Privacy, Cybersecurity and Data Innovation



Gibson, Dunn & Crutcher’s Privacy, Cybersecurity and Data Innovation Practice Group has a demonstrated history of helping companies successfully navigate the complex and rapidly evolving laws, regulations, and industry best practices relating to privacy, cybersecurity and data innovation.  Our global and interdisciplinary team advises clients across a broad range of industries in high-stakes matters on the full spectrum of issues in these areas.

In the privacy area we have decades of experience with a wide array of counseling, government investigations and litigation.  Our deep roster of lawyers with experience at the highest levels of government is prepared to handle any type of government investigation.  Our elite class action team has successfully litigated scores of issues, including numerous matters of first impression.  Our experience includes advising a broad array of companies large and small, in Silicon Valley, Silicon Alley, and around the world.

We have substantial experience assisting companies with all facets of cybersecurity, including counseling clients through the important steps that must occur immediately after breach situations and navigating the federal and state government investigations and private litigation that increasingly accompany cybersecurity incidents.

With respect to consumer protection, we advise clients on a broad array of issues, including advertising practices, consumer disclosures, and compliance with the myriad laws regulating consumer interactions.  We routinely appear before the U.S. Federal Trade Commission (FTC) and the U.S. Department of Justice (DOJ) on consumer protection matters and have litigated complex consumer protection disputes involving a diverse range of industries.

Our team includes lawyers with significant experience in litigation, government investigations, and corporate matters, many of whom have experience at senior government levels.  The practice group is led in part by a former U.S. Attorney who oversaw prominent high-technology prosecutions, a former Assistant U.S. Attorney with primary responsibility for investigating and prosecuting computer crime and intellectual property cases, and a former senior official at the FTC.  Our team includes numerous other former computer crimes prosecutors, FTC lawyers, senior government officials at the DOJ, and leaders at the European Commission.  Our lawyers are distinguished not only by their substantive capabilities and advocacy skills, but also by their ability to guide clients through major events, deal with all relevant constituencies, and develop and implement a prompt and effective crisis management strategy.

Our litigation and investigations experience includes:

  • Defending companies in regulatory investigations, including FTC and state attorney general investigations
  • Defending companies in class action and other privacy and consumer protection litigation, including that stemming from data breaches
  • Responding to Congressional inquiries related to privacy and cybersecurity

Data breach and crisis management experience includes:

  • Counseling companies, executives and boards of directors on developing and implementing crisis management strategies
  • Coordinating breach notification responses and other regulatory obligations
  • Liaising with federal government, state law enforcement and regulatory officials, and international regulators
  • Assisting companies with prompt and effective media strategies

Counseling and audits experience includes:

  • Counseling related to compliance with federal, state and local laws and regulations governing privacy, social media, data security, online advertising, e-commerce and related issues
  • Overseeing network security, privacy and cybersecurity compliance audits
  • Advising on data compliance strategies and the development of data protection and Internet enforcement compliance programs
  • Conducting assessments of privacy and data security programs

Preparedness and transactional due diligence experience includes:

  • Advising boards of directors and in-house counsel on governance matters, privacy and cybersecurity policies and procedures, risk management frameworks, incident response plans, and best practices related to preparedness
  • Performing privacy and information security due diligence in support of mergers and acquisitions and other corporate transactions
  • Advising on all aspects of technology-, data- and privacy-related corporate transactions
  • Counseling on securities law disclosures
  • Advising on legislative and regulatory developments

Our capabilities are global.  Cybersecurity and privacy are global issues, and Gibson Dunn draws on its international team to seamlessly advise clients on sophisticated multijurisdictional matters.  The practice group includes lawyers in Brussels, London, Paris, Munich, Beijing, Singapore and Hong Kong who are exceptionally knowledgeable not only on relevant data protection and privacy laws at the national level, but are experienced in advising companies on European Union developments and coordinating multinational approaches.


