Ryan Bergsieker is a partner in Gibson, Dunn & Crutcher’s Denver office.  He is a former federal cybercrimes prosecutor who has tried more than 45 civil and criminal cases to verdict.  Mr. Bergsieker’s practice is focused in three areas: government investigations, complex civil litigation, and cybersecurity/data privacy counseling.  In ranking Mr. Bergsieker as one of the top white collar defense and government investigations lawyers in Colorado, Chambers & Partners highlights client reports that Mr. Bergsieker “demonstrates good judgment and produces an excellent work product,” is “prompt, responsive and dependable,” “draws on strong expertise in government investigations and cybersecurity,” and is “very strong on tech and hacking.” Based on client feedback, BTI has named Mr. Bergsieker to its nationwide Client Service All-Stars List, recognizing “attorneys who stand above all the others in delivering the absolute best in client service.”  He also has been recognized by Best Lawyers, highlighted as a Colorado “Rising Star,” and named a “Complete Lawyer” who “excel[s] in the courtroom, in the boardroom, in client meetings and out in the community.”  He has particular experience with Department of Justice, Federal Trade Commission (“FTC”), Department of Health and Human Services(“HHS”), and State Attorney General investigations, and substantive expertise regarding the False Claims Act (“FCA”), the European Union’s General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), HIPAA, and a wide range of other federal, state, and international privacy/cybersecurity laws, regulations, and standards.

Before joining Gibson Dunn, Mr. Bergsieker served as an Assistant United States Attorney in the District of Colorado.  He coordinated the District’s computer hacking prosecutions, served as its subject matter expert on electronic surveillance law, and investigated and prosecuted a wide range of crimes, including computer intrusions, denial of service attacks, theft of proprietary business information, identity theft, pharmaceutical misbranding, wire fraud, mail fraud, and murder.  In addition to trying cases before nearly every judge in the District, he led dozens of criminal investigations and argued multiple appeals before the United States Court of Appeals for the Tenth Circuit.  As a result of Mr. Bergsieker’s work, the United States Attorney awarded him the District’s Distinguished Service Award and the U.S. Attorney’s Award of Excellence.

Drawing on his experience, Mr. Bergsieker has written and lectured extensively on privacy, cybersecurity, and other government investigation-related topics.  He serves on the Board of Directors of the Faculty of Federal Advocates, and has been appointed to the Magistrate Judge Merit Selection Panel for the District of Colorado.

Mr. Bergsieker graduated summa cum laude and Phi Beta Kappa from Princeton University with an A.B. from the School of Public and International Affairs.  He received his J.D. from Yale Law School, where he served on the Board of the Yale Law Journal and as a civil procedure teaching assistant.  After graduating from law school, Mr. Bergsieker clerked for the Honorable David M. Ebel on the United States Court of Appeals for the Tenth Circuit.

Representative Cybersecurity and Privacy Matters

• Representing publicly traded social media company in FTC inquiry related to disclosures regarding the company’s use of consumers’ personal information.
• Representing publicly traded e-commerce company in FTC investigation following then-largest-ever data breach.
• Representing multiple publicly traded healthcare providers and payors in Department of Health and Human Services investigations of potential HIPAA violations.
• Conducting internal investigation for publicly traded retail company regarding electronic exfiltration of sensitive company information in corporate espionage scheme.
• Advising publicly traded companies in multiple industries—including energy, manufacturing, financial services, and healthcare—on development of cybersecurity incident and data breach response plans.
• Advising companies in multiple industries on compliance with the European Union’s General Data Protection Regulation (“GDPR”).
• Training employees of multiple companies on handling data breach investigations.
• Conducting internal investigation for publicly traded hospitality industry company regarding the unauthorized use of company computer resources for cryptocurrency mining.
• Providing real-time counsel and crisis management advice to multiple publicly traded companies during investigations of suspected and actual data breaches.
• Conducting internal investigation for publicly traded company regarding cyber embezzlement scheme.
• Representing publicly traded e-commerce company in parallel investigations by state attorneys general regarding revisions to user agreement.
• Representing privately held software company in FTC COPPA investigation.
• Advising publicly traded healthcare companies on compliance with HIPAA, including conducting risk assessments and preparing risk management plans.
• Advising publicly traded manufacturing company on cybersecurity aspects of expansion into foreign jurisdictions.

