Travis LeBlanc

Travis co-chairs Cooley’s global cyber/data/privacy practice. He is a top authority on cybersecurity, data privacy, telecommunications, and the regulation of emerging and innovative technologies. Drawing on his broad experience in federal and state government, he helps clients manage regulatory and litigation risk, as well as strategically respond to data breaches, cyberattacks, nation-state attacks, dissemination of stolen data, misinformation campaigns and government enforcement efforts, including those by the Federal Trade Commission (FTC), Federal Communications Commission (FCC) and state attorneys general. Travis has served on the US Privacy and Civil Liberties Oversight Board (PCLOB) since his 2019 presidential nomination and unanimous Senate confirmation as a board member on the independent agency tasked with ensuring that the government’s efforts to protect the US from terrorism appropriately safeguard privacy and civil liberties.

In addition to advising boards of directors and senior corporate officers on crisis management, internal investigations, information governance and national security matters, Travis counsels clients on antitrust investigations, telecommunications strategies and regulatory enforcement responses. The respect and skills Travis has earned during his career have translated into appointments across the political spectrum, including his selection by the US Department of Commerce and the European Commission to serve as an arbitrator for the EU-US Privacy Shield Framework.

With his broad understanding of technology, media and telecommunications, as well as his senior government experience at the national and state levels, Travis is uniquely positioned to advise and represent clients in litigation on a range of data privacy, cybersecurity and information management issues, including data breaches, class actions and government enforcement actions. Travis has assisted clients with federal and state telecommunications needs, including FCC proceedings and regulations and merger reviews. He has worked with Congress and other regulatory agencies on behalf of clients and advocated for emerging and established technology companies before regulatory bodies. He also has worked closely with senior officials at other federal, state and international agencies, including the FTC, US Securities and Exchange Commission (SEC), Consumer Financial Protection Bureau (CFPB), Department of Justice (DOJ), all 50 state attorneys general, and data protection authorities (DPAs) across the globe. His deep understanding of the regulatory and legal landscapes helps Travis strategically respond to and favorably resolve government inquiries and legal disputes.

As former chief of the FCC’s Enforcement Bureau during the Obama administration, Travis spearheaded hundreds of enforcement actions involving consumer issues, such as false advertising and the Telephone Consumer Protection Act (TCPA), unfair competition, regulatory compliance, and fraud, waste and abuse of government programs. Travis previously served as a senior advisor to former California Attorney General Kamala Harris and as special assistant attorney general of California, where he oversaw the state’s complex policy and litigation in areas including technology regulation, high-tech crime, cybersecurity, privacy, intellectual property, antitrust, healthcare, telecommunications and human trafficking. Before this high-profile California role, he served during the Obama administration as an attorney in the DOJ’s Office of Legal Counsel, which advises the president, attorney general and executive branch agencies on the constitutionality and legality of US government programs and activities.

Travis’ background and leadership roles, as well as his practice at leading law firms, have translated into advising clients – both nationally and globally – on responding to and finding solutions for novel local, state, federal and cross-border issues. He also has represented companies, boards, startups, CEOs, executives and other prominent individuals in a diverse array of complex and bet-the-company civil litigation, government investigations and advisory matters.

Travis’ recent representative experience:

FTC investigations

• Represented a fintech company and its founders in an FTC investigation related to negative options and the Restore Online Shoppers’ Confidence Act (ROSCA)
• Represented an edtech company in an FTC investigation related to negative options and ROSCA
• Represented an edtech company in an FTC enforcement investigation related to an administrative order violation
• Represented a high-profile celebrity in connection with the FTC’s compliance guidelines for social media influencers
• Represented Tapjoy in an FTC investigation of mobile advertising practices in connection with virtual rewards
• Represented an online dating application in an FTC and state attorney general investigation relating to privacy and data security
• Represented a videoconferencing service provider in FTC, state attorneys general and international regulatory investigations concerning the company’s privacy and security practices
• Represented a top on-demand mobile application company in an FTC investigation involving a data breach
• Defended a leading customer engagement platform against an FTC and Washington attorney general investigation into the company’s policies and practices related to Apple’s App Tracking Transparency framework and compliance with Children’s Online Privacy Protection Act (COPPA) requirements

State attorney general investigations

• Represented clients in state attorney general investigations related to privacy, security and competition in all 50 states
• Represented a social media company in a state attorney general investigation of children’s privacy in relation to COPPA
• Represented a multichannel video programming distributor in connection with a multistate antitrust merger review by 20 state attorneys general
• Represented a fintech company in connection with a California attorney general investigation of data privacy and security practices
• Represented an online gaming company in connection with a California attorney general investigation of online gambling
• Represented a smart TV manufacturer in a California attorney general California Consumer Privacy Act (CCPA) investigation
• Represented a location sharing app in a DC attorney general investigation

