Privacy, Cybersecurity and Data Innovation



Gibson, Dunn & Crutcher’s Privacy, Cybersecurity and Data Innovation Practice Group has a demonstrated history of helping companies successfully navigate the complex and rapidly evolving laws, regulations, and industry best practices relating to privacy, cybersecurity and data innovation.  Our global and interdisciplinary team advises clients across a broad range of industries in high-stakes matters on the full spectrum of issues in these areas.

In the privacy area we have decades of experience with a wide array of counseling, government investigations and litigation.  Our deep roster of lawyers with experience at the highest levels of government is prepared to handle any type of government investigation.  Our elite class action team has successfully litigated scores of issues, including numerous matters of first impression.  Our experience includes advising a broad array of companies large and small, in Silicon Valley, Silicon Alley, and around the world.

We have substantial experience assisting companies with all facets of cybersecurity, including counseling clients through the important steps that must occur immediately after breach situations and navigating the federal and state government investigations and private litigation that increasingly accompany cybersecurity incidents.

With respect to consumer protection, we advise clients on a broad array of issues, including advertising practices, consumer disclosures, and compliance with the myriad laws regulating consumer interactions.  We routinely appear before the U.S. Federal Trade Commission (FTC) and the U.S. Department of Justice (DOJ) on consumer protection matters and have litigated complex consumer protection disputes involving a diverse range of industries.

Our team includes lawyers with significant experience in litigation, government investigations, and corporate matters, many of whom have experience at senior government levels.  The practice group is led in part by a former U.S. Attorney who oversaw prominent high-technology prosecutions, a former Assistant U.S. Attorney with primary responsibility for investigating and prosecuting computer crime and intellectual property cases, and a former senior official at the FTC.  Our team includes numerous other former computer crimes prosecutors, FTC lawyers, senior government officials at the DOJ, and leaders at the European Commission.  Our lawyers are distinguished not only by their substantive capabilities and advocacy skills, but also by their ability to guide clients through major events, deal with all relevant constituencies, and develop and implement a prompt and effective crisis management strategy.

Our litigation and investigations experience includes:

  • Defending companies in regulatory investigations, including FTC and state attorney general investigations
  • Defending companies in class action and other privacy and consumer protection litigation, including that stemming from data breaches
  • Responding to Congressional inquiries related to privacy and cybersecurity

Data breach and crisis management experience includes:

  • Counseling companies, executives and boards of directors on developing and implementing crisis management strategies
  • Coordinating breach notification responses and other regulatory obligations
  • Liaising with federal government, state law enforcement and regulatory officials, and international regulators
  • Assisting companies with prompt and effective media strategies

Counseling and audits experience includes:

  • Counseling related to compliance with federal, state and local laws and regulations governing privacy, social media, data security, online advertising, e-commerce and related issues
  • Overseeing network security, privacy and cybersecurity compliance audits
  • Advising on data compliance strategies and the development of data protection and Internet enforcement compliance programs
  • Conducting assessments of privacy and data security programs

Preparedness and transactional due diligence experience includes:

  • Advising boards of directors and in-house counsel on governance matters, privacy and cybersecurity policies and procedures, risk management frameworks, incident response plans, and best practices related to preparedness
  • Performing privacy and information security due diligence in support of mergers and acquisitions and other corporate transactions
  • Advising on all aspects of technology-, data- and privacy-related corporate transactions
  • Counseling on securities law disclosures
  • Advising on legislative and regulatory developments

Our capabilities are global.  Cybersecurity and privacy are global issues, and Gibson Dunn draws on its international team to seamlessly advise clients on sophisticated multijurisdictional matters.  The practice group includes lawyers in Brussels, London, Paris, Munich, Beijing, Singapore and Hong Kong who are exceptionally knowledgeable not only on relevant data protection and privacy laws at the national level, but are experienced in advising companies on European Union developments and coordinating multinational approaches.


