Cybersecurity & Privacy

In the 21st century, information is a mission-critical asset for companies. The ability to navigate the increasingly complex web of state, national and international laws, regulations and court decisions dictating how you can use and protect that information, as well as respond to breaches, is a mission-critical function. Willkie’s cybersecurity and privacy attorneys have both the substantive knowledge and practical experience to help clients manage these legal risks and achieve their business goals. In 2017, the group was named to BTI’s “Cybersecurity Honor Roll,” and noted as a “strong cybersecurity performer.”

Willkie’s international cybersecurity and privacy team has represented a wide range of U.S. and multinational clients. Our multidisciplinary practice includes attorneys with in-depth experience in all aspects of cybersecurity and privacy law, as well as extensive experience in complementary areas, including technology and communications, securities regulation and enforcement, intellectual property, mergers and acquisitions, complex litigation, antitrust and competition, insurance and consumer protection regulations.

Our close collaboration across offices and legal disciplines enables us to provide clients with comprehensive, practical advice. Our attorneys have extensive international privacy and data security experience through our work with data protection laws and authorities in more than 60 countries.

We provide practical guidance to companies that rely on data and information as part of their day-to-day businesses, and counsel on all aspects of cyber risk, including:

  • Compliance counseling, risk assessment and mitigation
  • Corporate governance and SEC issues
  • Global incident planning, response and investigations
  • Cybersecurity insurance assessment and counseling
  • Assessment of privacy and cybersecurity issues in M&A transactions
  • Representation of clients before U.S. federal agencies (including the FTC, SEC, FCC and DOJ) and international data protection authorities regarding cybersecurity and privacy policy development, investigations and other proceedings
  • Private litigation (data breach, insurance)

Our Clients

In all industries, data security and privacy are essential elements of corporate risk management for companies. We help develop comprehensive compliance plans designed to allow clients to achieve their business goals. Our cybersecurity and privacy attorneys have a long and successful history representing a diverse set of clients, including financial institutions, cable operators, telecommunications providers, mutual funds and hedge funds, information services providers, software developers, hardware manufacturers, video programming networks and other media organizations, accounting firms, publishers, retailers, insurance companies and industry trade associations.

Our Knowledge

Our attorneys have substantive experience advising clients on numerous U.S. federal statutes covering privacy and cybersecurity issues, including:

  • Children’s Online Privacy Protection Act (COPPA)
  • Communications Act (including cable privacy and telecommunications privacy provisions in Sections 222 and 631)
  • Communications Assistance for Law Enforcement Act (CALEA)
  • Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act
  • Electronic Communications Privacy Act (ECPA) (including wiretapping and Stored Communications Act (SCA) issues)
  • Fair and Accurate Credit Transactions (FACT) Act
  • Fair Credit Reporting Act (FCRA)
  • Foreign Intelligence Surveillance Act (FISA)
  • Gramm-Leach-Bliley (GLB) Financial Services Modernization Act
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Right to Financial Privacy Act (RFPA)
  • SEC Regulations S-P and S-ID
  • Sarbanes-Oxley (SOX) Act
  • Telephone Consumer Protection Act (TCPA)

Our cybersecurity and privacy attorneys also have experience in analyzing and advising on state and federal laws regarding data breach notification, as well as state laws regarding information security, identity theft and related issues. We closely monitor proposed and newly enacted state and federal privacy legislation to determine any potential impact on our clients.

Our attorneys also have deep knowledge of cybersecurity and privacy laws outside the U.S. and laws governing international data transfers, including:

  • EU General Data Protection Regulation
  • EU Privacy Directive
  • EU-U.S. Privacy Shield
  • UK Data Protection Act
  • Canada’s Personal Information Protection and Electronic Documents Act
+ Continue Reading


  • Our Experience

    We offer our clients a wide array of cybersecurity and privacy legal services, including regulatory, transactional and litigation experience.  Some examples of our previous work include:

    • Providing a multinational client with a multijurisdiction regulatory analysis involving local counsel from over 100 countries regarding various data privacy, data security, electronic contracting and digital signature issues
    • Advocating client positions before state and federal regulatory agencies considering cybersecurity and privacy rules and policies, including development and execution of regulatory strategies
    • Negotiating complex privacy and data security agreements between Fortune 100 companies to ensure that business objectives are achieved within the contours of the regulatory requirements
    • Developing and updating clients’ privacy policies, customer agreements, terms of service, service provider contracts, employee manuals and other key documents, to afford them greater flexibility to use personal information in new ways, consistent with U.S. and other national data privacy laws, including key requirements and precedent regarding "material changes" to such documents
    • Counseling multinational clients regarding data privacy risks and restrictions that must be addressed and navigated in connection with reviewing and transferring personal and other data from the EU to the U.S.
    • Designing appropriate client procedures for responding to government subpoenas and other requests for customer or employee data
    • Developing user notices and consent forms regarding the use of biometric data and the monitoring of customer and employee communications and online activity (e.g., for purposes of network management or detecting unlawful activity)
    • Assisting clients’ entities involved in transactions subject to the Exon-Florio law, including both foreign acquirers and domestic targets, that go through the Committee on Foreign Investment in the United States (CFIUS) national security clearance process

Publications / News / Events

+ View All Publications / News / Events

Willkie Compliance Concourse is a first-of-its-kind web-based application for multinational companies, attorneys and compliance professionals seeking practical guidance on the numerous and diverse regulatory compliance risks that companies face. For clients operating in the US, UK and worldwide, the app is a one-stop destination to stay abreast of the latest legal and enforcement developments, trends and thinking.

The app features:

  • Practical guides on bribery and corruption, cybersecurity, data privacy, insider trading, money laundering and sanctions statutes and regulations in the US and UK
  • Current news and analysis on the regulatory compliance, investigations and enforcement landscape
  • On-demand accredited CLEs
  • Hypotheticals exploring sensitive cross-border compliance issues

Instructions to download the app can be found here. To access the app from your desktop, visit