Privacy and data breach litigation

• Represented numerous companies in connection with California Invasion of Privacy Act (CIPA) demands, class action litigation and mass arbitrations
• Represented a California tech company in a privacy class action involving physical surveillance
• Defended Chegg in mass arbitration litigation arising from a 2018 data breach impacting 40 million users
• Defended FabFitFun in a class action lawsuit arising from a breach of credential and payment card information
• Secured a full dismissal for Google in a putative class action lawsuit asserting that Google’s Cloud Contact Center AI technology (CCAI) violates CIPA
• Defended against numerous mass arbitration claims involving privacy and cybersecurity
• Represented Marsh McLennan in a class action lawsuit filed in the US District Court for the Southern District of New York arising out of a cyberattack
• Represented a prominent global business figure in a national security investigation and litigation arising from a nation-state cyberattack and resulting misinformation campaign
• Defended a data analytics company against a putative class action resulting from an exposure of millions of voter records by a cybersecurity researcher, successfully securing the lawsuit’s dismissal
• Represented an artificial intelligence communications intelligence platform in privacy class actions in state and federal courts in California
• Defended a top pharma manufacturer in a data breach class action

Data privacy counseling

• Served as general privacy and security counsel to a leading tech company that innovates in the areas of education, science, justice and opportunity
• Advised numerous public and private companies on data privacy compliance and transactional risk
• Advised a dozen public and private companies on CIPA risk mitigation measures
• Advised a global ecommerce platform on compliance with the DOJ’s bulk US sensitive data rule

Cyber preparedness

• Advised the board and senior officers of Foot Locker on cyber preparedness
• Served as outside counsel to the cyber risk committee of a major public company
• Represented a major global law firm as outside cybersecurity counsel
• Counseled public company clients on the SEC’s cybersecurity guidelines and proposed rules

Incident response

• Represented the State Bar of California in connection with a high-profile data breach
• Represented a multinational tech company in connection with a cyberattack, ransom negotiations and global notifications
• Represented a major defense contractor in response to a former employee who exfiltrated a large amount of financial data outside the company
• Counseled numerous clients through data breaches, ransomware events, business email compromises and other cyberattacks

Platform enforcement 

• Represented DraftKings in litigation seeking to unmask and punish parties linked to a distributed denial-of-service (DDoS) attack on its website
• Represented Facebook and WhatsApp in a lawsuit against Israeli cyber-intelligence firm NSO Group alleging that NSO exploited a vulnerability in the encrypted messaging app to infect more than 1,400 phones with malware
• Represented an online real estate technology company in litigation seeking to identify parties that unlawfully distributed the company’s confidential information
• Advised a gig economy online delivery service in an investigation of users who were cheating to secure in-demand assignments
• Represented Prodege in John Doe litigation against an anonymous individual harassing Prodege employees online

Cryptocurrency and blockchain

• Defended Coinbase in class action litigation arising from an online sweepstakes related to cryptocurrency
• Defended a high-profile celebrity in a class action involving the promotion of cryptocurrency through social media
• Represented a major crypto wallet in connection with one of the largest thefts of digital assets

FCC regulatory and enforcement

• Represented a major cloud services provider in FTC, FCC and two state attorney general investigations related to one of the largest cyberattacks in history
• Represented CaptionCall and its parent company, Sorenson Communications, a leading language services provider, in an FCC enforcement investigation alleging unlawful retention of phone call content beyond the duration of a call and submission of inaccurate information to the Telecommunications Relay Service (TRS) Fund administrator
• Supported several clients in responding to and defending against TCPA demands
• Represented T-Mobile before a state attorney general and public utilities commissions in its merger with Sprint
• Represented a global light-emitting diode (LED) manufacturer in an FCC enforcement investigation
• Represented a counter-unmanned aerial systems manufacturer company in an FCC regulatory investigation
• Represented a broadcasting company in a financing dispute with another broadcaster and a financial institution