Recent representations include:

  • Serving as lead outside privacy and data security counsel for Facebook.  We advise the company on privacy and data security issues, private litigation matters including class action matters and FTC investigations.  Among many other representations, we represented Facebook in connection with the FTC investigation and enforcement action involving the company’s online privacy practices – described by the FTC as its largest and most significant privacy investigation to date.
  • Representing a leading international e-commerce site in connection with a data breach impacting potentially hundreds of millions of users, and handling related investigations by the FTC, various state attorneys general, and foreign data privacy authorities, as well as detailed forensic analysis and counseling on a range of privacy and cybersecurity issues.
  • Obtained dismissal on behalf of mobile advertising and analytics networks in nationwide U.S. class action alleging that defendants collected and disclosed data and personal information from mobile devices without users’ knowledge and consent, on grounds that plaintiffs lacked Article III standing and failed to state a viable claim.
  • Represented a leading digital media company facing a full-phase FTC investigation relating to compliance with the Children’s Online Privacy and Protection Act (COPPA).  We obtained closure without conditions notwithstanding a recommendation from the FTC staff to pursue an enforcement action.
    Achieved a complete victory for St. Joseph Health System by securing dismissal of a putative data breach class action.  Asserting claims under California’s Confidentiality of Medical Information Act and the common law, including the right to privacy and negligence, plaintiff alleged that St. Joseph had lost possession of the confidential medical information of more than 33,000 patients.  The California Superior Court agreed with Gibson Dunn that plaintiff had not alleged sufficient facts to proceed and dismissed the case.
  • Serving as U.S. coordinating counsel for data security matters for one of the world’s largest global payment technology companies.
    Represented an executive search firm in response to a sophisticated cyber-attack including advanced persistent threat intrusion and extensive exfiltration of sensitive databases.  We counseled the client on investigation of the intrusion, including supervising digital forensics investigation and data security improvements, handled referral of the incident to law enforcement and coordinated breach notification compliance, as well as public relations and SEC disclosure strategy.
  • Worked with a provider of social media services to ensure that all aspects of its user platform complied with the FTC’s revised COPPA guidance.
    Represented one of the world’s largest engineering design firms in response to network intrusion, involving significant employee data breach.  We counseled the client on investigation of the incident, including supervising digital forensics investigation and data security improvements, coordinated breach notification compliance, public relations strategy, and law enforcement interaction.
  • Represented a Fortune 50 retailer in connection with multiple data security issues and related government investigations, including FTC and Secret Service investigations of a massive data breach impacting millions of credit card holders, and succeeded in persuading the FTC to close the nonpublic investigation without taking any action, based on demonstrated proof that our client had acted reasonably at every key juncture, both before and after the breach.


Why competition law and data privacy are coming to a crossroads in the Asia-Pacific Region

-May 1, 2024

Lawdragon Names 15 Partners Among its 2024 500 Leading Global Cyber Lawyers

-April 26, 2024

What does the EU Digital Markets Act mean for the tech sector?

-April 18, 2024

Gibson Dunn Ranked Among the 2024 World’s Top Data Practices by GDR

-April 12, 2024

Jane Horvath Appointed by U.S. Attorney to Serve as Special Advocate of Data Protection Review Court

-April 11, 2024

U.S. Agencies Issue Pledge to Investigate AI Development and Use

-April 11, 2024

Artificial intelligence and the GDPR

-April 3, 2024

Webcast: M&A Insight: A.I. Issues, Climate Change Disclosures & Warranty Insurance

-March 28, 2024

Gibson Dunn Ranked in Legal 500 EMEA 2024

-March 27, 2024

Stephenie Gosnell Handler Named Among Foreign Investment Watch’s Top Advisors 2024

-March 19, 2024

Lawdragon Names Eleven Partners Among its 2024 100 Leading AI & Legal Tech Advisors

-March 15, 2024

GDPR at 5 – Episode 4 – GDPR and AI

-March 8, 2024

U.S. Commerce Department Poised to Dramatically Expand Compliance Requirements in Key Technology Sectors

-February 29, 2024

International Cybersecurity and Data Privacy Review and Outlook – 2024

-February 16, 2024

Cos. Should Plan Now For Extensive EU Data Act Obligations

-February 1, 2024

U.S. Cybersecurity and Data Privacy Review and Outlook – 2024

-January 29, 2024

Gibson Dunn | Europe | Data Protection – Q4 2023

-January 22, 2024

Webcasts: Gibson Dunn’s Annual California MCLE Blitz – 2024

-January 16, 2024

The EU Data Act, an IoT and Cloud Sector Paradigm Shift, Becomes Reality

-January 8, 2024

New York Department of Financial Services Finalizes Second Amendment to Cybersecurity Regulation

-December 18, 2023

The EU Agrees on a Path Forward for the AI Act

-December 14, 2023

GDPR at 5 – Episode 3 – GDPR Through the U.S. Lens

-December 4, 2023

Top Data Privacy and Cybersecurity Issues to Think About in M&A Deals

-November 14, 2023

Ashlie Beringer, Kristin Linsley and Rosemarie Ring Named Among California’s Women Leaders in Tech Law

