- Find a Lawyer
- /
- United States
- /
- Privacy and Data Security Law
Find Lawyers in America for Privacy and Data Security Law
Practice Area Overview
Most privacy laws outside the United States are “omnibus privacy laws” that protect all types of personal data. These laws specify permitted uses of personal data and establish the conditions under which it is legitimate and lawful to process it. They are often supplemented by sectoral laws, for example for the protection of health care data.
The United States, on the other hand, does not yet have a national law that protects all categories of personal data, and instead has opted for a sectoral approach. It relies on a patchwork of state and federal laws that regulate some – but not all – categories of personal data. These laws tend to create limits on what can be done with the personal data collected, but there is little limitation on what can be collected. In most cases, all uses of personal data are permitted unless a law or regulation specifically prohibits them. In addition, the Federal Trade Commission and State Attorneys General play a significant role in defining acceptable practices.
Data privacy cannot exist without keeping data secure. Adequate security measures are necessary to protect the authenticity, confidentiality and integrity of information. Measures designed to provide data security are generally grouped in three categories: physical security measures, administrative security measures, and technical security measures. Data security laws tend to require companies to implement appropriate security safeguards. In addition, an increasing number of countries are adopting security breach disclosure laws that require entities to notify government agencies and the affected individuals, when a breach of security has caused the theft or unauthorized disclosure of personal data.
Attorneys working in the field of privacy and data security law help companies navigate the often-complex requirements of privacy and data security laws. They advise companies on a wide range of privacy and data security measures, assisting companies in ensuring that their data collection and processing practices, data transfer procedures, privacy policies, and marketing activities are compliant with the relevant domestic, international, privacy, and data security regulations and laws.
Select a location from the list below to find the best legal talent for your needs.
State
Ian Ballon is an intellectual property and Internet litigator who represents clients in copyright, DMCA, trademark, trade secret, right of publicity, privacy, security, software, database and Internet disputes and in the defense of data privacy, behavioral advertising and other Internet-related class action suits. Mr. Ballon, who splits his time between the firm's Silicon Valley and LA offices, is the author of the four-volume legal treatise, E-Commerce and Internet Law: Treatise With Forms 2...
A former chief of staff at the FTC’s Bureau of Consumer Protection, Kathleen Benway helps clients develop practical strategies for compliance with applicable state, federal, and global consumer protection and privacy laws. Kathleen’s experience makes her uniquely positioned to represent clients before the Federal Trade Commission (FTC) and other government agencies. She has over 12 years of senior-level experience with the FTC, including chief of staff to three directors of the Bu...
Elizabeth Boone advises clients on business transactions and compliance matters domestically and internationally, including contract negotiation, establishment and maintenance of legal entities, establishment of terms and conditions for the sale of goods, privacy compliance matters, employment matters and real estate transactions. She also has assisted with private entity mergers, acquisitions and divestitures in various industries with purchase prices in varying ranges, including a deal valu...
Kristy McAlister Brown is co-chair of the firm's Litigation & Trial Practice Group and leads the firm’s Privacy and Cybersecurity Litigation Practice Team. Ms. Brown focuses her practice on complex commercial litigation, with an emphasis on class actions and privacy and cyber litigation. She has defended putative class actions across the country and has a strong track record of defeating class certification—both at the trial and appellate levels. Ms. Brown is an experienced pr...
I have practiced in the promotions and privacy areas for over twenty-six (26) years. Given the plethora of data privacy issues implicated by so many advertising campaigns and my clients’ fascination with emerging technologies, I have been fortunate enough to develop a secondary focus on data privacy and security, both in the context of advertising campaigns and as a stand-alone practice area. I have earned and maintain the following designations from the International Association of Pri...
Teresa Meinders Burkett was born in Okarche, Oklahoma, and grew up in Norman, graduating from Norman High School in 1977. After graduating from OU's College of Nursing, she worked weekend night shifts as a critical care nurse and attended OU's College of Law during the day. She joined Boone Smith Davis Hurst & Dickman upon graduation from law school and built a successful health law practice there. In 2007, she joined Conner & Winters, LLP, founding and now co-directing the health law...
David Carpenter regularly advises clients, including Fortune 500 companies, on all aspects of commercial litigation from individual disputes to major consumer class actions. He helps his clients find cost-effective solutions as an alternative to trial whenever possible. He concentrates his practice in general business and commercial litigation, with special focus on consumer and privacy class action defense, business torts and contract disputes. David has served as lead counsel and assisted i...
