Claire M. Gibbs

Claire focuses her practice on privacy and cybersecurity regulatory counseling and investigations, cyber incident response and remediation, and advising clients on privacy and cybersecurity risks in complex corporate transactions and commercial agreements. She is equally adept at working with emerging companies and venture capital funds, as well as some of the world’s largest tech companies. Claire thoughtfully follows developments in generative artificial intelligence (AI), adtech, connected TV, mobility and connected vehicles, the metaverse and other emerging technologies to better serve her clients. She is an International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional for the United States (CIPP/US).

Claire has extensive experience defending tech companies facing investigations by the Federal Trade Commission (FTC), state attorneys general, and other state and federal regulators. Claire also is well versed in guiding clients through the aftermath of data breaches – including working with forensic investigators to evaluate potential breaches, assessing and complying with legal notification requirements, engaging with law enforcement, responding to regulatory inquiries and building litigation defenses. 

Claire advises clients on compliance with a broad range of privacy, data security, and consumer protection laws and standards – including the California Consumer Privacy Act of 2018 (CCPA) and similar comprehensive state privacy laws, Section 5 of the FTC Act, the Children’s Online Privacy Protection Act (COPPA), the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Health Information Portability and Accountability Act (HIPAA), the Telephone Consumer Protection Act (TCPA), the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM), biometric privacy laws, AI laws, and the Payment Card Industry Data Security Standard (PCI DSS), among others. She also counsels US-based companies on international privacy laws, such as the General Data Protection Regulation (GDPR).

In addition, Claire has acted as the privacy and security lead on a large number of acquisitions and investments, and she also regularly helps clients negotiate data-related terms in commercial agreements, including cloud computing agreements, software licensing and software-as-a-service (SaaS) agreements, and professional services and consulting agreements.

Claire has also completed secondments with Google, Meta and Salesforce.

Finally, she maintains an active pro bono practice assisting nonprofits with privacy compliance and screening cases for the Mid-Atlantic Innocence Project.

Speaking engagements:

• Speaker, “A Midyear Update on US State Consumer Privacy Laws,” Cooley Privacy Talks Series, June 13, 2024
• Speaker, “CPRA and US State Privacy Laws: A Mid-Year Update on the Regulations and Compliance Approaches,” Cooley Privacy Talks Series, June 15, 2023
• Speaker, “Stop Tracking Me: Digital Advertising and Privacy,” Association of Corporate Counsel (ACC) 2023 General Counsel Toolkit, New York City, May 10, 2023
• Speaker, “Unpacking the CPRA Regulations and Prioritizing Compliance Efforts,” Cooley c/d/p US Privacy Compliance Journey Series, July 19, 2022
• Speaker, “Overview of Privacy Enforcement Actions in the US and EU,” Cooley Privacy Talks Series, December 7, 2021
• Speaker, “CCPA Enforcement Actions: Year in Review,” ACC NYC Full Day In-House Counsel Toolkit, New York City, November 18, 2021