Privacy and Information Security

Your business—and your competitive edge—depend on data. But how your business navigates through changing expectations and laws around privacy can mean the difference between finding new opportunities and facing significant legal exposure. We help you cut through the noise to what matters.

As new technologies shape—and reshape—the global marketplace for content distribution, advertising, personalization, and engagement, companies also need to account for a continually shifting legal and regulatory framework when it comes to personal information. The resulting patchwork of federal and state laws, regulations, and industry requirements creates a compliance headache that plagues even the most sophisticated companies.

Our privacy team works on the leading edge of media, technology, and business to help you achieve your goals while minimizing the risk of stepping on privacy landmines, including a deep knowledge of technical and business practices that depend on digital advertising and artificial intelligence. Perhaps most importantly, clients turn to us for our practical advice that cuts through legalese and helps you understand, prioritize, and implement.

Our team has a unique perspective developed from collective experience serving as in-house counsel, within the FTC’s Bureau of Consumer Protection and numerous state attorneys general offices, to decades of counseling clients with a focus on advice that helps businesses move forward. We cultivate strong relationships and maintain a well-earned reputation for integrity and credibility with attorneys at every level of the FTC, in the offices of state attorneys general, and we have a long track record of efficiently and effectively resolving investigations and lawsuits with both regulators and plaintiffs’ firms.

Our perspective and knowledge of the industry also comes from our broad based work assisting B2B and B2C clients across a range of highly scrutinized industries, including all types of technology companies (platforms, publishers, advertisers, and adtech/martech), consumer products and retail, health and wellness, hotel and leisure, and financial services and fintech.

Read more about our FTC practice
Read more about our State AG practice
Read more about our Consumer Class Action Defense practice

Compliance and Counseling

Your focus should be on empowering your business. Confusion over the privacy and information security expectations of regulators, industry requirements and best practices, and litigation risks can be distracting (and costly). We help our clients make sound choices responding to today’s challenges, as well as anticipating what’s around the corner, so that your short and long term planning reinforces a privacy foundation that is both practical and durable.

We advise on all ways that companies use and disclose personal information, including evolving definitions of what counts as personal information and sensitive personal information. We support our clients as they explore new forms of data collaborations including clean rooms, retail media strategies, challenges with measurement and analytics, and privacy enhancing technologies. Our deep background in advertising and marketing law also informs our efficient, practical guidance when it comes to operationalizing privacy in day to day use cases, from clarifying consent requirements, to texting and calling practices, to interest-based advertising and generative AI, to standing up pragmatic privacy programs whether your business is a startup or an enterprise. We also routinely advise clients on understanding and implementing global, national, or regional privacy requirements, as well as self-regulatory initiatives and industry requirements and best practices.

Our work spans comprehensive support in tackling all aspects of a company’s privacy requirements, including implementing compliant notices, policies, and permissions. We also help clients stress test their programs with appropriate audits and table-top training, as well as develop and implement reasonable diligence, contract terms, and practical compliance monitoring for business partners and vendors handling your data. Our clients also appreciate our responsiveness in helping to advise on periodic compliance questions.

Investigations and Disputes

Each year we guide clients through dozens of regulatory inquiries, government and internal investigations, enforcement actions, and litigation brought by the FTC, the Federal Communications Commission (FCC), the Consumer Financial Protection Bureau (CFPB), state attorneys general, other state agencies, and individual or classes of consumers. We prioritize how to minimize risk and achieve an outcome that makes sense for you and your business—whether that’s closure of an inquiry or investigation, a favorable settlement, or successful litigation.

We have a deep understanding of the laws commonly at issue in privacy and data security litigation, including federal and state wiretap laws, including the California Invasion of Privacy Act (CIPA), Video Privacy Protection Act (VPPA), Florida Security of Communications Act (FSCA) and the Federal Wiretap Act (FWA). We also routinely defend clients against claims brought pursuant to the Fair Credit Reporting Act (FCRA), telemarketing laws including the Telemarketing Sales Rule (TSR) and the Telephone Consumer Protection Act (TCPA), and all forms of state consumer protection laws and privacy laws, including the California Consumer Privacy Act (CCPA), biometric privacy laws such as Illinois Biometric Information Privacy Act (BIPA), and the rise of health privacy and geofencing laws, including Washington’s My Health My Data Act.

Read more about Telephone Consumer Protection Act (TCPA) Defense
Read more about The Illinois Biometric Information Privacy Act (BIPA)

We have an impressive record negotiating with state and federal regulators to close investigations amicably. We’ve also negotiated assurances of voluntary compliance with state attorneys general in both single- and multi-state matters. And our market-leading class action litigators have years of experience with privacy-related issues. Our team includes several litigators who are Certified Information Privacy Professionals (CIPP/US) by the IAPP.


High-profile data breaches, hacks, and cyberattacks have affected millions of individuals and exposed companies from the biggest brand names to the smallest entities to government scrutiny and litigation. Congress, the White House, government agencies, state attorneys general, the media, industry, and consumers are all focused on cybersecurity—the regulations, the risks, and the all-too-public failures of companies to prevent unauthorized access to consumer and employee data.

Our Cybersecurity Counseling and Compliance team works with companies to prevent and, where necessary, optimally resolve data breaches in compliance with state, federal, and industry regulations. We not only help clients proactively develop policies and procedures to avoid data breaches, we also ensure that they are prepared to meet their legal obligations in the event of a cyberattack or other cyber-event. We advise on internal and third-party investigations to determine the source of the breach, assist in meeting the notification obligations, manage public relations, and counsel on overall strategy to reduce the risk of resulting investigations and litigation.

Team Members
Most recent honors
View all for this practice