Mary T. Costigan is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. She holds a Certified Information Privacy Professional/US designation from the International Association of Privacy Professionals (iapp). Mary advises multinational, national, and regional companies on emerging privacy and cybersecurity issues, including the broad and growing array of mandates, best practices, and preventive safeguards. In particular, she focuses on advising and assisting clients...
Erin Nealy Cox, the former United States Attorney for the Northern District of Texas, is a trial lawyer who represents corporations, boards of directors, and executives involved in complex multi-jurisdictional disputes and high-stakes investigations. As a partner in the Firm’s Dallas and Washington, D.C., offices, she is a member of the Firm’s Government, Regulatory & Internal Investigations Practice Group. Erin has a broad practice focused on matters arising from alleged viol...
Maki DePalo is a client advocate and a problem solver who leverages more than a decade of technical leadership and international business experience as an integral component of her law practice. She advises clients on global data privacy, cybersecurity, California Consumer Privacy Act of 2018 (CCPA) compliance programs, incident preparedness initiatives, and technology transactions, enabling businesses to successfully navigate new challenges in an ever-evolving digital landscape. Maki’s...
Jason Epstein is a business attorney and a partner in the Nashville and New York office. Mr. Epstein is the co-head of the Technology and Procurement Industry Group for the Firm. Mr. Epstein and the technology team provide legal services to buyers and sellers of technology both domestically and internationally in various industries, from Fintech and HealthIT to auto and manufacturing. Mr. Epstein has experience in business and technology negotiations from both the vendor and buyer perspective...
Jason C. Gavejian is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and co-leader of the firm’s Privacy, Data and Cybersecurity practice group. Jason is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals. As a Certified Information Privacy Professional (CIPP/US), Jason focuses on the matrix of laws governing privacy, security, and management of data. Jason is co-editor of, and a regular c...
Kamal Ghali is a co-founder of Chaiken Ghali LLP, a former federal prosecutor, and a top-ranked business litigation and government investigations attorney. Over the last eighteen years, Mr. Ghali has handled some of the biggest criminal and civil cases in the country, including high-profile white collar criminal fraud investigations and trials; high-stakes business disputes involving racketeering (RICO) and fraud allegations in state and federal court; and a range of international cybersecuri...
Daniel F. Gottlieb counsels a wide range of healthcare industry clients, including healthcare providers, health plans, health information technology vendors, life sciences companies and data aggregators. He is sought out for his legal knowledge and practical approach on data protection, interoperability, and complex data and software licensing transactions, collaborations and strategic initiatives. Read full biography: https://www.mwe.com/people/gottlieb-daniel-f/
Jim is a partner in the Technology and Privacy Group and co-chairs the firm’s Privacy & Security task force and the firm’s Cybersecurity Preparedness & Response Team . Jim’s practice involves board-level and enterprise-wide issues at the intersection of global cybersecurity, privacy, technology and data initiatives. Given his decades-long experience in the technology space, Jim was one of the first lawyers in the United States to focus on the criticality of privacy a...
Judd Harwood focuses his practice on general and nonprofit corporate transactions and healthcare regulatory issues. Judd represents a wide range of healthcare clients in connection with mergers and acquisitions, joint ventures and physician alignment strategies, corporate reorganizations, private securities offerings, corporate governance, employment and independent contractor relationships and general corporate matters. His clients include health systems, hospitals and related healthcare fac...
Elizabeth ("Bess") Hinson is a privacy and cybersecurity attorney in Holland & Knight's Atlanta office. Ms. Hinson focuses her practice on cyber and data risk management and governance, breach preparedness and response, crisis management and global data privacy compliance. Ms. Hinson represents clients at all stages of incident response from investigation, notification, remediation, managing privacy class action risks, and defense of litigation and regulatory inquiry. She regularly counse...
Kelly represents hospitals, physicians, payors, and companies in the health care sector in complex litigation. In addition, Kelly regularly counsels health care providers, including FQHCs, alcohol and drug agencies, mental health providers and physicians; technology vendors; and other businesses on corporate compliance standards, best practices and corporate governance matters, and on the potential collateral consequences of business decisions. She routinely advises boards and helps board com...
David Keating focuses his practice on matters involving technology and data. David is one of the co-leaders of the Privacy & Data Security Practice at Alston & Bird. He has advised clients on privacy and security issues arising along the entire data lifecycle for more than 15 years. He assists clients with compliance strategies, policy development and implementation, data monetization and data use analyses, new product development, privacy and security issues in transactions, and priv...