 Other Representative Government Investigation Matters

• Representing publicly traded healthcare provider in multi-state parallel criminal and civil False Claims Act investigations by U.S. Department of Justice.
• Representing publicly traded automobile manufacturer in investigation by coalition of state attorneys general regarding advertising claims.
• Representing large privately held government contractor in Department of Justice False Claims Act investigation.
• Representing publicly traded educational institution in FTC investigation regarding advertising claims.
• Advising financial services firm on compliance with FTC advertising requirements.
• Representing fintech company in investigation by Colorado Attorney General’s Office.
• Representing owner of privately held pharmaceutical business in federal wire fraud investigation.
• Representing employees of publicly traded company as witnesses in criminal investigation and trial of former contractor.
• Advising hedge fund on development of protocols for conducting internal investigations connected to potential regulatory inquiries.
• Representing publicly traded financial institution in state attorney general’s investigation of foreclosure practices.

 Representative Civil Litigation Matters

• Representing large government contractor in False Claims Act qui tam
• Representing large financial institution in theft of trade secrets litigation.
• Representing publicly traded recreational industry company in litigation over control of significant resort property.
• Representing multiple publicly traded companies in contract disputes.
• Representing publicly traded energy industry company in merger dispute.

Representative Pro Bono Matters

• Representing non-profit organizations in navigating data breach notice requirements.
• Representing shelter for abused women in litigation involving alleged abuser’s request for information on shelter residents.
• Representing immigrant student before School Board in high-profile disciplinary matter.
• Providing legal services to the homeless at monthly legal clinics.

Recent Professional Publications

• The Colorado Privacy Act: Enactment of Comprehensive U.S. State Consumer Privacy Laws Continues, Gibson Dunn Client Alert (July 2021).
• China Constricts Sharing of In-Country Corporate and Personal Data Through New Legislation, Gibson Dunn Client Alert (June 2021).
• European Commission Adopts New Standard Contractual Clauses for International Data Transfers, Gibson Dunn Client Alert (June 2021).
• President Biden Issues Executive Order to Enhance U.S. Cybersecurity in the Wake of Major Cyber Incidents, Gibson Dunn Client Alert (May 2021).
• California’s Privacy Laws Continue to Take Form: New Regulations for CCPA and Appointment of CPPA Members, Gibson Dunn Client Alert (March 2021).
• Virginia Passes Comprehensive Privacy Law, Gibson Dunn Client Alert (March 2021).
• Federal Regulators Propose Rule Requiring Banking Institutions and Service Providers to Provide Rapid Notification Following Significant Computer-Security Incidents, Gibson Dunn Client Alert (Jan. 2021).
• European Data Protection Board Issues Important New Guidance on Transfers of Personal Data Out of the European Economic Area, Gibson Dunn Client Alert (Nov. 2020).
• Where Data Privacy and CFPB Are Headed Under Biden, Law360 (Nov. 2020).
• Businesses Should Prepare for a New Phase of Privacy Regulation and Enforcement in the United States, Gibson Dunn Client Alert (Nov. 2020).
• California Approves Final CCPA Regulations, and Bill Extending Key Exemptions Moves Forward at the Legislature, Gibson Dunn Client Alert (Aug. 2020).
• The Court of Justice of the European Union Strikes Down the Privacy Shield but Upholds the Standard Contractual Clauses under Conditions, Gibson Dunn Client Alert (July 2020).
• S. Supreme Court to Weigh FTC Restitution Authority, Gibson Dunn Client Alert (July 2020).
• GDPR Update: French Administrative Supreme Court Upholds 50 Million Euro Fine Against Google LLC, Gibson Dunn Client Alert (June 2020).
• California Consumer Privacy Act Update: Attorney General Finalizes Regulations and Provides Interpretive Guidance, Gibson Dunn Client Alert (June 2020).
• Privacy and Cybersecurity Issues Related to COVID-19, Gibson Dunn Client Alert (Mar. 2020).
• California Consumer Privacy Act Update: Attorney General Proposes Further Revisions to CCPA Regulations, Gibson Dunn Client Alert (Mar. 2020).
• California Consumer Privacy Act Update: Attorney General Proposes Regulations Version 2.0, Gibson Dunn Client Alert (Feb. 2020).
• Google and YouTube Reach Historic Settlement with FTC and New York AG Over Alleged COPPA Violations, Gibson Dunn Client Alert (Sept. 2019).
• S. Department of Health and Human Services Issues New Guidance on Voluntary Cybersecurity Practices for Health Care Industry, Gibson Dunn Client Alert (Jan. 2019).
• The General Data Protection Regulation: A Primer for U.S.-Based Organizations That Handle EU Personal Data, Gibson Dunn Client Alert (Dec. 2017).
• Cybersecurity & Data Privacy: An Overview for Health Care, Pharmaceutical, and Biotech Companies, Gibson Dunn Client Alert (Aug. 2017).
• Trump Administration Prioritization of Cybersecurity, Gibson Dunn Client Alert (June 2017).
• Preparing for Ransomware Attacks: Your Company is a Target, Legaltech News (Apr. 2017).
• New York State Department of Financial Services Revises Proposed Cybersecurity Regulations, Gibson Dunn Client Alert (Jan. 2017).
• The Cost of Ransomware Attacks Can Reach Far Beyond the Ransom Payment Itself, Healthcare Informatics (Dec. 2016).
• New Cybersecurity Requirements for Defense Contractors Take Effect, Gibson Dunn Client Alert (Oct. 2016).
• Federal Banking Regulators Announce New Proposed Cybersecurity Standards, Gibson Dunn Client Alert (Oct. 2016).
• New York State Department of Financial Services Announces Proposed Cybersecurity Regulations, Gibson Dunn Client Alert (Sept. 2016).
• Making Sense of a Morass: An Overview of the Different Standards U.S. Government Agencies and Other Entities Are Developing to Regulate Cybersecurity, Privacy and Security Law Report (Nov. 2015).
• S. Federal Trade Commission Provides Guidance on Cybersecurity Enforcement Priorities, Gibson Dunn Client Alert (Sept. 2015).
• The Third Circuit Upholds the U.S. Federal Trade Commission’s Authority to Regulate Cybersecurity, Gibson Dunn Client Alert (Aug. 2015).
• The Federal Trade Commission’s Enforcement of Data Security Standards, Colorado Lawyer (June 2015).
• New FTC Report Sets Out Principles Likely to Influence Regulation of the “Internet of Things,” Gibson Dunn Client Alert (Feb. 2015).
• S. President Obama Announces Renewed Focus on Securing Cyberspace and Protecting Consumer Privacy, World Data Protection Report (Jan. 2015).
• Implications of the SEC’s Increased Focus on Cybersecurity, Wall Street Lawyer (May 2014).
• The Cybersecurity Framework: Risk Management Process . . . And Pathway to Corporate Liability?, Westlaw Journal (Dec. 2013).