Recent representations include:

  • Serving as lead outside privacy and data security counsel for Facebook.  We advise the company on privacy and data security issues, private litigation matters including class action matters and FTC investigations.  Among many other representations, we represented Facebook in connection with the FTC investigation and enforcement action involving the company’s online privacy practices – described by the FTC as its largest and most significant privacy investigation to date.
  • Representing a leading international e-commerce site in connection with a data breach impacting potentially hundreds of millions of users, and handling related investigations by the FTC, various state attorneys general, and foreign data privacy authorities, as well as detailed forensic analysis and counseling on a range of privacy and cybersecurity issues.
  • Obtained dismissal on behalf of mobile advertising and analytics networks in nationwide U.S. class action alleging that defendants collected and disclosed data and personal information from mobile devices without users’ knowledge and consent, on grounds that plaintiffs lacked Article III standing and failed to state a viable claim.
  • Represented a leading digital media company facing a full-phase FTC investigation relating to compliance with the Children’s Online Privacy and Protection Act (COPPA).  We obtained closure without conditions notwithstanding a recommendation from the FTC staff to pursue an enforcement action.
    Achieved a complete victory for St. Joseph Health System by securing dismissal of a putative data breach class action.  Asserting claims under California’s Confidentiality of Medical Information Act and the common law, including the right to privacy and negligence, plaintiff alleged that St. Joseph had lost possession of the confidential medical information of more than 33,000 patients.  The California Superior Court agreed with Gibson Dunn that plaintiff had not alleged sufficient facts to proceed and dismissed the case.
  • Serving as U.S. coordinating counsel for data security matters for one of the world’s largest global payment technology companies.
    Represented an executive search firm in response to a sophisticated cyber-attack including advanced persistent threat intrusion and extensive exfiltration of sensitive databases.  We counseled the client on investigation of the intrusion, including supervising digital forensics investigation and data security improvements, handled referral of the incident to law enforcement and coordinated breach notification compliance, as well as public relations and SEC disclosure strategy.
  • Worked with a provider of social media services to ensure that all aspects of its user platform complied with the FTC’s revised COPPA guidance.
    Represented one of the world’s largest engineering design firms in response to network intrusion, involving significant employee data breach.  We counseled the client on investigation of the incident, including supervising digital forensics investigation and data security improvements, coordinated breach notification compliance, public relations strategy, and law enforcement interaction.
  • Represented a Fortune 50 retailer in connection with multiple data security issues and related government investigations, including FTC and Secret Service investigations of a massive data breach impacting millions of credit card holders, and succeeded in persuading the FTC to close the nonpublic investigation without taking any action, based on demonstrated proof that our client had acted reasonably at every key juncture, both before and after the breach.


Webcast: Economic Espionage and Intellectual Property Theft: Trends and Developments with Threats and Enforcement

-September 23, 2021

China Passes the Personal Information Protection Law, to Take Effect on November 1

-September 10, 2021

Gibson Dunn | Europe | Data Protection – July – August 2021

-September 8, 2021

SEC Settlement Reflects Increasing SEC Focus on Cyber Disclosures

-August 24, 2021

Webcast: Conducting Effective Cybersecurity and Privacy/Data Protection Diligence in M&A Transactions

-July 14, 2021

Gibson Dunn | Europe | Data Protection – July 2021

-July 13, 2021

The Colorado Privacy Act: Enactment of Comprehensive U.S. State Consumer Privacy Laws Continues

-July 9, 2021

Third Circuit Court of Appeals Addresses Federal Trade Secret Standards

-June 24, 2021

Best Lawyers in France 2022 Recognizes 18 Gibson Dunn Attorneys

-June 24, 2021

Ashlie Beringer Named Among Silicon Valley Women of Influence

-June 21, 2021

China Constricts Sharing of In-Country Corporate and Personal Data Through New Legislation

-June 17, 2021

European Commission Adopts New Standard Contractual Clauses for International Data Transfers and Data Processing Agreements

-June 14, 2021

Gibson Dunn | Europe | Data Protection – June 2021

-June 8, 2021

Supreme Court Narrows Scope Of Computer Fraud and Abuse Act, Holding It Does Not Prohibit Accessing Otherwise Available Information For An Improper Purpose

-June 4, 2021

New York Privacy Act Update: Bill Out of Committee, Moves to Full Senate

-May 21, 2021

President Biden Issues Executive Order to Enhance U.S. Cybersecurity in the Wake of Major Cyber Incidents

