Shook boasts one of the best and most accomplished privacy and cybersecurity practices in the country. Our team has been named by Chambers USA as a “Band One Highly Regarded Practice” and several of our partners have been recognized by Chambers as top practitioners in this area of law. For the last three years we have been named a “Top Cyber Law Firm” by Legal 500, and we were named the 2021 practice group of the year by Law360. Our team has also twice received the Lexology “Client Choice” award and the ACC Value Champion award for excellence in service to corporate counsel. We hold nearly every IAPP privacy certification and are recognized among the foremost thought leaders in privacy and cybersecurity law.

With a client list spanning all industries and sizes—from startups to 75 of the Fortune 100 companies—we help organizations navigate the ever-growing challenges of collecting, storing and utilizing sensitive information. Our team is best known for:

  • Privacy & Cybersecurity Litigation | Shook defends class action litigation nationwide and individual claims in arbitration. Our team has experience in data breach class actions, private enforcement under privacy laws including the CCPA and BIPA, and claims under state wiretap and similar laws relating to the use of website advertising and tracking technology. With nearly 170 active class action lawsuits, and over 25 individual arbitrations, Shook is a leading privacy and cybersecurity defense law firm in the country.
  • Incident Response & Cybersecurity | We help companies proactively mitigate cyber risk through preparing written information security programs, drafting and testing incident response plans, running tabletop exercises, managing vendors, and conducting employee and board training. We also advise clients on compliance with state and federal laws and regulations that require comprehensive cybersecurity programs, like HIPAA, GLBA, and the NYDFS Cybersecurity Regulation (23 NYCRR Part 500). When a company suspects it has suffered a data security incident, our team directs all aspects of the response efforts to minimize the clients’ legal risks and operational losses. We advise clients on applicable breach notification laws, as well as help clients respond to regulatory, media and customer inquiries. We have directed more than 1,500 incidents involving millions of affected individuals across the globe. Shook has assisted companies in responding to more than 100 ransomware matters and represented companies in regulatory inquiries following those incidents. Our team members have been quoted by The Wall Street Journal, Bloomberg, France 24, Law360, and many other news outlets for their leadership relating to cybersecurity. We are approved incident response panel counsel for several leading cyber insurance carriers and brokers.
  • Privacy Compliance & AI Governance | The law governing the collection, processing, storage, and disposal of personal information is constantly changing. Shook helps clients build proactive privacy compliance and information governance programs to comply with legal frameworks in the U.S. and globally. Our attorneys leverage their in-house experience to help companies implement compliance strategies that support business operations. These services include advising on legal obligations, drafting privacy notices and privacy policies, designing and implementing consumer requests processes, preparing and negotiating vendor agreements, directing data inventories and mapping exercises, and conducting employee training and awareness programs. Our team also helps companies navigate the evolving frameworks of artificial intelligence regulation by drafting policies and guidelines, negotiating vendor terms with AI service providers, and conducting employee training.
  • Proactive Risk Minimization and Thought Leadership | Shook learns a client’s business and keeps them top of mind to ensure they are proactively updated on developments in privacy law and are complying with the myriad of local, state, federal and international legal obligations. We provide regular email updates tracking legislative developments, hold benchmarking calls between clients in specific industries, present webinars, and deliver tailored CLEs targeted to clients to ensure they are informed of privacy and cybersecurity developments impacting their industry. Shook also leads mock data breach exercises to help clients ready themselves for unexpected business interruptions and unauthorized access associated with data incidents.




Chambers USA 2024 LogoThe Legal 500 United States Leading Firm 2023 BadgeLaw360 Practice Group of the Year Cybersecurity and Privacy LogoShook20ACC