Travis LeBlanc

Travis co-chairs Cooley’s global cyber/data/privacy practice. He is a top authority on cybersecurity, data privacy, telecommunications, and the regulation of emerging and innovative technologies. Drawing on his broad experience in federal and state government, he helps clients manage regulatory and litigation risk, as well as strategically respond to data breaches, cyberattacks, nation-state attacks, dissemination of stolen data, misinformation campaigns and government enforcement efforts, including those by the Federal Trade Commission (FTC), Federal Communications Commission (FCC) and state attorneys general.

In addition to advising boards of directors and senior corporate officers on crisis management, internal investigations, information governance and national security matters, Travis counsels clients on antitrust investigations, telecommunications strategies and regulatory enforcement responses. The respect and skills Travis has earned during his career have translated into appointments across the political spectrum, including his selection by the US Department of Commerce and the European Commission to serve as an arbitrator for the EU-US Privacy Shield Framework and his unanimous US Senate confirmation to the US Privacy and Civil Liberties Oversight Board.

With his broad understanding of technology, media and telecommunications, as well as his senior government experience at the national and state levels, Travis is uniquely positioned to advise and represent clients in litigation on a range of data privacy, cybersecurity and information management issues, including data breaches, class actions and government enforcement actions. Travis has assisted clients with federal and state telecommunications needs, including FCC proceedings and regulations and merger reviews. He has worked with Congress and other regulatory agencies on behalf of clients and advocated for emerging and established technology companies before regulatory bodies. He also has worked closely with senior officials at other federal, state and international agencies, including the FTC, US Securities and Exchange Commission (SEC), Consumer Financial Protection Bureau (CFPB), Department of Justice (DOJ), all 50 state attorneys general, and data protection authorities (DPAs) across the globe. His deep understanding of the regulatory and legal landscapes helps Travis strategically respond to and favorably resolve government inquiries and legal disputes.

Travis currently serves on the US Privacy and Civil Liberties Oversight Board (PCLOB), a position he has held since 2019 after being nominated by then-President Donald Trump and confirmed by the Senate. Travis was renominated to the board by President Joseph Biden in 2022. Travis is the only former chief of the FCC’s Enforcement Bureau in privacy practice. As former chief of the FCC’s Enforcement Bureau during the Obama administration, Travis spearheaded hundreds of enforcement actions involving consumer issues, such as false advertising and the Telephone Consumer Protection Act (TCPA), unfair competition, regulatory compliance, and fraud, waste and abuse of government programs.

Travis previously served as a senior adviser to former California Attorney General (now Vice President) Kamala Harris and as special assistant attorney general of California, where he oversaw the state’s complex policy and litigation in areas including technology regulation, high-tech crime, cybersecurity, privacy, intellectual property, antitrust, healthcare, telecommunications and human trafficking. Before this high-profile California role, he served during the Obama administration as an attorney in the DOJ’s Office of Legal Counsel, which advises the president, attorney general and executive branch agencies on the constitutionality and legality of US government programs and activities.

Travis’s background and leadership roles, as well as his practice at leading law firms, have translated into advising clients – both nationally and globally – on responding to and finding solutions for novel local, state, federal and cross-border issues. He also has represented companies, boards, founders, CEOs, executives and other prominent individuals in a diverse array of complex and bet-the-company civil litigation, government investigations and advisory matters.

Travis’s notable representative experience includes:

FTC and state attorney general investigations

• Representing a high-profile celebrity in connection with the FTC’s compliance guidelines for social media influencers
• Representing Tapjoy in an FTC investigation of mobile advertising practices in connection with virtual rewards
• Representing an online dating application in an FTC and state attorney general investigation relating to privacy and data security
• Representing a videoconferencing service provider in FTC, state attorneys general and international regulatory investigations concerning the company’s privacy and security practices
• Representing a top on-demand mobile application company in an FTC investigation involving a data breach
• Representing a social media company in a state attorney general investigation of children’s privacy in relation to the Children’s Online Privacy Protection Act (COPPA)
• Representing a multichannel video programming distributor in connection with a multistate antitrust merger review by 20 state attorneys general
• Representing a fintech company in connection with a California attorney general investigation of data privacy and security practices
• Representing an online gaming company in connection with a California attorney general investigation of online gambling
• Defending a leading customer engagement platform against an FTC and Washington attorney general investigation into the company’s policies and practices related to Apple’s AppTracking Transparency framework and compliance with COPPA requirements

