Privacy & Data Protection

Cooley's Privacy & Data Protection (PDP) practice provides the full spectrum of counseling and litigation capabilities in privacy, data rights, and cybersecurity. Whether developing a privacy policy, providing due diligence on an M&A transaction, responding to a data breach, guiding a company through a Federal Trade Commission (FTC) inquiry, regulatory investigation or defending a client against a class action or other litigation proceedings, we have the expertise to assist our clients in navigating the increasingly complex landscape of laws and regulatory requirements. Our lawyers advise a broad range of companies on privacy and data protection, from traditional industries like healthcare, telecommunications, and higher education that have evolved with the rapid increase of digitized information to emerging industries such as social media, drones, smart grid technology, and the Internet of Things that are at the forefront of groundbreaking privacy and cybersecurity matters. Our enduring record of assisting leading companies with privacy and data protection matters and our unmatched industry expertise were recognized for the third year in a row and fourth time in five years by Law360, which named Cooley a "Privacy Practice of the Year" in 2015. In addition, The Recorder named Cooley the "Privacy Litigation Department of the Year" in 2015.  

Counseling & Compliance

They "really understand our business and how we work."

Client quote, The Recorder

Cooley's PDP lawyers assist clients with the assessment, revision and development of privacy and cybersecurity policies, compliance with regulatory and industry-specific issues, and legislative monitoring, assessment, and analysis. We also work with clients on cybersecurity audits and liability analysis, cyber insurance evaluation, and employee security training. For clients looking to protect their information assets, our PDP practice provides security process-hardening services to proactively mitigate the legal and business impact of security incidents. We have strong strategic relationships with third-party service providers that we can call on to provide an enhanced range of services to clients when appropriate. These relationships also equip our lawyers with the latest in threat-intelligence monitoring and deep-look, long-term strategic data protection forecasting, ensuring that our clients are well-positioned to protect against and prepare for potential breaches.


Our PDP lawyers provide tailored advice and guidance on addressing a key source of security and critical IP vulnerabilities: a company's dealings with suppliers, customers, and other business partners. Our lawyers have experience in performing transactional review and analysis, including contractual privacy and data protection assessment. We also perform due diligence during M&A and other transactions, negotiate technology license agreements, and provide support on other transactions, including those with cyber and cross-border components. We regularly advise clients on joint development agreements, supply-chain security, critical technology transfers to foreign outsourced contractors, and modernization of trade-secret protection programs.


Cooley PDP lawyers are well-versed in the regulatory and sector-specific issues touching the security concerns of our clients, particularly those in heavily regulated industries such as healthcare (e.g., HIPAA), financial services (e.g., GLBA, FCA), telecommunications, national security, and higher education (e.g., FERPA). We follow the latest trends in compliance, including revisions to the Payment Card Industry (PCI) security standards, the latest draft of the NIST Framework, and SEC reporting requirements. We frequently analyze client exposure related to the FTC and issues associated with consumer information. We offer clients guidance on regulatory actions and have represented companies in investigations and inquiries by the FTC, HHS, state Attorneys General,  European Union Data Protection Authorities and UK financial regulators.

Pre-litigation Counseling

We offer a broad range of pre-litigation counseling, including evaluation of potential claims, assessment of liability risks, preparation and implementation of subpoena response policies, contract dispute evaluation and counseling, and advising on appropriate responses to regulatory activities. We work with each of our clients to provide practical, cost-effective counseling that is tailored to the client's specific legal and business objectives. While our PDP team includes skilled litigators who repeatedly win judgments in favor of our clients, we also recognize that sometimes avoiding litigation can be the most desirable outcome for a particular client in light of the client's particular interests and circumstances.

Incident Response and Data Breach Counseling

Cooley PDP lawyers have substantial experience leading both small and large incident response efforts and advising companies - including those in the online, retail, technology, and life sciences fields - that have experienced data breaches or other data security incidents. We also have developed an internal toolkit that further allows us to respond quickly and efficiently to data incidents on behalf of clients. The toolkit includes response roadmaps, notice templates for communicating with individuals and regulatory agencies in all 50 states, the UK and EU and client-specific statements of work under existing Cooley agreements with forensic, remediation, and crisis PR firms. For incidents that trigger regulatory investigations or class action litigation, we put together the right team with the appropriate experience to handle all aspects of the client's problem, and we take a collaborative approach to developing solutions in the most strategically sound, practical, and cost-effective manner.

Privacy & Data Protection Litigation

Cooley PDP litigators have handled a wide array of cases involving privacy and data security issues, including class actions and government investigations and enforcement actions. We have represented a broad range of companies whose innovative technologies and business models often raise novel legal issues in the area of privacy and data security and which, in some instances, challenge the fundamental definition of privacy in the age of information, interconnectedness, and social media. Our litigators have handled several of the leading cases dealing with these novel issues. We understand the importance of not only knowing and applying the law, but shaping it in a way that better enables our clients to develop and deploy value-maximizing business strategies. We work closely with our clients to obtain favorable resolutions as early and as efficiently as possible under the circumstances of each unique case, whether by obtaining dismissals, defeating class certification motions, negotiating favorable settlements, or litigating cases through trial and appeal.

Key Facts

  • 50+ lawyers specializing in counseling and litigation involving wide array of privacy and data security issues in the context of e-commerce, online, mobile, and health technologies
  • Team includes former Commissioner for the Commission on Cyber Security for the 44th Presidency, Certified Information System Security Professionals (CISSPs), and Certified Information Privacy Professionals (CIPPs)
  • 24 x 7 incident response team
  • Strong third-party strategic relationships that allow us to provide a full suite of privacy and data protection services in U.S., UK and EU
  • Established relationships with crisis PR firms
  • Packaged pricing options to drive efficiency and effectiveness
  • In past few years, defended clients against more than 50 class actions around the country that asserted a variety of claims and theories under federal and state laws, often involving parallel engagement with government regulators
  • Won 25+ motions to dismiss in privacy and data security class actions in past five years
  • Frequent contributors on privacy and information security subjects at leading industry seminars and in local international media


  • Named one of Law360's Practice Groups of the Year in 2015, 2014, 2013 and 2011
  • Named the Privacy Litigation Department of the Year by The Recorder in 2015
  • Ranked as a leading Privacy & Data Security practice by Chambers USA (2015 - 2016) and shortlisted for Privacy & Data Security Team of the Year (2015)
  • Ranked as a leading Data Protection & Privacy practice (2012 – 2016) and a leading Cyber Law practice (2016) by The Legal 500 US 
  • Recognized by The Daily Journal as one of five "fresh and interesting practices" in 2011
  • Team includes a five-time Law360 MVP in the category of Privacy (2011-2015) and a leader in Privacy & Data Security in the 2007 - 2016 editions of Chambers USA

Related Practices

Practice Group of the Year

Cooley's Privacy & Data Protection practice is named a "Privacy Practice Group of the Year" by Law360 for the third year in a row and fourth time in five years. Read more.

Department of the Year

Cooley's Privacy & Data Protection practice was recognized as a 2015 "Litigation Department of the Year" by The Recorder. Read more.

24x7 Incident Response

In the event of a suspected data incident, members of Cooley's data incident and breach response team can be reached at 844-476-1248.

©2003-2016 Cooley LLP and Cooley (UK) LLP. All rights reserved.
COOLEY® and the COOLEY LLP® logo are registered U.S. service marks of Cooley LLP.
Cooley was founded in 1920 – for our story, visit our timeline.