-May 18, 2021

Gibson Dunn | Europe | Data Protection – May 2021

-May 13, 2021

Second Circuit Seeks to Reconcile Circuit Split Concerning Standing to Bring Data Privacy Lawsuits

-April 30, 2021

Supreme Court Restricts Power Of The Federal Trade Commission To Seek Monetary Relief In Courts

-April 22, 2021

Gibson Dunn | Europe | Data Protection – April 2021

-April 9, 2021

Supreme Court Declines To Extend Telephone Consumer Protection Act’s Coverage Of Automatic Telephone Dialing Systems

-April 2, 2021

California’s Privacy Laws Continue to Take Form: New Regulations for CCPA and Appointment of CPPA Members

-March 20, 2021

Gibson Dunn Ranked Among the World’s Top Data Practices by GDR

-March 16, 2021

Gibson Dunn | Europe | Data Protection – March 2021

-March 10, 2021

Virginia Passes Comprehensive Privacy Law

-March 8, 2021

Webcast: The Stored Communications Act and Trends in Data Privacy: What Companies Need to Know in 2021

-March 3, 2021

New Federal Law for IoT Cybersecurity Requires the Development of Standards and Guidelines Throughout 2021

-February 17, 2021

Ashlie Beringer, Former Deputy Counsel at Facebook, Rejoins Gibson Dunn in Palo Alto

-February 16, 2021

What’s to Come for Cybersecurity in the Biden Era

-February 12, 2021

Gibson Dunn | Europe | Data Protection – February 2021

-February 12, 2021

Prepare For NY Data Privacy Law To Catch Up To Calif.

-February 2, 2021

International Cybersecurity and Data Privacy Outlook and Review – 2021

-February 1, 2021

The Evolution of Privacy Enforcement in California: CPRA and the CA Attorney General’s Office

-January 28, 2021

U.S. Cybersecurity and Data Privacy Outlook and Review – 2021

-January 29, 2021

Webcast: The Impact of the California Privacy Rights Act (CPRA)

-January 22, 2021

2020 Year-End German Law Update

-January 15, 2021

Gibson Dunn | Europe | Data Protection – January 2021

-January 11, 2021

Webcast: Privacy and Consumer Protection Enforcement under the Biden Administration

-January 7, 2021

Federal Regulators Propose Rule Requiring Banking Institutions and Service Providers to Provide Rapid Notification Following Significant Computer-Security Incidents

-January 4, 2021

Data Protection & Privacy Laws: France

-December 23, 2020

Data Protection & Privacy Laws: Belgium

-December 23, 2020

Gibson Dunn | Europe | Data Protection – December 2020

-December 16, 2020

Webcast: Complying with New U.S. and EU Privacy Requirements

-December 16, 2020

Consumer Protection Under the Biden Administration

-December 1, 2020

European Data Protection Board Issues Important New Guidance on Transfers of Personal Data Out of the European Economic Area

-November 25, 2020

Where Data Privacy And CFPB Are Headed Under Biden

-November 24, 2020

Businesses Should Prepare for a New Phase of Privacy Regulation and Enforcement in the United States

-November 20, 2020

Gibson Dunn | Europe | Data Protection – November 2020

-November 5, 2020

Gibson Dunn | Europe | Data Protection – October 2020

-October 6, 2020

The Potential Impact of the Upcoming Voter Initiative, the California Privacy Rights Act

-September 29, 2020

Gibson Dunn | Europe | Data Protection – September 2020

-September 8, 2020

California Approves Final CCPA Regulations, and Bill Extending Key Exemptions Moves Forward at the Legislature

-August 20, 2020

Webcast: Schrems II: What are the implications and viable options for international data transfers?

-August 10, 2020

Gibson Dunn | Europe | Data Protection – August 2020

-August 5, 2020

The Court of Justice of the European Union Strikes Down the Privacy Shield but Upholds the Standard Contractual Clauses under Conditions

-July 17, 2020

U.S. Supreme Court to Weigh FTC Restitution Authority

-July 13, 2020

Gibson Dunn | Europe | Data Protection – July 2020

-July 9, 2020

Supreme Court Upholds TCPA’s Robocall Ban, But Strikes Government-Debt Exception As Unconstitutional Under First Amendment

-July 7, 2020

As California Consumer Privacy Act Enforcement Commences, a Tougher New Data Privacy Law Will Go Before California Voters in November