Privacy and data breach litigation

• Representing a California technology company in a privacy class action involving physical surveillance
• Defending Chegg in mass arbitration litigation arising from a 2018 data breach impacting 40 million users
• Defending FabFitFun in a class action lawsuit arising from a breach of credential and payment card information
• Defending against numerous mass arbitration claims involving privacy and cybersecurity
• Representing Marsh McLennan in a class action lawsuit filed in the US District Court for the Southern District of New York arising out of a cyberattack
• Representing a prominent global business figure in a national security investigation and litigation arising from a nation-state cyberattack and resulting misinformation campaign
• Defending a data analytics company against a putative class action resulting from an exposure of millions of voter records by a cybersecurity researcher, successfully securing the lawsuit’s dismissal

Data privacy counseling

• Serving as general privacy and security counsel to a leading technology company that innovates in the areas of education, science, justice and opportunity
• Representing a multinational group of software companies in an investigation by the California attorney general into the group’s compliance with the California Consumer Privacy Act (CCPA)
• Advising numerous public and private companies on data privacy compliance and transactional risk

Cyber preparedness

• Advising the board and senior officers of Foot Locker on cyber preparedness
• Serving as outside counsel to the cyber risk committee of a major public company
• Representing a major global law firm as outside cybersecurity counsel
• Counseling public company clients on the SEC’s cybersecurity guidelines and proposed rules

Incident response

• Representing the State Bar of California in connection with a high-profile data breach
• Representing a multinational technology company in connection with a cyberattack, ransom negotiations and global notifications
• Representing a major defense contractor in response to a former employee who exfiltrated a large amount of financial data outside of the company
• Counseling numerous clients through data breaches, ransomware events, business email compromises and other cyberattacks

Platform enforcement 

• Representing DraftKings in litigation seeking to unmask and punish parties linked to a distributed denial-of-service (DDoS) attack on its website
• Representing Facebook and WhatsApp in a lawsuit against Israeli cyber-intelligence firm NSO Group alleging that NSO exploited a vulnerability in the encrypted messaging app to infect more than 1,400 phones with malware
• Representing an online real estate technology company in litigation seeking to identify parties that unlawfully distributed the company’s confidential information
• Advising a gig economy online delivery service in an investigation of users who were cheating to secure in-demand assignments
• Representing Prodege in John Doe litigation against an anonymous individual harassing Prodege employees online

Cryptocurrency and blockchain

• Defending Coinbase in class action litigation arising from an online sweepstakes related to cryptocurrency
• Defending a high-profile celebrity in a class action involving the promotion of cryptocurrency through social media

FCC regulatory and enforcement

• Supporting several clients in responding to and defending against TCPA demands
• Representing T-Mobile before a state attorney general and public utilities commissions in its merger with Sprint
• Representing a global light-emitting diode (LED) manufacturer in an FCC enforcement investigation
• Representing a counter-unmanned aerial systems manufacturer company in an FCC regulatory investigation
• Representing a broadcasting company in a financing dispute with another broadcaster and a financial institution