Brian J. Lamoureux is a Partner with Pannone Lopes Devereaux & O’Gara LLC and a member of the firm’s Litigation, Employment, Cyber Law and Corporate & Business teams. He is also Assistant Professor of Practice (Business Law) at Providence College, his alma mater. His extensive practice areas include complex commercial litigation, employment law, construction law, social media law, and creditors’ rights. In addition to being an accomplished business litigator, he is a...
Amy S. Leopard is a partner in our Health Care practice and co-chairs our Privacy and Information Security Team. She practices business law and advises a diverse array of clients in health care and technology industries. Amy is a valued business advisor in corporate matters involving health care and information technology law. She provides trusted counsel to health care providers, entrepreneurs, and service providers on licensing, payment, regulatory compliance, privacy and technology issues....
Kevin Levy is a business, corporate and technology attorney. For over a decade, Kevin has represented global technology companies, as well as local entrepreneurial ventures. He has extensive experience providing strategic counseling and negotiating transactions for both U.S. and foreign-based clients. Kevin is frequently interviewed by the media on current business and technology law issues and trends, and he has received awards for his business and technology law practice from The Best Lawye...
Prior to joining Barnes & Thornburg, Brian served as in-house counsel to an intellectual property consulting and investigations firm where he advised Fortune 1000 corporations on complex IP, anti-counterfeiting, and brand protection strategies. Brian is a member of the International Association of Privacy Professionals (IAPP) and serves as Subcommittee Chair for the inaugural Data Protection Committee of the International Trademark Association (INTA). He has been appointed to the Terralex...
Mehmet Munur is a Partner at Tsibouris & Associates, LLC. He concentrates his practice in the areas of technology, information privacy and security, and financial services regulation. Mehmet works on contracts for internet-based services, including drafting and negotiating software licenses or Software-as-a-Service ("SaaS") agreements, terms of use, privacy policies and other technology agreements. Mehmet regularly advises clients on technology outsourcing agreements, servicing, financing...
Dan Murphy’s practice has focused exclusively on healthcare transactional and regulatory matters for the past decade. He has represented all types and sizes of healthcare providers, from publicly-traded national hospital, dialysis, and ambulatory surgery center companies, to independent surgery centers and pharmacies, physician practices, and individual physicians. In representing providers, Dan brings a holistic view to healthcare deals and compliance issues that incorporates an unders...
Jeffrey G. Muth has been practicing law since 2000 and is chair of the firm's Privacy and Data Security practice. His practice involves complex commercial litigation and corporate counseling with a niche in insurance coverage. In addition, he is experienced in alternate dispute resolution including arbitration and mediation. Mr. Muth attended and completed the Program on Negotiation at Harvard Law School “Mediating Disputes.” He is also an approved mediator for the United States D...
A former DOJ cybercrime prosecutor and former director of PwC’s cyber forensics group, Kim delivers top of the line cyber risk management and information security counsel to her clients. As co-leader of our Privacy, Cyber & Data Strategy Team and National Security & Digital Crimes Team, Kim is recognized by select publications and is frequently quoted by the media. Kim Peretti is co-leader of the Privacy, Cyber & Data Strategy Team and National Security & Digital Crimes ...
Steven Richard is a highly experienced trial and appellate lawyer who handles complex commercial, employment and higher education cases throughout the federal and state courts of Rhode Island, Massachusetts and Connecticut. Steve is especially active in the Rhode Island Federal District Court, where he serves as the Chair of its Local Rules Committee. What do you focus on? I handle a broad array of commercial, civil rights and higher education cases, using more than 20 years of pretrial and c...
Stephanie M. Rippee is admitted to the Mississippi and Tennessee Bars. For more than 20 years she has sought to creatively and efficiently resolve legal matters for clients. Her practice focuses on commercial litigation and product liability litigation. She is a recognized public speaker and author and has been selected by Mid-South Super Lawyers as one of the Top 50 Lawyers in Mississippi.
Michelle Schaap practices cybersecurity and corporate law. Within corporate law, she primarily practices in construction, franchising and renewable energy – representing a varied client base that ranges from Fortune 500 companies to closely-held businesses. Cybersecurity Combining her technology and corporate experience, Michelle has spearheaded and developed CSG’s cybersecurity practice. She regularly advises clients on cybersecurity preparedness, counsels clients when data secur...
Our Methodology
Recognition by Best Lawyers is based entirely on peer review. Our methodology is designed to capture, as accurately as possible, the consensus opinion of leading lawyers about the professional abilities of their colleagues within the same geographical area and legal practice area.
The Process
Best Lawyers employs a sophisticated, conscientious, rational, and transparent survey process designed to elicit meaningful and substantive evaluations of the quality of legal services. Our belief has always been that the quality of a peer review survey is directly related to the quality of the voters.