Data, Privacy, and Cybersecurity
-
Visit wsgrdataadvisor.com—Your Source for Privacy, Cybersecurity, and Data Protection Insights
Wilson Sonsini’s Data Advisor is your source for privacy news and insights—brought to you by our global data, privacy, and cybersecurity team. Visit wsgrdataadvisor.com and subscribe to stay connected.
-
A Team Anchored by Former Senior Regulatory Agency Officials
Wilson Sonsini's team is led by former senior officials who served in the FTC's Bureau of Consumer Protection, the DOJ's National Security Division, DHS, NSA, and other regulatory agencies.
-
A Recognized and Highly Ranked Practice
Wilson Sonsini's data, privacy, and cybersecurity practice is consistently recognized by well-known ranking authorities such as Global Data Review’s 20 Elite, Law360, Chambers USA, Chambers Global, Chambers Europe, and Legal 500.
-
A multinational team advising on all privacy and data protection issues globally
Our lawyers are qualified in multiple jurisdictions and work on a daily basis with a network of local counsel in 85+ countries. We can provide high-level global strategic advice or assist with detailed privacy issues in any country, interfacing with local counsel on your behalf.
As the premier legal advisor to technology, life sciences, and growth enterprises worldwide, Wilson Sonsini Goodrich & Rosati is at the forefront of data, privacy, and cybersecurity law in the U.S. and throughout the world. Our cross-disciplinary team of highly experienced professionals helps companies navigate the complex and ever-changing set of laws, regulations, and industry standards that govern the collection, storage, and use of information.
Who We Are
Our data, privacy, and cybersecurity team includes former senior officials who served in the Federal Trade Commission’s Bureau of Consumer Protection and the Department of Homeland Security. The team also includes some of the nation's leading litigators and veteran trial attorneys who have litigated complex data disputes involving novel issues of law. Rounding out the team are compliance and transactional attorneys, as well as legislative and regulatory strategists.
Our data, privacy, and cybersecurity practice is consistently recognized by well-known ranking authorities such as Global Data Review’s 20 Elite, Law360, Chambers USA, Chambers Global, Chambers Europe, and Legal 500. The team’s attorneys are individually cited for excellence and other accomplishments in these publications, and they are frequent speakers at major conferences on key developments in data, privacy, and cybersecurity.
What We Do
Wilson Sonsini’s data, privacy, and cybersecurity team advises companies of all sizes—from start-ups to industry leaders—on issues arising from the collection, use, maintenance, and security of data. Our comprehensive scope of practice includes helping clients manage government investigations and enforcement actions, and assisting them during crisis situations resulting from security breach incidents. The team’s litigators represent clients in complex, multi-jurisdictional privacy disputes and class action litigation.
The firm’s data, privacy, and cybersecurity practice is a global practice. With practitioners based in key markets in the U.S., the European Union, and the UK, Wilson Sonsini advises clients on all U.S. federal, state, European, and UK privacy laws, including:
- Children's Online Privacy Protection Act (COPPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- U.S. data breach notification laws
- U.S. state privacy laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifier Act (CUBI), Colorado Privacy Act (ColoPA), and the Virginia Consumer Data Protection Act (VCDPA)
- General Data Protection Regulation (GDPR)
- Revised European e-Privacy Directive
- Fair Credit Reporting Act (FCRA)
- Gramm-Leach-Bliley Act (GLBA)
- Electronic Communication Privacy Act (ECPA)
- Video Privacy Protection Act (VPPA)
- Upcoming legislations in the EU and their interactions with the GDPR, including the draft e-Privacy Regulation, the draft regulation on AI, and the draft Digital Market and Digital Services Acts
Because a large percentage of Wilson Sonsini’s clients are technology and life sciences companies, our team is skilled at addressing unique issues that arise when privacy matters intersect with innovation and data. For example, our attorneys help clients apply best practices toward implementing effective privacy programs online, offline, on mobile devices, and throughout their enterprises; advise them on when and how to comply with self-regulatory programs governing online advertising; and guide them on how to develop compliant marketing and promotional communications using new media.
