Privacy, Cybersecurity and Data Innovation



Gibson, Dunn & Crutcher’s Privacy, Cybersecurity and Data Innovation Practice Group has a demonstrated history of helping companies successfully navigate the complex and rapidly evolving laws, regulations, and industry best practices relating to privacy, cybersecurity and data innovation.  Our global and interdisciplinary team advises clients across a broad range of industries in high-stakes matters on the full spectrum of issues in these areas.

In the privacy area we have decades of experience with a wide array of counseling, government investigations and litigation.  Our deep roster of lawyers with experience at the highest levels of government is prepared to handle any type of government investigation.  Our elite class action team has successfully litigated scores of issues, including numerous matters of first impression.  Our experience includes advising a broad array of companies large and small, in Silicon Valley, Silicon Alley, and around the world.

We have substantial experience assisting companies with all facets of cybersecurity, including counseling clients through the important steps that must occur immediately after breach situations and navigating the federal and state government investigations and private litigation that increasingly accompany cybersecurity incidents.

With respect to consumer protection, we advise clients on a broad array of issues, including advertising practices, consumer disclosures, and compliance with the myriad laws regulating consumer interactions.  We routinely appear before the U.S. Federal Trade Commission (FTC) and the U.S. Department of Justice (DOJ) on consumer protection matters and have litigated complex consumer protection disputes involving a diverse range of industries.

Our team includes lawyers with significant experience in litigation, government investigations, and corporate matters, many of whom have experience at senior government levels.  The practice group is led in part by a former U.S. Attorney who oversaw prominent high-technology prosecutions, a former Assistant U.S. Attorney with primary responsibility for investigating and prosecuting computer crime and intellectual property cases, and a former senior official at the FTC.  Our team includes numerous other former computer crimes prosecutors, FTC lawyers, senior government officials at the DOJ, and leaders at the European Commission.  Our lawyers are distinguished not only by their substantive capabilities and advocacy skills, but also by their ability to guide clients through major events, deal with all relevant constituencies, and develop and implement a prompt and effective crisis management strategy.

Our litigation and investigations experience includes:

  • Defending companies in regulatory investigations, including FTC and state attorney general investigations
  • Defending companies in class action and other privacy and consumer protection litigation, including that stemming from data breaches
  • Responding to Congressional inquiries related to privacy and cybersecurity

Data breach and crisis management experience includes:

  • Counseling companies, executives and boards of directors on developing and implementing crisis management strategies
  • Coordinating breach notification responses and other regulatory obligations
  • Liaising with federal government, state law enforcement and regulatory officials, and international regulators
  • Assisting companies with prompt and effective media strategies

Counseling and audits experience includes:

  • Counseling related to compliance with federal, state and local laws and regulations governing privacy, social media, data security, online advertising, e-commerce and related issues
  • Overseeing network security, privacy and cybersecurity compliance audits
  • Advising on data compliance strategies and the development of data protection and Internet enforcement compliance programs
  • Conducting assessments of privacy and data security programs

Preparedness and transactional due diligence experience includes:

  • Advising boards of directors and in-house counsel on governance matters, privacy and cybersecurity policies and procedures, risk management frameworks, incident response plans, and best practices related to preparedness
  • Performing privacy and information security due diligence in support of mergers and acquisitions and other corporate transactions
  • Advising on all aspects of technology-, data- and privacy-related corporate transactions
  • Counseling on securities law disclosures
  • Advising on legislative and regulatory developments

Our capabilities are global.  Cybersecurity and privacy are global issues, and Gibson Dunn draws on its international team to seamlessly advise clients on sophisticated multijurisdictional matters.  The practice group includes lawyers in Brussels, London, Paris, Munich, Beijing, Singapore and Hong Kong who are exceptionally knowledgeable not only on relevant data protection and privacy laws at the national level, but are experienced in advising companies on European Union developments and coordinating multinational approaches.


Recent representations include:

  • Serving as lead outside privacy and data security counsel for Facebook.  We advise the company on privacy and data security issues, private litigation matters including class action matters and FTC investigations.  Among many other representations, we represented Facebook in connection with the FTC investigation and enforcement action involving the company’s online privacy practices – described by the FTC as its largest and most significant privacy investigation to date.
  • Representing a leading international e-commerce site in connection with a data breach impacting potentially hundreds of millions of users, and handling related investigations by the FTC, various state attorneys general, and foreign data privacy authorities, as well as detailed forensic analysis and counseling on a range of privacy and cybersecurity issues.
  • Obtained dismissal on behalf of mobile advertising and analytics networks in nationwide U.S. class action alleging that defendants collected and disclosed data and personal information from mobile devices without users’ knowledge and consent, on grounds that plaintiffs lacked Article III standing and failed to state a viable claim.
  • Represented a leading digital media company facing a full-phase FTC investigation relating to compliance with the Children’s Online Privacy and Protection Act (COPPA).  We obtained closure without conditions notwithstanding a recommendation from the FTC staff to pursue an enforcement action.
    Achieved a complete victory for St. Joseph Health System by securing dismissal of a putative data breach class action.  Asserting claims under California’s Confidentiality of Medical Information Act and the common law, including the right to privacy and negligence, plaintiff alleged that St. Joseph had lost possession of the confidential medical information of more than 33,000 patients.  The California Superior Court agreed with Gibson Dunn that plaintiff had not alleged sufficient facts to proceed and dismissed the case.
  • Serving as U.S. coordinating counsel for data security matters for one of the world’s largest global payment technology companies.
    Represented an executive search firm in response to a sophisticated cyber-attack including advanced persistent threat intrusion and extensive exfiltration of sensitive databases.  We counseled the client on investigation of the intrusion, including supervising digital forensics investigation and data security improvements, handled referral of the incident to law enforcement and coordinated breach notification compliance, as well as public relations and SEC disclosure strategy.
  • Worked with a provider of social media services to ensure that all aspects of its user platform complied with the FTC’s revised COPPA guidance.
    Represented one of the world’s largest engineering design firms in response to network intrusion, involving significant employee data breach.  We counseled the client on investigation of the incident, including supervising digital forensics investigation and data security improvements, coordinated breach notification compliance, public relations strategy, and law enforcement interaction.
  • Represented a Fortune 50 retailer in connection with multiple data security issues and related government investigations, including FTC and Secret Service investigations of a massive data breach impacting millions of credit card holders, and succeeded in persuading the FTC to close the nonpublic investigation without taking any action, based on demonstrated proof that our client had acted reasonably at every key juncture, both before and after the breach.


GDPR at 5 – Episode 3 – GDPR Through the U.S. Lens

-December 4, 2023

Top Data Privacy and Cybersecurity Issues to Think About in M&A Deals

-November 14, 2023

Ashlie Beringer, Kristin Linsley and Rosemarie Ring Named Among California’s Women Leaders in Tech Law

-November 2, 2023

The Digital Services Act Reaches the USA

-October 17, 2023

GDPR at 5 – Episode 2 – GDPR Enforcement Actions in Europe

-September 26, 2023

ESG And The Board: Avoiding Risky Business

-September 20, 2023

Gibson Dunn | Europe | Data Protection – Q3 2023

-September 11, 2023

AI in Employment: Privacy Regulation Is Here

-September 8, 2023

Senate Judiciary Committee Seeks Guidance on Effective AI Regulation

-August 25, 2023

Vivek Mohan Named a Top Lawyer Under 40 in Silicon Valley

-August 21, 2023

GDPR at 5 – Episode 1 – Looking Back on the Last Five Years: Improvements and Challenges

-August 8, 2023

New York Department of Financial Services Proposes Updated Second Amendment to Cybersecurity Regulation

-August 3, 2023

SEC Adopts New Rules on Cybersecurity Disclosure for Public Companies

-July 31, 2023

Law360 Names Ashley Rogers a 2023 Cybersecurity & Privacy Rising Star

-July 14, 2023

NYC’s Artificial Intelligence Law: Key Takeaways From Newly Released FAQs

-July 7, 2023

California Superior Court Halts Enforcement of Certain California Privacy Regulations

-July 6, 2023

Gibson Dunn Digital Assets Recent Updates – July 2023

-July 6, 2023

SEC Affirms Intention to Prioritize Adoption of Cybersecurity Rules for Public Companies and Investment Advisers and Funds

-June 30, 2023

Best Lawyers in France 2024 Recognizes 17 Gibson Dunn Attorneys

-June 28, 2023

Law360 Names Five Gibson Dunn Lawyers as 2023 Rising Stars

-June 20, 2023

Jane Horvath Receives Career Achievement Award

-June 14, 2023

“Oversight of AI: Rules for Artificial Intelligence” and “Artificial Intelligence in Government” Hearings

-June 6, 2023

Gibson Dunn Earns 108 Top-Tier Rankings in Chambers USA 2023

-June 1, 2023

Federal Policymakers’ Recent Actions Seek to Regulate AI

-May 19, 2023

Supreme Court Rejects Allegations That Social-Media Companies Did Not Do “Enough” To Block Terrorist Content But Declines To Address Scope Of Section 230

