Ryan Bergsieker is of counsel in Gibson, Dunn & Crutcher’s Denver office. He is a former federal prosecutor and an experienced courtroom advocate who has tried more than 45 civil and criminal cases to verdict. Mr. Bergsieker’s practice is focused in three areas: government investigations, complex civil litigation, and information security/data privacy counseling and litigation. He helps companies and executives navigate regulatory and criminal investigations, commercial disputes, and cybersecurity incidents, and he provides proactive counseling to help clients minimize the likelihood and impact of such events. He has been recognized as a Colorado “Rising Star”; a “Complete Lawyer” who “excel[s] in the courtroom, in the boardroom, in client meetings and out in the community”; and one of the top ten criminal defense attorneys in Colorado under the age of 40. In ranking Mr. Bergsieker in the area of Litigation: White-Collar Crime and Government Investigations, Chambers & Partners highlights client reports that Mr. Bergsieker “demonstrates good judgment and produces an excellent work product” and is “prompt, responsive and dependable.”
Before joining Gibson Dunn, Mr. Bergsieker served as an Assistant United States Attorney in the District of Colorado. He coordinated the District’s computer hacking prosecutions, served as its subject matter expert on electronic surveillance law, and investigated and prosecuted a wide range of crimes, including computer intrusions, denial of service attacks, theft of proprietary business information, identity theft, pharmaceutical misbranding, wire fraud, mail fraud, and murder. In addition to trying cases before nearly every judge in the District, he led dozens of criminal investigations and argued multiple appeals before the United States Court of Appeals for the Tenth Circuit. As a result of Mr. Bergsieker’s work, the United States Attorney awarded him the District’s Distinguished Service Award and the U.S. Attorney’s Award of Excellence.
Drawing on his experience, Mr. Bergsieker has written and lectured extensively on cybercrime, electronic surveillance, and other cybersecurity and criminal law topics. He serves on the Board of Directors of the Faculty of Federal Advocates.
Mr. Bergsieker graduated summa cum laude and Phi Beta Kappa from Princeton University with an A.B. from the Woodrow Wilson School of Public and International Affairs. He received his J.D. from Yale Law School, where he served as Comments Editor of the Yale Law Journal and was selected as a civil procedure teaching assistant. After graduating from law school, Mr. Bergsieker clerked for the Honorable David M. Ebel on the United States Court of Appeals for the Tenth Circuit.
Representative Cybersecurity and Privacy Matters
- Representing publicly traded e-commerce company in Federal Trade Commission investigation following then-largest-ever data breach.
- Representing publicly traded healthcare provider in Department of Health and Human Services investigation of potential HIPAA Security Rule violations.
- Conducting internal investigation for publicly traded retail company regarding electronic exfiltration of sensitive company information in corporate espionage scheme.
- Advising publicly traded companies in multiple industries—including oil & gas, manufacturing, and recreational industry participants—on development of cyber incident response plan.
- Training information security department employees of publicly traded healthcare company on handling data breach investigations.
- Conducting internal investigation for publicly traded hospitality industry company regarding the unauthorized use of company computer resources for cryptocurrency mining.
- Counseling publicly traded health insurance provider on compliance with federal and state privacy requirements.
- Advising large privately held financial institution on compliance with multiple overlapping data security standards.
- Providing real-time counsel and crisis management advice to multiple publicly traded companies during investigations of suspected and actual data breaches.
- Conducting internal investigation for publicly traded company regarding cyber embezzlement scheme.
- Representing publicly traded social media company in Federal Trade Commission inquiry related to disclosures regarding the company’s use of consumers’ personal information.
- Representing publicly traded e-commerce company in parallel investigations by state attorneys general regarding revisions to user agreement.
- Representing privately held software company in Federal Trade Commission COPPA investigation.
- Representing publicly traded company in connection with breach sustained by data processor vendor.
- Advising publicly traded healthcare companies on compliance with the HIPAA Security Rule, including conducting risk assessments and preparing risk management plans.
- Advising publicly traded manufacturing company on cybersecurity aspects of expansion into foreign jurisdictions.
Other Representative Government Investigation Matters
- Representing publicly traded healthcare provider in multi-state parallel criminal and civil False Claims Act investigations by U.S. Department of Justice.
- Representing publicly traded automobile manufacturer in investigation by coalition of state attorneys general regarding advertising claims.
- Representing large privately held government contractor in Department of Justice False Claims Act investigation.
- Representing publicly traded educational institution in Federal Trade Commission investigation regarding advertising claims.
- Representing fintech company in investigation by Colorado Attorney General’s Office.