We help our clients determine and implement their most effective GDPR compliance program, ranging from data mapping, data protection impact assessment, privacy policies, cookies compliance, and handling of data subjects’ rights to detailed, cutting-edge, and novel GDPR compliance issues. We have unmatched experience designing data transfer strategies. We advise regularly on data transfer impact assessment, the use of EU standard contractual clauses, Code of Conduct, the use of derogations, and the approval of binding corporate rules (BCRs). In addition, we assist clients in reconciling the demands of EU data protection law with conflicting legal obligations.
In short, Wilson Sonsini’s data, privacy, and cybersecurity practice is a valued asset because clients can leverage our unique combination of an experienced team led by skilled practitioners and former agency veterans and a comprehensive global legal practice that fully covers a company’s privacy and cybersecurity needs.
As the premier legal advisor to technology, life sciences, and growth enterprises worldwide, Wilson Sonsini Goodrich & Rosati is at the forefront of data, privacy, and cybersecurity law in the U.S. and throughout the world. Our cross-disciplinary team of highly experienced professionals helps companies navigate the complex and ever-changing set of laws, regulations, and industry standards that govern the collection, storage, and use of information.
Who We Are
Our data, privacy, and cybersecurity team includes former senior officials who served in the Federal Trade Commission’s Bureau of Consumer Protection and the Department of Homeland Security. The team also includes some of the nation's leading litigators and veteran trial attorneys who have litigated complex data disputes involving novel issues of law. Rounding out the team are compliance and transactional attorneys, as well as legislative and regulatory strategists.
Our data, privacy, and cybersecurity practice is consistently recognized by well-known ranking authorities such as Global Data Review’s 20 Elite, Law360, Chambers USA, Chambers Global, Chambers Europe, and Legal 500. The team’s attorneys are individually cited for excellence and other accomplishments in these publications, and they are frequent speakers at major conferences on key developments in data, privacy, and cybersecurity.
What We Do
Wilson Sonsini’s data, privacy, and cybersecurity team advises companies of all sizes—from start-ups to industry leaders—on issues arising from the collection, use, maintenance, and security of data. Our comprehensive scope of practice includes helping clients manage government investigations and enforcement actions, and assisting them during crisis situations resulting from security breach incidents. The team’s litigators represent clients in complex, multi-jurisdictional privacy disputes and class action litigation.
The firm’s data, privacy, and cybersecurity practice is a global practice. With practitioners based in key markets in the U.S., the European Union, and the UK, Wilson Sonsini advises clients on all U.S. federal, state, European, and UK privacy laws, including:
- Children's Online Privacy Protection Act (COPPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- U.S. data breach notification laws
- U.S. state privacy laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifier Act (CUBI), Colorado Privacy Act (ColoPA), and the Virginia Consumer Data Protection Act (VCDPA)
- General Data Protection Regulation (GDPR)
- Revised European e-Privacy Directive
- Fair Credit Reporting Act (FCRA)
- Gramm-Leach-Bliley Act (GLBA)
- Electronic Communication Privacy Act (ECPA)
- Video Privacy Protection Act (VPPA)
- Upcoming legislations in the EU and their interactions with the GDPR, including the draft e-Privacy Regulation, the draft regulation on AI, and the draft Digital Market and Digital Services Acts
Because a large percentage of Wilson Sonsini’s clients are technology and life sciences companies, our team is skilled at addressing unique issues that arise when privacy matters intersect with innovation and data. For example, our attorneys help clients apply best practices toward implementing effective privacy programs online, offline, on mobile devices, and throughout their enterprises; advise them on when and how to comply with self-regulatory programs governing online advertising; and guide them on how to develop compliant marketing and promotional communications using new media.