-July 2, 2020

GDPR Update: French Administrative Supreme Court Upholds 50 Million Euro Fine Against Google LLC

-June 23, 2020

California Consumer Privacy Act Update: Attorney General Finalizes Regulations and Provides Interpretive Guidance

-June 12, 2020

Gibson Dunn | Europe | Data Protection – June 2020

-June 4, 2020

Webcast: Preparing for the California Consumer Privacy Act (CCPA)

-May 26, 2020

Gibson Dunn | Europe | Data Protection – May 2020

-May 4, 2020

Webcast: Returning to Work: Health, Employment, and Privacy Considerations and Constraints as Businesses Resume Post-Quarantine Operations in the U.S.

-May 1, 2020

European Perspective on Tracing Tools in the Context of COVID-19

-April 28, 2020

Supreme Court to Resolve Longstanding Circuit Split Over Scope of Federal Anti-Hacking Statute

-April 23, 2020

Gibson Dunn | Europe | Data Protection – April 2020

-April 9, 2020

The Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security Updates Essential Critical Infrastructure Workforce Guidance

-April 2, 2020

Privacy and Cybersecurity Issues Related to COVID-19

-March 21, 2020

California Consumer Privacy Act Update: Attorney General Proposes Further Revisions to CCPA Regulations

-March 17, 2020

4 Questions That May Signal The End Of TCPA Class Actions

-February 27, 2020

California Consumer Privacy Act Update: Attorney General Proposes Regulations Version 2.0

-February 19, 2020

International Cybersecurity and Data Privacy Outlook and Review – 2020

-January 31, 2020

Ashley Rogers Named to Dallas Business Journal 40 Under 40

-January 30, 2020

Law360 Names Gibson Dunn Among Its 2019 Cybersecurity & Privacy Practice Groups of the Year

-January 28, 2020

U.S. Cybersecurity and Data Privacy Outlook and Review – 2020

-January 27, 2020

Gibson Dunn Named a 2019 Law Firm of the Year

-January 13, 2020

2019 Year-End German Law Update

-January 10, 2020

California Consumer Privacy Act: Compliance Heading into the New Year

-December 14, 2019

Law360 Names Joshua Lipshutz a Cybersecurity MVP

-November 26, 2019

Law360 Names Nine Gibson Dunn Partners as 2019 MVPs

-November 13, 2019

FTC Brings First Case Against Tracking Apps

-November 1, 2019

GDPR: Fining Guidelines Will Increase Exposure in Germany

-October 30, 2019

California Consumer Privacy Act: 2019 Final Amendments Signed

-October 16, 2019

California Consumer Privacy Act Update: Regulatory Update

-October 11, 2019

The Court of Justice of the European Union rules that there is no obligation for Google to carry out de-referencing on non-EU versions of its search engine

-October 2, 2019

Ninth Circuit Issues Decision in Closely Watched Data Scraping Case

-September 17, 2019

Google and YouTube Reach Historic Settlement with FTC and New York AG Over Alleged COPPA Violations

-September 9, 2019

Can GDPR Hinder AI Made in Europe?

-July 16, 2019

Former Special Counsel Prosecutor Zainab Ahmad to Join Gibson Dunn as Partner in New York

-July 10, 2019

Best Lawyers in France 2020 Recognizes 16 Gibson Dunn Attorneys

-July 1, 2019

The EU Introduces a New Sanctions Framework in Response to Cyber-Attack Threats

-June 19, 2019

Should Consumer Data Privacy Laws Apply To The Gov’t?

-June 7, 2019

California Consumer Privacy Act Update — California State Committees Vote on Amendments

-May 1, 2019

Illinois Supreme Court Finds BIPA Violations Actionable, Even With No “Actual Injury”

-January 29, 2019

International Cybersecurity and Data Privacy Outlook and Review – 2019

-January 29, 2019

U.S. Cybersecurity and Data Privacy Outlook and Review – 2019

-January 28, 2019

The French Data Protection Authority Imposes a 50 Million Euros Fine on Google LLC

-January 25, 2019

Law360 Names Gibson Dunn Among Its Cybersecurity & Privacy 2018 Practice Groups of the Year

-January 23, 2019