Publications and presentations

• Speaker, “Navigate Digital Risk Index: Geopolitics and Tech Sovereignty,” IAPP Navigate: Digital Policy Leadership Retreat, June 26, 2025
• Guest speaker, “Data, Democracy and Freedom with Travis LeBlanc,” The Office of the Data Protection Authority Conference, June 17, 2025
• Moderator, “AI Governance: Navigating Risk, IP and Privacy in 2025,” L-Suite AI Conference 2025, June 12, 2025
• Moderator, “Right to Transparent, Free, Unbiased and Pluralistic Information,” Privacy Symposium, May 14, 2025
• Speaker, “FTC Enforcement Trends: How to Respond When the FTC Comes Calling,” RSA Conference, April 29, 2025
• Panelist, “Independent Agencies,“ Center for American Progress event, April 23, 2025
• Speaker, “General Session Introduction,” IAPP Global Privacy Summit 2025, April 23, 2025
• Moderator, “Cybersecurity and National Security,” Incident Response Forum Masterclass 2025, April 22, 2025
• Panelist, “Deep Dive – FTC Enforcement Trends: How to Respond When the FTC Comes Calling,” IAPP Global Privacy Summit 2025, April 22, 2025
• Speaker, “Keynote: Avoiding the AI Wild West,” Cybersecurity & Privacy Protection Conference 2025, April 10, 2025
• Moderator, “The Enforcer,” American Bar Association 2025 Representing Your Local Broadcaster, April 6, 2025
• Speaker, “Cyber Threats, Geopolitics and Business Resilience: The Board’s Playbook,” National Association of Corporate Directors (NACD) Cyber Panel, March 18, 2025
• Speaker, “Keynote Fireside Chat,” GW Journal of Law and Technology (JOLT) Symposium on the Future of AI and Surveillance, February 21, 2025
• Moderator, “What’s Hot in the USA,” International Bar Association’s 6th Silicon Hills Conference, The Tech Epicentre Of Texas: From Start-Up To Exit, February 13, 2025
• Speaker, “Fireside Chat with Travis LeBlanc,” State of the Net 25, February 11, 2025
• Speaker, “Hot Issues in Class Certification, Decertification and Administration,” PLI: Advanced Data Privacy, Cybersecurity and TCPA Class Action Litigation 2025, January 23, 2025
• Moderator, “Regulatory Developments in AI,” Berkeley Fall Forum on Corporate Governance, November 12, 2024
• Panelist, “Think Like a Regulator in 2025 and Beyond,” Microsoft CELA Summit, October 15, 2024
• Panelist, “Data Breaches Readiness – Proactive Strategies to Safeguard Your Company,” The L Suite webinar, October 8, 2024
• Moderator, “Closing General Session on Digital Governance,” IAPP Privacy. Security. Risk. 2024, September 24, 2024
• Speaker, “Fireside Chat – The Enforcement Bureau at 25: A Panel and Reception,” September 19, 2024
• Speaker, “FCC Enforcement Bureau Reform,” Going Global webinar, September 17, 2024
• Speaker, “UK-US Data Bridge: Lessons From the First 8 Months,” Privacy Laws and Business webinar, July 16, 2024
• Panelist, “The Privacy and Civil Liberties Oversight Board (PCLOB) AI Forum,” Virtual PCLOB Forum, July 10, 2024
• Panelist, “Digital Entropy: (Re)Structuring Regulatory Governance,” IAPP Leadership Retreat 2024, June 26, 2024
• Panelist, “Internet Governance and Risks for Freedom, Neutrality and Fragmentation,” Privacy Symposium, June 12, 2024
• Panelist, “Democratic Oversight of Privacy and Government Access to Personal Data,” Privacy Symposium, June 10, 2024
• Panelist, “GDPR Anniversary: 10 Things You Should Know About Last Year and What’s Coming Up Next Year,” Privacy Talks Series webinar, May 16, 2024
• Moderator, “Leveraging GenAI for Inclusive AI,” NYSE AAPI Bell Celebration, May 10, 2024
• Speaker, “Litigation in Privacy and Data Security,” 25th Annual Institute on Privacy and Cybersecurity Law, May 7, 2024
• Panelist, “Incident Response: State of Play,“ Incident Response Forum Masterclass 2024, April 18, 2024
• Speaker, “Navigating Privacy: Balancing Innovation With Data Protection,” 2024 TechGC FinTech Offsite, April 17, 2024
• Moderator “A Conversation With CPPA Executive Director Ashkan Soltani,” IAPP Global Privacy Summit, April 3, 2024
• Speaker, “Xchange Session: Cybersecurity Disclosure,” SVDX, January 23, 2024
• Speaker, “Data Privacy Day and 2024 Predictions,” IAPP LinkedIn Live, January 22, 2024
• Speaker, The PCLOB on FISA Section 702, “The Lawfare Podcast,” October 17, 2023
• Speaker, The PCLOB Report on 702, The Volokh Conspiracy’s “Cyberlaw Podcast,” October 16, 2023
• Speaker, The SEC’s Final Cybersecurity Rules Roundtable: What You Need To Do, Cooley event, September 20, 2023
• Panelist, From DPO to Data Ethics Officer, Don’t Fall Behind!, IAPP Asia Privacy Forum, July 20, 2023
• Moderator, “Artificial Intelligence and Society,” American Law Institute 2023 Annual Meeting, May 22, 2023
