Willkie’s Privacy, Cybersecurity & Data Strategy practice group provides leading-edge, practical counsel on the ever-changing digital legal landscape, the design, development, and implementation of privacy, data protection, and cybersecurity programs, and innovation in new data-driven products and services at the forefront of the digital economy. Leveraging their broad base of knowledge and experience on these issues - including as regulators and senior in-house lawyers - our attorneys help clients manage their legal risks and achieve their business goals.   

Our multidisciplinary practice includes attorneys with in-depth experience in all aspects of privacy, data protection, and cybersecurity law, as well as key commercial and technological developments, that we apply to helping our clients achieve their strategic business priorities. We collaborate with complementary practices across Willkie’s platform, including the Willkie Digital Works group and our corporate, tech transaction, private equity, intellectual property, antitrust, and litigation practices, to provide clients with comprehensive, practical counsel for their data-related challenges and opportunities. 
We provide guidance to companies and counsel clients on all aspects of privacy and cyber risk, including:

  • Designing and implementing global compliance programs, including performing privacy and security risk and impact assessments; advising on product development and digital innovation; development and drafting privacy, data governance, and security policies; and negotiating vendor contracts;
  • Global security incident preparation, response, and remediation, including crisis management services;
  • Litigation related to privacy and security practices and data security incidents, including regulatory investigations and proceedings instigated by regulators in the U.S., UK, and EU;
  • Strategic advice on investments, mergers  and acquisitions, and other transactions, including diligence and deal negotiation; and
  • Legislative and regulatory monitoring, policy advice, and advocacy. 

Our attorneys have substantive experience advising clients on numerous privacy and cybersecurity laws and regulations in the United States and around the world, including CCPA, FTC Act, BIPA, GLBA, NYDFS Cybersecurity Regulation, FCRA/FACTA, HIPAA, COPPA, GDPR, and the UK Data Protection Act 2018.  


Our Clients & Our Experience

For over 20 years, our Privacy, Cybersecurity & Data Strategy attorneys have advised a diverse set of clients across a wide range of industries and at every stage of the business life cycle on managing the risks and taking advantage of the opportunities presented by the evolving commercial, technological, and regulatory landscape related to the collection and use of data.

Willkie’s notable experience includes the following representative matters:

  • We advised Kaseya on its response in the wake of one of the largest and most highly publicized ransomware attacks in history. This included briefings with senior law enforcement and national security stakeholders and coordinating notifications to customers and regulators around the world.
  • We advise social media platforms, consumer electronics companies, media companies, and financial companies on the strategic, commercial, and legal issues raised by cutting edge uses of data - including artificial intelligence and algorithmic decision-making technologies, biometric data, Internet of Things data, and geolocation data. 
  • We have advised clients in connection with investigations by the New York Department of Financial Services related to alleged violations of the Cybersecurity Regulation. 
  • We work closely with our corporate and tech transaction colleagues throughout the U.S. and Europe to advise on investment, M&A, and other transactions involving companies leading innovation in big data, artificial intelligence, autonomous vehicles, healthtech, insurtech, and fintech.
  • We have represented numerous clients before  regulators in the U.S (FTC, FCC, CPPA, State Attorneys General), the UK (Information Commissioner’s Office), and the EU with respect to rulemakings, enforcement inquiries, and other proceedings.
  • We advise major technology, media, social media, and financial services companies on critical compliance issues arising from statutory and regulatory obligations, particularly those arising from legal regimes such as GDPR and CCPA/CPRA, as well as compliance issues arising from enforcement activities and consent decrees.
  • We counseled the manufacturer of widely used software in response to the discovery of a critical vulnerability in its software, including by notifying U.S. governmental authorities about the vulnerability, counseling the company on customer communications, and collaborating with technical consultants and the client development team to develop and execute remediation strategies.
  • We advise major publicly traded companies and financial institutions on SEC policymaking, rulemakings, investigations, and enforcement activities related to cybersecurity and privacy. 
Explore Details

Related News & Insights

Willkie Compliance Concourse

Willkie Compliance Concourse is a first-of-its-kind web-based application for multinational companies, attorneys and compliance professionals seeking practical guidance on the numerous and diverse regulatory compliance risks that companies face. For clients operating in the US, UK and worldwide, the app is a one-stop destination to stay abreast of the latest legal and enforcement developments, trends and thinking.

The app features:

  • Practical guides on bribery and corruption, cybersecurity, data privacy, insider trading, money laundering and sanctions statutes and regulations in the US and UK
  • Current news and analysis on the regulatory compliance, investigations and enforcement landscape
  • On-demand accredited CLEs
  • Hypotheticals exploring sensitive cross-border compliance issues

Instructions to download the app can be found here. To access the app from your desktop, visit