Shook, Hardy & Bacon’s Privacy and Data Security practice has been acclaimed by Chambers and Legal 500 for their achievements and thought leadership in privacy and data security law.

With a client list spanning all industries and sizes—from start-ups to 75 of the Fortune 100 companies—we help companies navigate the ever-growing challenges of collecting, storing and utilizing sensitive information. Our team is best known for:

  • Privacy and Cybersecurity Litigation | With nearly 150 active BIPA class action lawsuits, Shook is the leading biometric privacy law firm in the country. With additional scores of data breach and privacy class action lawsuits relating to the CCPA, CMIA, state wiretap laws, the TCPA, and many other privacy laws, Shook is one of the top privacy and data security litigation firms in the United States.
  • Incident Response | When a company suspects it has suffered a data breach, our team directs the response efforts to minimize the clients’ legal risks and operational losses. We advise clients on applicable breach notification laws, directing legal hold obligations and preserving contribution rights against third parties, as well as help clients respond to regulatory, media and customer inquiries. We have directed more than 1,500 incidents in over 150 countries involving millions of affected individuals. Shook has handled over 100 ransomware matters and represented companies in regulatory inquiries following those incidents. Our team members have been quoted by The Wall Street Journal, France 24, Law360, and many other news outlets for their leadership relating to ransomware. We are incident response panel counsel for several insurance carriers, and we regularly partner with the best forensic firms, threat actor negotiators, data review firms, and public relations firms to ensure our clients are well-equipped to respond to any data incident.
  • Incident Response Preparedness | We draw from our deep incident response experience to provide proactive preparedness services that help our clients avoid or mitigate the risk of a cyberattack.These services include tabletop exercises where we simulate the phases of a data incident. We draft incident response plans that our clients use as a blueprint in responding to a cyberattack. We train our clients’ boards, management, officers, and employees to ensure they are aware of the latest threats and ways to mitigate them. We draft policies and procedures to maximize compliance with data security laws. We also draw from our litigation experience to prepare data security provisions that maximize the protection of sensitive information shared with vendors.
  • Privacy Compliance | The law governing the collection, processing, storage and disposal of personal information is constantly changing. Shook counsels clients to help them build proactive privacy programs that comply with privacy regimes like the CCPA/CPRA, GDPR, LGPD, HIPAA, and a mix of other statutes and regulatory guidance. Our attorneys have the expertise to help companies identify which law(s) apply to them and how to best comply. These compliance services include advising on legal obligations and preparing a compliance strategy, drafting privacy notices and privacy policies, preparing and negotiating vendor agreements, directing data inventories and mapping exercises, and preparing written information security programs.
  • Proactive Risk Minimization and Thought Leadership | Shook learns a client’s business and keeps them top of mind to ensure they are proactively updated on developments in privacy law and to help them comply with the myriad of local, state, federal and international legal obligations. We provide bi-weekly email updates and blog posts tracking legislative developments, hold benchmarking calls between clients in specific industries, present quarterly webinars, and deliver CLEs targeted to specific clients to ensure they are informed of privacy and data security developments impacting their industry. Our lawyers were involved in forming the Sedona Conference’s Working Group on Privacy and Data Security Liability. They have served on leadership positions in the International Association of Privacy Professionals and hold the highest credentials the IAPP offers. They also regularly testify before legislative bodies to provide guidance that shapes U.S. privacy and data security law.

In sum, Shook boasts one of the best and most accomplished privacy and data security practices in the country. Our team has been named by Chambers USA as a “Band One Highly Regarded Practice” and multiple practice group members have been identified by Chambers as nationwide leading practitioners in privacy and data security law. We are proud that two of our partners have repeatedly been listed by Chambers as top practitioners in this area of law, and for the last three years, we have been named a “Top Cyber Law Firm” by Legal 500. Our team has also twice received the Lexology “Client Choice” award and the ACC Value Champion award for excellence in service to corporate counsel. We hold nearly every privacy certification under the sun and are recognized among the foremost thought leaders in privacy and data security law.

Selected Accolades 

      Law360 Practice Group of the Year Cybersecurity and Privacy        Chambers USA Tier 1 Privacy and Data Security