 Recent Speaking Engagements

• Privacy and Consumer Protection Enforcement Under the Biden Administration (Jan. 2021).
• Complying with New U.S. and EU Privacy Requirements (Dec. 2020).
• Government Audits & Investigations: Ethical and Practical Challenges (Dec. 2019).
• And You thought You Knew What a “Sale” Was!: Sales of Personal Information Under the California Consumer Privacy Act (Nov. 2019).
• The California Consumer Privacy Act: An Overview (Feb. 2019).
• Government Investigations: Ethical and Practical Challenges (Nov. 2018).
• GDPR Preparation: Implementation Tips for U.S. Companies (March 2018).
• Privacy and Cybersecurity (Oct. 2017).
• Cybersecurity: It Takes A Team (Sept. 2017).
• Cybersecurity: Protecting Your Business While Building Trust with Your Customers (Nov. 2016).
• How Companies Can Work with Federal Law Enforcement When Responding to Cybersecurity Incidents (Sept. 2016).
• Cyber Incident Response (July 2016).
• Consumer Financial Protection Bureau (CFPB) Trends in Enforcement and Investigations (April 2016).
• Data Privacy and Security – Compliance and Risk Management (March 2016).
• What Are “Reasonable” Security Measures? Dealing with the Fallout of a Data Breach and Responding to Government Investigations (Jan. 2016).
• The Internet of Things – Where Opportunities and Privacy Collide (Oct. 2015).
• Cybersecurity for Business Lawyers (April 2015).
• Safeguarding Your Right to Privacy: Data Security in a Digital World (Feb. 2015).
• The New Frontier in Consumer Protection Law Enforcement: Holding Companies Responsible When Thieves Steal Consumers’ Information (Feb. 2015).
• Cyber Security: Preparing Your Company for a Cyber Attack (Oct. 2014).
• Implications of the SEC’s Increased Focus on Cybersecurity (Aug. 2014).
• An Introduction to Cybercrime (Nov. 2013).