We help our clients determine and implement their most effective GDPR compliance program, ranging from data mapping, data protection impact assessment, privacy policies, cookies compliance, and handling of data subjects’ rights to detailed, cutting-edge, and novel GDPR compliance issues. We have unmatched experience designing data transfer strategies. We advise regularly on data transfer impact assessment, the use of EU standard contractual clauses, Code of Conduct, the use of derogations, and the approval of binding corporate rules (BCRs). In addition, we assist clients in reconciling the demands of EU data protection law with conflicting legal obligations.
In short, Wilson Sonsini’s data, privacy, and cybersecurity practice is a valued asset because clients can leverage our unique combination of an experienced team led by skilled practitioners and former agency veterans and a comprehensive global legal practice that fully covers a company’s privacy and cybersecurity needs.
and vote on various proposed California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, automated decision-making technology (e.g., artificial intelligence (AI)), privacy risk assessments, and a wide assortment of other updates to existing CCPA regulations; data broker registration regulations; and the development of the Delete Request and Opt-Out Platform (DROP) required by the Delete Act. The CPPA Board also voted to approve settlements with two data brokers for allegedly failing to register and pay an annual fee as required by the Delete Act.
and vote on various proposed California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, automated decision-making technology (e.g., artificial intelligence (AI)), privacy risk assessments, and a wide assortment of other updates to existing CCPA regulations; data broker registration regulations; and the development of the Delete Request and Opt-Out Platform (DROP) required by the Delete Act. The CPPA Board also voted to approve settlements with two data brokers for allegedly failing to register and pay an annual fee as required by the Delete Act.
Dale's litigation expertise ranges from commercial disputes to government investigations and class actions.
Dale's litigation expertise ranges from commercial disputes to government investigations and class actions.
Wilson Sonsini assists companies facing government investigations that are often triggered by high-profile privacy incidents, novel business practices, and data breaches. We advise clients facing inquiries from key U.S. enforcement agencies, including the FTC, FCC, FBI, DOJ, and SEC; the Secret Service and other Department of Homeland Security offices and agencies; members of the Intelligence Community; and state and local agencies, including investigations led by state attorneys general. We have represented clients at every stage of an investigation, from advising on informal regulatory inquiries to managing and resolving complex, bet-the-company investigations.
We have particular expertise in representing companies facing government investigations into children’s privacy, advertising, and data security practices. For example, we have represented companies in the most significant COPPA and GDPR enforcement actions brought by the FTC and EU data protection authorities, respectively, positioning Wilson Sonsini as a leader on children’s privacy issues. We have a track record of obtaining favorable outcomes for our clients and resolving investigations without enforcement action. We also have deep experience in crafting thoughtful and effective responses to security breaches—for both business and legal purposes.
Our global practice scope and international experience allow us to help clients manage multi-jurisdictional challenges, including privacy inquiries by EU Data Protection Authorities. Our practitioners in Brussels and London assist clients with investigative matters originating from government entities throughout Europe and the UK, including inquiries involving the European Data Protection Authorities and the European Data Protection Board.
Wilson Sonsini assists companies facing government investigations that are often triggered by high-profile privacy incidents, novel business practices, and data breaches. We advise clients facing inquiries from key U.S. enforcement agencies, including the FTC, FCC, FBI, DOJ, and SEC; the Secret Service and other Department of Homeland Security offices and agencies; members of the Intelligence Community; and state and local agencies, including investigations led by state attorneys general. We have represented clients at every stage of an investigation, from advising on informal regulatory inquiries to managing and resolving complex, bet-the-company investigations.
We have particular expertise in representing companies facing government investigations into children’s privacy, advertising, and data security practices. For example, we have represented companies in the most significant COPPA and GDPR enforcement actions brought by the FTC and EU data protection authorities, respectively, positioning Wilson Sonsini as a leader on children’s privacy issues. We have a track record of obtaining favorable outcomes for our clients and resolving investigations without enforcement action. We also have deep experience in crafting thoughtful and effective responses to security breaches—for both business and legal purposes.