Publications and presentations

• Speaker, International Association of Privacy Professionals (IAPP) Data Privacy Day and 2024 Predictions, January 22, 2024
• Speaker, The PCLOB Report Section 702, “The Lawfare Podcast,” October 17, 2023
• Speaker, The PCLOB Report Section 702, The Volokh Conspiracy’s “Cyberlaw Podcast,” October 16, 2023
• Speaker, The SEC’s Final Cybersecurity Rules Roundtable: What You Need To Do, Cooley event, September 20, 2023
• Panelist, From DPO to Data Ethics Officer, Don’t Fall Behind!, IAPP Asia Privacy Forum, July 20, 2023
• Moderator, American Law Institute 2023 Annual Meeting, May 22, 2023
• Panelist, Litigation in Privacy and Data Security, Practising Law Institute 24th Annual Institute on Privacy and Cybersecurity Law, May 8, 2023
• Panelist, Regulatory Spotlight: SEC, Incident Response Forum Masterclass, April 20, 2023
• Panelist, Cross Border Data Woes: US-EU Data Privacy Framework Update, Interactive Advertising Bureau (IAB) Public Policy & Legal Summit, April 3, 2023
• Speaker, FISA Section 702, “The Lawfare Podcast,” March 24, 2023
• Speaker, Fireside chat, State of the Net Conference, March 6, 2023
• Panelist, Ransomware Attacks Before and After: Preparation, Governance, Training and Remediation, Incident Response Forum Ransomware, January 12, 2023
• Panelist, Analyzing the EU-US Data Privacy Framework – Expert Panel, SPOKES Virtual Privacy Conference Winter, December 14, 2022
• Panelist, The CPPA: Shaping the Nation’s Privacy Laws, Cybersecurity and Data Protection, September 13, 2022
• Panelist, Closing Session and Privacy Predictions for 2023, SPOKES Privacy Technology Conference Summer 2022, June 23, 2022
• Speaker, Virtual DC Fly-In fireside chat, IAB event, June 15, 2022
• Panelist, GDPR Four Years on the Road: The 10 Key Developments You Should Know, Cooley Privacy Talks series, June 7, 2022
• Speaker, 2022 Fintech Forum, June 7, 2022
• Panelist, Incident Response Panel: Ransomware Attacks, Incident Response Forum Masterclass 2022, April 21, 2022
• Speaker, Stanford Cybersecurity Law: A View From the Front Lines, Stanford Cyber Policy Center session, April 7, 2022
• Panelist, Finding Your Flow as a Global Organization: Avoiding Pitfalls and Navigating the Dynamic Environment of International Expansion, TechGC 2022 DeputyGC National Summit, March 17, 2022
• Panelist, The Colonial Pipeline Data Breach – A Case Study, American Bar Association Criminal Justice Section’s 37th National Institute on White Collar Crime, March 3, 2022
• Panelist, Privacy Best Practices and Recent Regulatory Developments, World Bank Data Privacy Day 2022 virtual event, January 27, 2022
• Panelist, Ransomware 2.0: Responding to Exfiltration/Name and Shame, Incident Response Forum Ransomware, January 13, 2022
• Panelist, Wading Through State Privacy Compliance: From CPRA and Beyond, 45th Annual IP Institute: Shifting Tides – Intellectual Property in a Changing World, California Lawyers Association, November 9, 2021
• Panelist, National Security and Privacy: Recent Developments and Emerging Challenges, SPOKES Privacy Conference Summer 2021, June 29, 2021
• Panelist, GDPR Three Years on the Road: 10 Key Developments, GDPR Turns Three – Myths and Must-Haves, Cooley virtual event, May 25, 2021
• Panelist, Incident Response – State of Play, Incident Response Forum Masterclass, April 8, 2021
• Speaker, International Data Flows Post Schrems-II: What to Expect and What to Forget, Trustarc Privacy Risk Summit, March 10, 2021
• Speaker, “CyberWire Daily” (The CyberWire Podcast), November 2, 2020
• Panelist, Systematic Bias: AI as Cause and Cure, American Bar Association Section of Science & Technology Law Artificial Intelligence and Robotics National Institute, October 7, 2020
• Panelist, National Security and Incident Response, Incident Response Forum Europe 2020, September 24, 2020
• Speaker, CCPA Enforcement: Enter the AG (summit session keynote panel), IAPP Summit 2020, July 9, 2020
• Panelist, Back to the Future of Online Data Privacy, KnowIt: Intellectual Property in a Digital World, May 11, 2020
• Speaker, Incident Response Forum, April 14, 2020
• Panelist, International Data Flows Post Schrems-II: What to Expect and What to Forget, TrustArc Privacy Risk Summit, March 10, 2020
• Speaker, Incident Response Forum West 2020, January 30, 2020

Recognitions

• Chambers USA: Privacy & Data Security
• The Legal 500 US: Dispute Resolution – General Commercial Disputes
• The Legal 500 US: Telecoms and Broadcast – Regulatory and Transactions
• Cybersecurity Docket: Incident Response 30 (list of the 30 best and brightest data breach response lawyers)
• The Daily Journal: Top Cyber Lawyer
• The Daily Journal: Top 100 Lawyers in California
• The National Law Journal: Cybersecurity & Data Privacy Trailblazer

Government service

• US Privacy and Civil Liberties Oversight Board (PCLOB), board member
• EU-US Privacy Shield Framework, arbitrator
• FCC Enforcement Bureau, chief
• California Department of Justice, special assistant attorney general
• US DOJ’s Office of Legal Counsel, attorney adviser
• US Court of Appeals for the Ninth Circuit, appellate lawyer representative 

Clerkships

• Judge Stephen Reinhardt, US Court of Appeals for the Ninth Circuit