Regulatory
Privacy, Cybersecurity, and Data Innovation
We empower clients to navigate global privacy, cybersecurity, and data challenges, crafting strategies for informed, risk-based decisions and regulatory engagement that move the business forward amid evolving digital regulations and escalating enforcement.
3X winner of Law360’s “Cybersecurity & Privacy Practice Group of the Year” award
Led by former senior executives at leading global tech companies and former government leaders
Repeated dismissals, trial verdicts and appellate victories in cutting-edge privacy, technology and cybersecurity disputes
#1 Law firm for Investigations
– Global Data Review
Overview
Our Privacy, Cybersecurity, and Data Innovation practice stands out for the remarkable breadth of high-stakes matters we handle around the globe and our detailed understanding of cutting edge technologies.
We deploy a unique platform of former in-house tech executives, cross-disciplinary subject matter experts, and lawyers with experience at the highest level of government to handle our clients’ most challenging regulatory, litigation, and strategic issues.
We advise market leaders, emerging innovators, and disruptors in a wide range of industries on critical product and business strategies, designing strategies to operationalize emerging data privacy regulations, evolve commercial and consumer policies and terms, and design effective information governance. We are on the cutting edge of global regulatory and government investigations focused on data practices, technology platforms and cybersecurity incidents, advocating for our client’s technology and freedom to operate and regularly resolving investigations by the FTC, global data protection authorities, the European Commission, state Attorneys General, CFPB, DFS, and other international regulators without enforcement.
Our team also has an unmatched track record of success in litigation, trials and appeals arising from novel privacy theories, data-driven technologies and platforms, and large-scale cybersecurity events, and we leverage our market leading litigation platform to help our clients negotiate transactions and navigate government scrutiny from a place of strength.
“They are not afraid of very novel situations in the privacy area and can think outside the box, marshaling a sizable privacy team. That's very helpful to clients who operate on a global scale.”
Chambers USA
Experience
Recent representations include:
- Meta: Serving as lead outside privacy and data security counsel for Meta. We advise the company on privacy and data security issues, private litigation matters including class action matters and FTC investigations. Among many other representations, we represented Meta in connection with the FTC investigation and enforcement action involving the company’s online privacy practices – described by the FTC as its largest and most significant privacy investigation to date.
- E-commerce Site: Representing a leading international e-commerce site in connection with a data breach impacting potentially hundreds of millions of users, and handling related investigations by the FTC, various state attorneys general, and foreign data privacy authorities, as well as detailed forensic analysis and counseling on a range of privacy and cybersecurity issues.
- Mobile Advertising and Analytics Networks: Obtained dismissal on behalf of mobile advertising and analytics networks in nationwide U.S. class action alleging that defendants collected and disclosed data and personal information from mobile devices without users’ knowledge and consent, on grounds that plaintiffs lacked Article III standing and failed to state a viable claim.
- Digital Media Co.: Represented a leading digital media company facing a full-phase FTC investigation relating to compliance with the Children’s Online Privacy and Protection Act (COPPA). We obtained closure without conditions notwithstanding a recommendation from the FTC staff to pursue an enforcement action.
- St. Joseph Health System: Achieved a complete victory for St. Joseph Health System by securing dismissal of a putative data breach class action. Asserting claims under California’s Confidentiality of Medical Information Act and the common law, including the right to privacy and negligence, plaintiff alleged that St. Joseph had lost possession of the confidential medical information of more than 33,000 patients. The California Superior Court agreed with Gibson Dunn that plaintiff had not alleged sufficient facts to proceed and dismissed the case.
- Payment Technology Co.: Serving as U.S. coordinating counsel for data security matters for one of the world’s largest global payment technology companies.
- Executive Search Firm: Represented an executive search firm in response to a sophisticated cyber-attack including advanced persistent threat intrusion and extensive exfiltration of sensitive databases. We counseled the client on investigation of the intrusion, including supervising digital forensics investigation and data security improvements, handled referral of the incident to law enforcement and coordinated breach notification compliance, as well as public relations and SEC disclosure strategy.
- Service Provider: Worked with a provider of social media services to ensure that all aspects of its user platform complied with the FTC’s revised COPPA guidance.
- Engineering Design Firm: Represented one of the world’s largest engineering design firms in response to network intrusion, involving significant employee data breach. We counseled the client on investigation of the incident, including supervising digital forensics investigation and data security improvements, coordinated breach notification compliance, public relations strategy, and law enforcement interaction.
- Fortune 50 Retailer: Represented a Fortune 50 retailer in connection with multiple data security issues and related government investigations, including FTC and Secret Service investigations of a massive data breach impacting millions of credit card holders, and succeeded in persuading the FTC to close the nonpublic investigation without taking any action, based on demonstrated proof that our client had acted reasonably at every key juncture, both before and after the breach.
Practice Leaders
News & Insights
Article
Why competition law and data privacy are coming to a crossroads in the Asia-Pacific Region
Client Alert
U.S. Commerce Department Poised to Dramatically Expand Compliance Requirements in Key Technology Sectors
Article
What does the EU Digital Markets Act mean for the tech sector?