- Representing owner of privately held pharmaceutical business in federal wire fraud investigation.
- Representing employees of publicly traded company as witnesses in criminal investigation and trial of former contractor.
- Advising hedge fund on development of protocols for conducting internal investigations connected to potential regulatory inquiries.
- Representing publicly traded financial institution in state attorney general’s investigation of foreclosure practices.
Representative Civil Litigation Matters
- Representing large government contractor in False Claims Act qui tam litigation.
- Representing large financial institution in theft of trade secrets litigation.
- Representing publicly traded recreational industry company in litigation over control of significant resort property.
- Representing multiple publicly traded companies in contract disputes.
- Representing publicly traded energy industry company in merger dispute.
Representative Pro Bono Matters
- Representing shelter for abused women in litigation involving alleged abuser’s request for information on shelter residents.
- Representing minority student before School Board in high-profile disciplinary matter.
- Providing legal services to the homeless at monthly legal clinics.
- Providing legal services to victims of historic Colorado floods.
Recent Professional Publications
- Cybersecurity & Data Privacy: An Overview for Health Care, Pharmaceutical, and Biotech Companies, Gibson Dunn Client Alert (Aug. 2017).
- Trump Administration Prioritization of Cybersecurity, Gibson Dunn Client Alert (June 2017).
- Preparing for Ransomware Attacks: Your Company is a Target, Legaltech News (Apr. 2017).
- New York State Department of Financial Services Revises Proposed Cybersecurity Regulations, Gibson Dunn Client Alert (Jan. 2017).
- The Cost of Ransomware Attacks Can Reach Far Beyond the Ransom Payment Itself, Healthcare Informatics (Dec. 2016).
- New Cybersecurity Requirements for Defense Contractors Take Effect, Gibson Dunn Client Alert (Oct. 2016).
- Federal Banking Regulators Announce New Proposed Cybersecurity Standards, Gibson Dunn Client Alert (Oct. 2016).
- New York State Department of Financial Services Announces Proposed Cybersecurity Regulations, Gibson Dunn Client Alert (Sept. 2016).
- Making Sense of a Morass: An Overview of the Different Standards U.S. Government Agencies and Other Entities Are Developing to Regulate Cybersecurity, Privacy and Security Law Report (Nov. 2015).
- U.S. Federal Trade Commission Provides Guidance on Cybersecurity Enforcement Priorities, Gibson Dunn Client Alert (Sept. 2015).
- The Third Circuit Upholds the U.S. Federal Trade Commission’s Authority to Regulate Cybersecurity, Gibson Dunn Client Alert (Aug. 2015).
- The Federal Trade Commission’s Enforcement of Data Security Standards, Colorado Lawyer (June 2015).
- New FTC Report Sets Out Principles Likely to Influence Regulation of the “Internet of Things,“ Gibson Dunn Client Alert (Feb. 2015).
- U.S. President Obama Announces Renewed Focus on Securing Cyberspace and Protecting Consumer Privacy, World Data Protection Report (Jan. 2015).
- Implications of the SEC’s Increased Focus on Cybersecurity, Wall Street Lawyer (May 2014).
- The Cybersecurity Framework: Risk Management Process . . . And Pathway to Corporate Liability?, Westlaw Journal (Dec. 2013).
Recent Speaking Engagements
- Privacy and Cybersecurity (Oct. 2017).
- Cybersecurity: It Takes A Team (Sept. 2017).
- Cybersecurity: Protecting Your Business While Building Trust with Your Customers (Nov. 2016).
- How Companies Can Work with Federal Law Enforcement When Responding to Cybersecurity Incidents (Sept. 2016).
- Cyber Incident Response (July 2016).
- Consumer Financial Protection Bureau (CFPB) Trends in Enforcement and Investigations (April 2016).
- Data Privacy and Security – Compliance and Risk Management (March 2016).
- What Are “Reasonable” Security Measures? Dealing with the Fallout of a Data Breach and Responding to Government Investigations (Jan. 2016).
- The Internet of Things – Where Opportunities and Privacy Collide (Oct. 2015).
- Cybersecurity for Business Lawyers (April 2015).
- Safeguarding Your Right to Privacy: Data Security in a Digital World (Feb. 2015).
- The New Frontier in Consumer Protection Law Enforcement: Holding Companies Responsible When Thieves Steal Consumers’ Information (Feb. 2015).
- Cyber Security: Preparing Your Company for a Cyber Attack (Oct. 2014).
- Implications of the SEC’s Increased Focus on Cybersecurity (Aug. 2014).
- An Introduction to Cybercrime (Nov. 2013).