team's main point of contact.

Significant clients Blackhawk Network, Health Net.

第三等 |

Basic facts about the department
Key offices include Los Angeles and New York.

What the team is known for Counseling multinational clients on domestic and international regulatory issues, including compliance with the EU Data Protection Directive. Extensive contentious practice with experience in regulatory investigations and consumer class actions.

Strengths (Quotes mainly from clients)
"They know the law as well as the client's needs and are very responsive. The firm also has a global reach with access to expertise in multiple jurisdictions."

Notable practitioners  

Kristen Mathews earns plaudits from sources for being "very smart" with "an impressive attention to detail." She offers advice on a variety of privacy issues for clients in a number of industries, including technology, consumer products, travel and financial services.

第三等 |

Basic facts about the department
Key offices include Boston, Chicago, New York and San Francisco.

What the team is known for Substantial experience dealing with major security breach incidents and a leader in the field since representing TJX in one of the most highly publicized data breaches in US history. Strong litigation team with particular expertise defending high-profile corporations in large-scale consumer class actions and regulatory investigations.

Strengths (Quotes mainly from clients)
"What we value most is the accuracy, feasibility and timeliness of the service rendered."

"They have been extremely responsive and have shown sensitivity toward fees."

Work highlights Represented Genesco in a first-of-its-kind claim against Visa that sought to recover $13 million in fines wrongfully collected by Visa from banks Genesco used to process Visa transactions.

Represented Massachusetts Eye & Ear Infirmary in the settlement of an enforcement action by the Department of Health & Human Services' Office for Civil Rights. The action related to the loss of a laptop containing unencrypted health information.

Notable practitioners  

Douglas Meal is a "best in class litigator" who is well known among peers for representing TJX in a series of cases arising from a substantial data breach in 2006. Sources universally praise his advocacy skills and say that "he has a terrific way of distilling extremely difficult issues into smaller pieces without being preachy."

Significant clients Wyndham Hotels, Nationwide Mutual Insurance, Pfizer, Stanford University, Heartland Dental Care.

第三等 |

Basic facts about the department
Key offices include Palo Alto, San Francisco, New York and Washington, DC.

What the team is known for Significant number of attorneys who have previously held high-profile positions within the major regulators, including the FTC. Renowned litigation practice with an impressive track record defending claims brought under the Telephone Consumer Protection Act, Electronic Communications Privacy Act and Video Privacy Protection Act.

Strengths (Quotes mainly from clients)
"The accessibility, speed of response and ability to give practical advice are exceptional."

"I have been extremely satisfied as they do very good work at fair prices."

Work highlights Successfully defended Google in obtaining dismissal of 20 putative class actions alleging the company inappropriately placed cookies on Safari internet browsers.

Defended various clients, including Twitter, Casting360 and Square, in claims brought under the Telephone Consumer Protection Act alleging invasion of privacy through the receipt of unwanted text messages

Notable practitioners  

A former director of the Bureau of Consumer Protection at the FTC, Lydia Parnes has an impressive background in regulatory investigations. She continues to represent prominent corporations in high-profile investigations, with one recent matter seeing her negotiate a $23 million settlement with the FTC on behalf of Google over alleged privacy violations. Her experience is greatly appreciated by clients, who say that "she is superb in both the depth of her legal knowledge and the savviness she brings concerning the privacy and data security environment."

Significant clients Chrysler, Epsilon, GoDaddy, Spotify, Sprint.

Other Ranked Lawyers 其他上榜律师

Randy Sabett recently moved to Cooley LLP from ZwillGen, and has "great technical skills" honed over 20 years working in the information sector, including as an NSA crypto engineer. He focuses on counseling clients on issues at the cutting edge of privacy law, including SaaS (software as a service), mobile applications and cloud-based systems.

Joseph DeMarco is a partner at DeVore & DeMarco LLP, a boutique firm focused on privacy and information security. He assists clients on complex and cutting-edge matters in the privacy space, including emerging technologies and the most challenging cybercrime investigations.