Our global practice scope and international experience allow us to help clients manage multi-jurisdictional challenges, including privacy inquiries by EU Data Protection Authorities. Our practitioners in Brussels and London assist clients with investigative matters originating from government entities throughout Europe and the UK, including inquiries involving the European Data Protection Authorities and the European Data Protection Board.
Wilson Sonsini’s team provides practical advice on how clients at every stage can collect, use, protect, and share data while remaining in compliance with privacy laws. We counsel clients in a wide range of industries on cutting-edge technologies. We have particular expertise in advising companies on compliance with COPPA, TCPA, CCPA, state biometric privacy laws, GDPR, the e-Privacy Directive, data localization laws, and advertising laws and regulations, such as the FTC’s Endorsement Guides.
In addition, our team advises clients on measures that demonstrate responsible stewardship of data and reduce the risk of regulatory and legal exposure. Examples of preventative measures we assist clients with include helping them:
- create, enhance, and audit privacy policies and programs;
- develop and implement global compliance programs; and
- establish sound and efficient information governance programs.
Wilson Sonsini’s team provides practical advice on how clients at every stage can collect, use, protect, and share data while remaining in compliance with privacy laws. We counsel clients in a wide range of industries on cutting-edge technologies. We have particular expertise in advising companies on compliance with COPPA, TCPA, CCPA, state biometric privacy laws, GDPR, the e-Privacy Directive, data localization laws, and advertising laws and regulations, such as the FTC’s Endorsement Guides.
In addition, our team advises clients on measures that demonstrate responsible stewardship of data and reduce the risk of regulatory and legal exposure. Examples of preventative measures we assist clients with include helping them:
- create, enhance, and audit privacy policies and programs;
- develop and implement global compliance programs; and
- establish sound and efficient information governance programs.
Our cybersecurity team counsels clients on how to minimize cyber risks and respond to cyber threats and attacks. We help develop incident response plans, policies, and procedures required by various laws and regulations, as well as conduct incident response testing. We manage forensic and internal investigations related to security incidents, including the submission of regulatory notifications across all 50 states and three territories, as well as the submission of notifications under the General Data Protection Regulation (GDPR). This includes advising companies when their systems, products, or employees may have been targeted for cyber exploitation by foreign state actors.
We also advise our clients on the full range of issues that arise when the government seeks user data or customer information, or attempts to compel one of our clients to directly assist in the government's efforts to conduct intelligence and law enforcement operations. We have expertise in dealing with:
- requests for information under the Foreign Intelligence Surveillance Act (FISA);
- National Security Letters (NSLs);
- issues under the Wiretap and Stored Communications Acts; and
- other search warrants and subpoenas from federal, state, and local intelligence and law enforcement authorities.
In addition, we assist clients involved in cutting-edge research and development that require specialized counsel to help them navigate the national security issues associated with innovation in a global economy.
Our cybersecurity team counsels clients on how to minimize cyber risks and respond to cyber threats and attacks. We help develop incident response plans, policies, and procedures required by various laws and regulations, as well as conduct incident response testing. We manage forensic and internal investigations related to security incidents, including the submission of regulatory notifications across all 50 states and three territories, as well as the submission of notifications under the General Data Protection Regulation (GDPR). This includes advising companies when their systems, products, or employees may have been targeted for cyber exploitation by foreign state actors.
We also advise our clients on the full range of issues that arise when the government seeks user data or customer information, or attempts to compel one of our clients to directly assist in the government's efforts to conduct intelligence and law enforcement operations. We have expertise in dealing with:
- requests for information under the Foreign Intelligence Surveillance Act (FISA);
- National Security Letters (NSLs);
- issues under the Wiretap and Stored Communications Acts; and
- other search warrants and subpoenas from federal, state, and local intelligence and law enforcement authorities.