-November 2, 2023

The Digital Services Act Reaches the USA

-October 17, 2023

GDPR at 5 – Episode 2 – GDPR Enforcement Actions in Europe

-September 26, 2023

ESG And The Board: Avoiding Risky Business

-September 20, 2023

Gibson Dunn | Europe | Data Protection – Q3 2023

-September 11, 2023

AI in Employment: Privacy Regulation Is Here

-September 8, 2023

Senate Judiciary Committee Seeks Guidance on Effective AI Regulation

-August 25, 2023

Vivek Mohan Named a Top Lawyer Under 40 in Silicon Valley

-August 21, 2023

GDPR at 5 – Episode 1 – Looking Back on the Last Five Years: Improvements and Challenges

-August 8, 2023

New York Department of Financial Services Proposes Updated Second Amendment to Cybersecurity Regulation

-August 3, 2023

SEC Adopts New Rules on Cybersecurity Disclosure for Public Companies

-July 31, 2023

Law360 Names Ashley Rogers a 2023 Cybersecurity & Privacy Rising Star

-July 14, 2023

NYC’s Artificial Intelligence Law: Key Takeaways From Newly Released FAQs

-July 7, 2023

California Superior Court Halts Enforcement of Certain California Privacy Regulations

-July 6, 2023

Gibson Dunn Digital Assets Recent Updates – July 2023

-July 6, 2023

SEC Affirms Intention to Prioritize Adoption of Cybersecurity Rules for Public Companies and Investment Advisers and Funds

-June 30, 2023

Best Lawyers in France 2024 Recognizes 17 Gibson Dunn Attorneys

-June 28, 2023

Law360 Names Five Gibson Dunn Lawyers as 2023 Rising Stars

-June 20, 2023

Jane Horvath Receives Career Achievement Award

-June 14, 2023

“Oversight of AI: Rules for Artificial Intelligence” and “Artificial Intelligence in Government” Hearings

-June 6, 2023

Gibson Dunn Earns 108 Top-Tier Rankings in Chambers USA 2023

-June 1, 2023

Federal Policymakers’ Recent Actions Seek to Regulate AI

-May 19, 2023

Supreme Court Rejects Allegations That Social-Media Companies Did Not Do “Enough” To Block Terrorist Content But Declines To Address Scope Of Section 230

-May 18, 2023

DOJ’s Consumer Protection Branch Releases Second Annual Recent Highlights Report

-May 15, 2023

How to Stay on Top of Cybersecurity Disclosures as SEC Ramps Up Enforcement

-May 9, 2023

The Biden Administration Signals New Direction for Cybersecurity

-April 18, 2023

Gibson Dunn | Europe | Data Protection – Q1 2023

-April 17, 2023

U.S. Privacy Law Update: Iowa Becomes Sixth State to Enact Comprehensive Privacy Law, Other States’ Laws Continue to Develop

-April 13, 2023

FTC’s Latest Proposed Rulemaking Would Impose Significant New Requirements and Risks on Sellers Using Negative Option Offers

-April 12, 2023

Gibson Dunn Adds Of Counsel Christopher Rosina in New York

-March 28, 2023

Webcast: CFIUS and German FDI Review – A Comparative Discussion and Focus on Practical Implications

-March 15, 2023

International Cybersecurity and Data Privacy Outlook and Review – 2023

-February 14, 2023

U.S. Cybersecurity and Data Privacy Outlook and Review – 2023

-January 30, 2023

Gibson Dunn | Europe | Data Protection – Q4 2022

-January 14, 2023

Webcasts: Gibson Dunn’s Annual California MCLE Marathon – 2023

-January 12, 2023

Former Apple Inc. Chief Privacy Officer Jane Horvath Joins Gibson Dunn’s D.C. Office

-January 9, 2023

Omnibus Electric Vehicle Update

-January 5, 2023

New INFORM Consumers Act Imposes Seller Diligence and Disclosure Requirements for Online Marketplaces

-January 5, 2023

FTC Actions Highlight Focus On Cos.’ Cybersecurity Efficacy

-January 5, 2023

Gibson Dunn Ranked Among the 2023 World’s Top Data Practices by GDR

-December 15, 2022

New York Attorney General’s Office Fall Round-Up

-November 15, 2022

New York State Department of Financial Services Revises Cybersecurity Regulation to Include New Requirements

-November 15, 2022

FTC Announces Broader Vision of Its Section 5 Authority to Address Unfair Methods of Competition