Boris Segalis recently joined Norton Rose Fulbright from InfoLaw Group LLP. The New York-based Segalis advises clients on noncontentious issues in numerous emerging areas of privacy practice, including social media, mobile computing, e-commerce and payment systems. He attracts compliments from sources for being "very business-savvy" as well as "very bright and articulate."

Ian Ballon of Greenberg Traurig, LLP specializes in acting for online technology companies on a whole range of internet-related issues, including behavioral advertising and e-commerce. Market sources report being impressed by his contributions at conferences and offer praise for his "practical and useful advice."

Françoise Gilbert of IT Law Group brings over 30 years' experience to bear when advising on international privacy matters. She is respected as a "true expert of the privacy field" who is "very detail-focused and understands the technology side of things."

Mary Ellen Callahan recently returned to private practice at Jenner & Block LLP after having been the longest-serving Chief Privacy Officer at the Department of Homeland Security. She draws on this impressive government background when advising major online and offline companies on a range of privacy and cybersecurity issues. These clients are keen to offer up praise for an "outstanding" attorney who "knows all the players and offers pragmatic and efficient advice."

Mintz Levin Cohn Ferris Glovsky and Popeo PC is home to the "technically brilliant" Cynthia Larose, who draws plaudits for being "extremely competent and efficient." She is "very good at dealing with sophisticated clients" on the compliance issues surrounding the use of data as well as data breach response.

Melodi Gates practice at Patton Boggs LLP covers the gamut of privacy issues, with a particular emphasis on counseling healthcare entities on HIPAA compliance. She also has many years' experience advising clients on the development and drafting of privacy policies.

Sole practitioner Margaret Eisenhauer offers compliance solutions in numerous areas, including marketing communications, notification requirements and the management of data breaches. Peers say that she is "very strong" and produces "an excellent work product. " 

Mark Melodia of Reed Smith LLP specializes in litigating business-critical class action lawsuits, particularly on behalf of financial services clients. He recently represented Blizzard Entertainment in defending a putative class action in which the plaintiffs allege that Blizzard failed to provide sufficient protections to guard against a purported criminal cyber attack in 2012.

The "very knowledgeable" Linn Freedman of Robinson & Cole LLP counsels clients on compliance with both state and federal privacy laws, including HIPAA and other healthcare regulations. She provides ongoing advice to National Grid on all privacy issues, including Massachusetts-specific regulations, government investigations and the creation of employee training modules.

The "very smart and knowledgeable" Benita Kahn is chair of the technology and IP group at Vorys, Sater, Seymour and Pease LLP. Her Columbus-based practice centers around advising clients in the creation of marketing programs that are compliant with state and federal privacy regulations.

Reed Freeman recently joined WilmerHale from Morrison & Foerster. Clients appreciate his "breathtaking knowledge" of offline and online privacy issues. He has a particular specialty in breach notification as well as in matters related to advertising and direct marketing. He has recently counseled a leading global news and entertainment organization on developing novel solutions related to behavioral advertising.

Chicago-based Liisa Thomas of Winston & Strawn LLP focuses on issues at the convergence of privacy and advertising law, including online behavioral advertising, mobile marketing campaigns and the development of privacy policies. She is praised by clients for her ability to "think creatively" as well as having "a very quick turnaround on legal questions."

Foreign Experts

Foreign Experts are individuals with expertise in a different jurisdiction to the one they are based in. These individuals are particularly highly regarded for international and cross-border work. Usually, they will be identified in the jurisdiction in which they are based and in their country of expertise.

Senior Statesman

A 'Senior Statesman' is a lawyer who no longer works hands-on with the same intensity but who, by virtue of close links with major clients, remains pivotal to the firm’s success.

Eminent Practitioners

'Eminent Practitioners' are highly influential lawyers in a particular practice area who, due to managerial or client relationship commitments, are less active in day-to-day work but remain key players in the team.

Other Noted Practitioners

Other Noted Practitioners are individuals who have not yet been ranked but are seen to be active and accomplished in this area of law.

Other Noted Firms

Other Noted Firms are firms that have not yet been ranked but are seen to be active and accomplished in this area of law.