In addition, we assist clients involved in cutting-edge research and development that require specialized counsel to help them navigate the national security issues associated with innovation in a global economy.
Our data, privacy, and cybersecurity team advises clients on the privacy and data security issues that arise in transactional matters. Our experience includes:
- representing companies in high-stakes mergers, acquisitions, and asset dispositions in which data is a key asset and where data transfers raise sensitive, complex, and often novel privacy issues;
- representing financial institutions and other companies in IPOs and other financial offerings involving companies whose business models entail collecting, processing, and disclosing user data; and
- assisting companies of all sizes in negotiating licensing, outsourcing, services, and other commercial transactions, including advising on privacy and data-security-related risks and obligations relating to the use, processing, security, and monetization of consumer data.
Our transactional attorneys’ combination of experience and understanding of prevailing norms enables them to provide responsive and practical advice while keeping our clients' business objectives in mind.
Our data, privacy, and cybersecurity team advises clients on the privacy and data security issues that arise in transactional matters. Our experience includes:
- representing companies in high-stakes mergers, acquisitions, and asset dispositions in which data is a key asset and where data transfers raise sensitive, complex, and often novel privacy issues;
- representing financial institutions and other companies in IPOs and other financial offerings involving companies whose business models entail collecting, processing, and disclosing user data; and
- assisting companies of all sizes in negotiating licensing, outsourcing, services, and other commercial transactions, including advising on privacy and data-security-related risks and obligations relating to the use, processing, security, and monetization of consumer data.
Our transactional attorneys’ combination of experience and understanding of prevailing norms enables them to provide responsive and practical advice while keeping our clients' business objectives in mind.
Wilson Sonsini’s litigation attorneys have successfully defended our clients since the privacy litigation trend arose through their effective, creative advocacy on behalf of companies ranging from innovative start-ups to market-leading technology companies. Our litigation team has consistently achieved favorable resolutions on behalf of clients in precedent-setting victories in privacy and internet law disputes, and the firm’s attorneys have consistently been involved in the most complex and novel privacy cases—especially considering Wilson Sonsini’s longtime nexus to innovative, disruptive technology companies.
Our team has decades of experience defending litigation from the earliest stages of class actions, including cases involving allegations of the improper tracking of user behavior online and on mobile devices. We have also represented companies in litigation involving claims under COPPA, the Computer Fraud and Abuse Act (CFAA), the VPPA, TCPA, BIPA, and other state privacy laws. We work with local counsel across the UK and the European Union to assist our clients in complex privacy litigations before national courts, as well as before the Court of Justice of the European Union.
Wilson Sonsini’s litigation attorneys have successfully defended our clients since the privacy litigation trend arose through their effective, creative advocacy on behalf of companies ranging from innovative start-ups to market-leading technology companies. Our litigation team has consistently achieved favorable resolutions on behalf of clients in precedent-setting victories in privacy and internet law disputes, and the firm’s attorneys have consistently been involved in the most complex and novel privacy cases—especially considering Wilson Sonsini’s longtime nexus to innovative, disruptive technology companies.
Our team has decades of experience defending litigation from the earliest stages of class actions, including cases involving allegations of the improper tracking of user behavior online and on mobile devices. We have also represented companies in litigation involving claims under COPPA, the Computer Fraud and Abuse Act (CFAA), the VPPA, TCPA, BIPA, and other state privacy laws. We work with local counsel across the UK and the European Union to assist our clients in complex privacy litigations before national courts, as well as before the Court of Justice of the European Union.
and vote on various proposed California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, automated decision-making technology (e.g., artificial intelligence (AI)), privacy risk assessments, and a wide assortment of other updates to existing CCPA regulations; data broker registration regulations; and the development of the Delete Request and Opt-Out Platform (DROP) required by the Delete Act. The CPPA Board also voted to approve settlements with two data brokers for allegedly failing to register and pay an annual fee as required by the Delete Act.
- Privacy Policy
- Terms of Use
- Accessibility