-May 18, 2023

DOJ’s Consumer Protection Branch Releases Second Annual Recent Highlights Report

-May 15, 2023

How to Stay on Top of Cybersecurity Disclosures as SEC Ramps Up Enforcement

-May 9, 2023

The Biden Administration Signals New Direction for Cybersecurity

-April 18, 2023

Gibson Dunn | Europe | Data Protection – Q1 2023

-April 17, 2023

U.S. Privacy Law Update: Iowa Becomes Sixth State to Enact Comprehensive Privacy Law, Other States’ Laws Continue to Develop

-April 13, 2023

FTC’s Latest Proposed Rulemaking Would Impose Significant New Requirements and Risks on Sellers Using Negative Option Offers

-April 12, 2023

Gibson Dunn Adds Of Counsel Christopher Rosina in New York

-March 28, 2023

Webcast: CFIUS and German FDI Review – A Comparative Discussion and Focus on Practical Implications

-March 15, 2023

International Cybersecurity and Data Privacy Outlook and Review – 2023

-February 14, 2023

U.S. Cybersecurity and Data Privacy Outlook and Review – 2023

-January 30, 2023

Gibson Dunn | Europe | Data Protection – Q4 2022

-January 14, 2023

Webcasts: Gibson Dunn’s Annual California MCLE Marathon – 2023

-January 12, 2023

Former Apple Inc. Chief Privacy Officer Jane Horvath Joins Gibson Dunn’s D.C. Office

-January 9, 2023

Omnibus Electric Vehicle Update

-January 5, 2023

New INFORM Consumers Act Imposes Seller Diligence and Disclosure Requirements for Online Marketplaces

-January 5, 2023

FTC Actions Highlight Focus On Cos.’ Cybersecurity Efficacy

-January 5, 2023

Gibson Dunn Ranked Among the 2023 World’s Top Data Practices by GDR

-December 15, 2022

New York Attorney General’s Office Fall Round-Up

-November 15, 2022

New York State Department of Financial Services Revises Cybersecurity Regulation to Include New Requirements

-November 15, 2022

FTC Announces Broader Vision of Its Section 5 Authority to Address Unfair Methods of Competition

-November 14, 2022

Gibson Dunn | Europe | Privacy Cybersecurity Data Innovation – Q3 2022

-October 13, 2022

Euromoney’s Rising Star Awards 2022 Recognizes 16 Gibson Dunn Partners

-October 12, 2022

Gibson Dunn Ranked in The Legal 500 UK 2023

-September 29, 2022

FTC Launches Commercial Surveillance and Data Security Rulemaking, Holds a Public Forum, and Seeks Public Input

-September 27, 2022

Keeping Up With New US Push On Strategic Tech Competition

-September 19, 2022

FTC Launches Commercial Surveillance Rulemaking

-August 17, 2022

Cassandra Gaedt-Sheckter Named to Silicon Valley Business Journal 40 Under 40

-August 15, 2022

New York State Department of Financial Services Meaningfully Rachets Up Cyber Requirements with New Draft Amendments

-August 8, 2022

Insights And Omissions From Calif. Privacy Rules Draft

-July 12, 2022

Cybersecurity and International Trade Lawyer Stephenie Gosnell Handler Joins Gibson Dunn in Washington, D.C.

-July 11, 2022

Gibson Dunn | Europe | Data Protection – Q2 2022

-July 8, 2022

Gibson Dunn Adds Two Technology-Focused Partners, Joel Harrison and Alison Beal, in London

-June 27, 2022

Insights on New California Privacy Law Draft Regulations

-June 15, 2022

FTC Warns EdTech Providers Must Heed Children’s Privacy Rules

-May 27, 2022

New District Court Decision Provides Useful Guidance on Application of Trademark Law to Virtual Goods

-May 20, 2022

The FTC at Full Strength: What to Expect Next

-May 16, 2022

U.S. Privacy Law Update: Connecticut Enacts Comprehensive Privacy Law as Other States’ Laws Continue to Develop

-May 13, 2022

Who’s Who Legal France 2022 Recognizes Gibson Dunn Partners

-May 9, 2022

CFPB Invokes Dormant Dodd-Frank Authority to Regulate Nonbank Financial Companies

-May 5, 2022

Gibson Dunn Ranked in Legal 500 EMEA 2022

-April 12, 2022

Ashlie Beringer Named Among GDR’s Top Women in Data 2022

-April 8, 2022

Gibson Dunn | Europe | Data Protection – Q1 2022

-April 7, 2022

Gibson Dunn Adds Former Federal Trade Commission Chief of Staff Svetlana S. Gans as Partner in Washington, D.C., Bolstering Firm’s Consumer Protection, Privacy and Antitrust Practices