-November 14, 2022

Gibson Dunn | Europe | Privacy Cybersecurity Data Innovation – Q3 2022

-October 13, 2022

Euromoney’s Rising Star Awards 2022 Recognizes 16 Gibson Dunn Partners

-October 12, 2022

Gibson Dunn Ranked in The Legal 500 UK 2023

-September 29, 2022

FTC Launches Commercial Surveillance and Data Security Rulemaking, Holds a Public Forum, and Seeks Public Input

-September 27, 2022

Keeping Up With New US Push On Strategic Tech Competition

-September 19, 2022

FTC Launches Commercial Surveillance Rulemaking

-August 17, 2022

Cassandra Gaedt-Sheckter Named to Silicon Valley Business Journal 40 Under 40

-August 15, 2022

New York State Department of Financial Services Meaningfully Rachets Up Cyber Requirements with New Draft Amendments

-August 8, 2022

Insights And Omissions From Calif. Privacy Rules Draft

-July 12, 2022

Cybersecurity and International Trade Lawyer Stephenie Gosnell Handler Joins Gibson Dunn in Washington, D.C.

-July 11, 2022

Gibson Dunn | Europe | Data Protection – Q2 2022

-July 8, 2022

Gibson Dunn Adds Two Technology-Focused Partners, Joel Harrison and Alison Beal, in London

-June 27, 2022

Insights on New California Privacy Law Draft Regulations

-June 15, 2022

FTC Warns EdTech Providers Must Heed Children’s Privacy Rules

-May 27, 2022

New District Court Decision Provides Useful Guidance on Application of Trademark Law to Virtual Goods

-May 20, 2022

The FTC at Full Strength: What to Expect Next

-May 16, 2022

U.S. Privacy Law Update: Connecticut Enacts Comprehensive Privacy Law as Other States’ Laws Continue to Develop

-May 13, 2022

Who’s Who Legal France 2022 Recognizes Gibson Dunn Partners

-May 9, 2022

CFPB Invokes Dormant Dodd-Frank Authority to Regulate Nonbank Financial Companies

-May 5, 2022

Gibson Dunn Ranked in Legal 500 EMEA 2022

-April 12, 2022

Ashlie Beringer Named Among GDR’s Top Women in Data 2022

-April 8, 2022

Gibson Dunn | Europe | Data Protection – Q1 2022

-April 7, 2022

Gibson Dunn Adds Former Federal Trade Commission Chief of Staff Svetlana S. Gans as Partner in Washington, D.C., Bolstering Firm’s Consumer Protection, Privacy and Antitrust Practices

-April 5, 2022

President Biden Signs into Law the Cyber Incident Reporting for Critical Infrastructure Act, Expanding Cyber Reporting Obligations for a Wide Range of Public and Private Entities

-March 22, 2022

U.S. Privacy Law Update: Utah Joins Growing List of States with Comprehensive Privacy Laws as Other States See Potential Changes

-March 11, 2022

SEC Proposes Rules on Cybersecurity Disclosure

-March 11, 2022

The Biden Administration’s Digital Assets Executive Order and Its Implications

-March 10, 2022

California AG’s CCPA Enforcement Priorities Expand to Loyalty Programs

-February 3, 2022

International Cybersecurity and Data Privacy Outlook and Review – 2022

-January 31, 2022

Gibson Dunn | Europe | Data Protection – December 2021 (Part 2)

-January 14, 2022

2021 Year-End German Law Update

-January 13, 2022

Gibson Dunn | Europe | Data Protection – December 2021

-December 22, 2021

Gibson Dunn Ranked Among the 2022 World’s Top Data Practices by GDR

-December 16, 2021

Virginia and Colorado Privacy Update: In 2022, Prepare for New Rules and Possible Privacy Law Amendments

-December 14, 2021

California Privacy Protection Agency Rulemaking Begins and Heightened Privacy Focus Continues

-November 23, 2021

Infrastructure Bill’s New Reporting Requirements May Have Sweeping Implications for Cryptocurrency Ecosystem

-November 18, 2021

Gibson Dunn | Europe | Data Protection – November 2021

-November 16, 2021

Ashley Rogers Named Among Texas Lawyer’s 2021 On the Rise Honorees

-November 12, 2021

UK Supreme Court Overturns Court of Appeal to Disallow Google Data Privacy Class Action

-November 11, 2021

Gibson Dunn Promotes 27 Lawyers to Partnership

-November 4, 2021

Gibson Dunn | Europe | Data Protection – September 2021

-October 20, 2021

Webcast: Economic Espionage and Intellectual Property Theft: Trends and Developments with Threats and Enforcement

-September 23, 2021