• Panelist, Litigation in Privacy and Data Security, Practising Law Institute 24th Annual Institute on Privacy and Cybersecurity Law, May 8, 2023
• Panelist, Regulatory Spotlight: SEC, Incident Response Forum Masterclass, April 20, 2023
• Panelist, Cross Border Data Woes: US-EU Data Privacy Framework Update, Interactive Advertising Bureau (IAB) Public Policy & Legal Summit, April 3, 2023
• Speaker, FISA Section 702, “The Lawfare Podcast,” March 24, 2023
• Speaker, Fireside chat, State of the Net Conference, March 6, 2023
• Panelist, Ransomware Attacks Before and After: Preparation, Governance, Training and Remediation, Incident Response Forum Ransomware, January 12, 2023
• Panelist, Analyzing the EU-US Data Privacy Framework – Expert Panel, SPOKES Virtual Privacy Conference Winter, December 14, 2022
• Panelist, The CPPA: Shaping the Nation’s Privacy Laws, Cybersecurity and Data Protection, September 13, 2022
• Panelist, Closing Session and Privacy Predictions for 2023, SPOKES Privacy Technology Conference Summer 2022, June 23, 2022
• Speaker, Virtual DC Fly-In fireside chat, IAB event, June 15, 2022
• Panelist, GDPR Four Years on the Road: The 10 Key Developments You Should Know, Cooley Privacy Talks series, June 7, 2022
• Speaker, 2022 Fintech Forum, June 7, 2022
• Panelist, Incident Response Panel: Ransomware Attacks, Incident Response Forum Masterclass 2022, April 21, 2022
• Speaker, Stanford Cybersecurity Law: A View From the Front Lines, Stanford Cyber Policy Center session, April 7, 2022
• Panelist, Finding Your Flow as a Global Organization: Avoiding Pitfalls and Navigating the Dynamic Environment of International Expansion, TechGC 2022 DeputyGC National Summit, March 17, 2022
• Panelist, The Colonial Pipeline Data Breach – A Case Study, American Bar Association Criminal Justice Section’s 37th National Institute on White Collar Crime, March 3, 2022
• Panelist, Privacy Best Practices and Recent Regulatory Developments, World Bank Data Privacy Day 2022 virtual event, January 27, 2022
• Panelist, Ransomware 2.0: Responding to Exfiltration/Name and Shame, Incident Response Forum Ransomware, January 13, 2022
• Panelist, Wading Through State Privacy Compliance: From CPRA and Beyond, 45th Annual IP Institute: Shifting Tides – Intellectual Property in a Changing World, California Lawyers Association, November 9, 2021
• Panelist, National Security and Privacy: Recent Developments and Emerging Challenges, SPOKES Privacy Conference Summer 2021, June 29, 2021
• Panelist, GDPR Three Years on the Road: 10 Key Developments, GDPR Turns Three – Myths and Must-Haves, Cooley virtual event, May 25, 2021
• Panelist, Incident Response – State of Play, Incident Response Forum Masterclass, April 8, 2021
• Speaker, International Data Flows Post Schrems-II: What to Expect and What to Forget, Trustarc Privacy Risk Summit, March 10, 2021
• Speaker, “CyberWire Daily” (The CyberWire Podcast), November 2, 2020
• Panelist, Systematic Bias: AI as Cause and Cure, American Bar Association Section of Science & Technology Law Artificial Intelligence and Robotics National Institute, October 7, 2020
• Panelist, National Security and Incident Response, Incident Response Forum Europe 2020, September 24, 2020
• Speaker, CCPA Enforcement: Enter the AG (summit session keynote panel), IAPP Summit 2020, July 9, 2020
• Panelist, Back to the Future of Online Data Privacy, KnowIt: Intellectual Property in a Digital World, May 11, 2020
• Speaker, Incident Response Forum, April 14, 2020
• Panelist, International Data Flows Post Schrems-II: What to Expect and What to Forget, TrustArc Privacy Risk Summit, March 10, 2020
• Speaker, Incident Response Forum West 2020, January 30, 2020

Recognitions

• Chambers USA: Privacy & Data Security
• The Legal 500 US: Dispute Resolution – General Commercial Disputes
• The Legal 500 US: Telecoms and Broadcast – Regulatory and Transactions
• Cybersecurity Docket: Incident Response 50 (list of the 50 best and brightest data breach response lawyers)
• The Daily Journal: Top Cyber Lawyer
• The Daily Journal: Top 100 Lawyers in California
• The National Law Journal: Cybersecurity & Data Privacy Trailblazer
• Law360: MVP of the Year – Cybersecurity & Privacy 
• Washingtonian: Tech Titan

Government service

• US Privacy and Civil Liberties Oversight Board (PCLOB), board member
• EU-US Privacy Shield Framework, arbitrator
• FCC Enforcement Bureau, chief
• California Department of Justice, special assistant attorney general
• US DOJ’s Office of Legal Counsel, attorney advisor
• US Court of Appeals for the Ninth Circuit, appellate lawyer representative 

Clerkships

• Judge Stephen Reinhardt, US Court of Appeals for the Ninth Circuit