-April 5, 2022

President Biden Signs into Law the Cyber Incident Reporting for Critical Infrastructure Act, Expanding Cyber Reporting Obligations for a Wide Range of Public and Private Entities

-March 22, 2022

U.S. Privacy Law Update: Utah Joins Growing List of States with Comprehensive Privacy Laws as Other States See Potential Changes

-March 11, 2022

SEC Proposes Rules on Cybersecurity Disclosure

-March 11, 2022

The Biden Administration’s Digital Assets Executive Order and Its Implications

-March 10, 2022

California AG’s CCPA Enforcement Priorities Expand to Loyalty Programs

-February 3, 2022

International Cybersecurity and Data Privacy Outlook and Review – 2022

-January 31, 2022

Gibson Dunn | Europe | Data Protection – December 2021 (Part 2)

-January 14, 2022

2021 Year-End German Law Update

-January 13, 2022

Gibson Dunn | Europe | Data Protection – December 2021

-December 22, 2021

Gibson Dunn Ranked Among the 2022 World’s Top Data Practices by GDR

-December 16, 2021

Virginia and Colorado Privacy Update: In 2022, Prepare for New Rules and Possible Privacy Law Amendments

-December 14, 2021

California Privacy Protection Agency Rulemaking Begins and Heightened Privacy Focus Continues

-November 23, 2021

Infrastructure Bill’s New Reporting Requirements May Have Sweeping Implications for Cryptocurrency Ecosystem

-November 18, 2021

Gibson Dunn | Europe | Data Protection – November 2021

-November 16, 2021

Ashley Rogers Named Among Texas Lawyer’s 2021 On the Rise Honorees

-November 12, 2021

UK Supreme Court Overturns Court of Appeal to Disallow Google Data Privacy Class Action

-November 11, 2021

Gibson Dunn Promotes 27 Lawyers to Partnership

-November 4, 2021

Gibson Dunn | Europe | Data Protection – September 2021

-October 20, 2021

Webcast: Economic Espionage and Intellectual Property Theft: Trends and Developments with Threats and Enforcement

-September 23, 2021

China Passes the Personal Information Protection Law, to Take Effect on November 1

-September 10, 2021

Gibson Dunn | Europe | Data Protection – July – August 2021

-September 8, 2021

SEC Settlement Reflects Increasing SEC Focus on Cyber Disclosures

-August 23, 2021

Gibson Dunn | Europe | Data Protection – July 2021

-July 19, 2021

Webcast: Conducting Effective Cybersecurity and Privacy/Data Protection Diligence in M&A Transactions

-July 13, 2021

The Colorado Privacy Act: Enactment of Comprehensive U.S. State Consumer Privacy Laws Continues

-July 9, 2021

Third Circuit Court of Appeals Addresses Federal Trade Secret Standards

-June 24, 2021

Best Lawyers in France 2022 Recognizes 18 Gibson Dunn Attorneys

-June 24, 2021

Ashlie Beringer Named Among Silicon Valley Women of Influence

-June 21, 2021

China Constricts Sharing of In-Country Corporate and Personal Data Through New Legislation

-June 17, 2021

European Commission Adopts New Standard Contractual Clauses for International Data Transfers and Data Processing Agreements

-June 14, 2021

Gibson Dunn | Europe | Data Protection – June 2021

-June 8, 2021

Supreme Court Narrows Scope Of Computer Fraud and Abuse Act, Holding It Does Not Prohibit Accessing Otherwise Available Information For An Improper Purpose

-June 3, 2021

New York Privacy Act Update: Bill Out of Committee, Moves to Full Senate

-May 21, 2021

President Biden Issues Executive Order to Enhance U.S. Cybersecurity in the Wake of Major Cyber Incidents

-May 18, 2021

Gibson Dunn | Europe | Data Protection – May 2021

-May 12, 2021

Second Circuit Seeks to Reconcile Circuit Split Concerning Standing to Bring Data Privacy Lawsuits

-April 30, 2021

Supreme Court Restricts Power Of The Federal Trade Commission To Seek Monetary Relief In Courts

-April 22, 2021

Gibson Dunn | Europe | Data Protection – April 2021

-April 9, 2021

Supreme Court Declines To Extend Telephone Consumer Protection Act’s Coverage Of Automatic Telephone Dialing Systems

-April 1, 2021

California’s Privacy Laws Continue to Take Form: New Regulations for CCPA and Appointment of CPPA Members

-March 19, 2021