Privacy & Security
Providing strategic, creative, and actionable advice on evolving privacy norms.
We are at the forefront of cutting-edge technologies and evolving privacy norms and are known for providing strategic, creative, and actionable advice to our clients.
Perkins Coie’s Privacy & Security team works with the world’s most innovative companies on data protection issues. We represent clients across a range of industries and stages of growth, from startups to Fortune 500 companies. We help our clients understand their information practices and address the full lifecycle of data protection issues—from building privacy and security programs from scratch to ongoing privacy counseling, complex commercial transactions, high-stakes privacy litigation, and regulatory enforcement.
Our team comprises litigators, former regulators, national security experts, and technologists who help clients achieve favorable results. With decades of experience in privacy laws and requirements around the world, we assist companies in and outside of the United States in identifying opportunities for global risk mitigation amid a fast-moving regulatory environment. We help clients fully understand their current privacy and data protection practices, policies, and procedures and assist them in designing and implementing enhanced compliance programs and identifying and remediating compliance gaps.
We support companies in building security programs and managing breach responses; responding to, objecting to, and litigating requests for user data; understanding the intersection of user privacy, online communications, and free speech and expression; handling high-profile privacy, data security, and consumer protection investigations; and Federal Trade Commission, state attorney general, local regulator, and foreign data protection authority enforcement actions. Additionally, we provide helpful tools to keep clients abreast of privacy and security issues, such as a 50-state security breach notification chart that tracks U.S. breach notification requirements, the Privacy Starter Kit, and the Data Navigator.
Our team has been ranked both globally and nationally by Chambers USA for exemplary work in Privacy & Data Security, technology, and related litigation.
Privacy and data security are more important than ever. We provide unparalleled legal capabilities in these areas offering strategic advice on how to secure data and stay ahead of a changing legal landscape.
How we help clients
- Privacy counseling and compliance.
- Privacy litigation.
- Privacy regulatory investigations and enforcement.
- ECPA counseling and litigation.
- Data security counseling and breach response.
- Ad tech law.
- Biometric law.
- National security.
- State consumer privacy laws.
Privacy & Security Services
Our Team
Areas of Focus
Privacy Counseling & Compliance
We counsel clients on the full alphabet soup of U.S. and international privacy laws. We frequently advise clients on compliance with laws such as the FTC Act, HIPAA, FCRA, GLBA, CAN-SPAM, COPPA, FERPA, VPPA, TCPA, BIPA, state breach notification laws and omnibus privacy legislation such as the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other emerging state privacy laws. More than a dozen states have enacted similar privacy laws, each with variations that create unique compliance challenges. Our team has extensive experience in global privacy law compliance and understands the complexities of state-specific consumer privacy laws. We assist clients in evaluating their data handling practices, ensuring compliance through updates to privacy policies, user interfaces, and vendor contracts, and we actively monitor and respond to regulatory changes, litigation, and enforcement actions to minimize risk and defend against privacy-related legal challenges.
We are innovative in our approach and have launched various tools to help our clients build and manage their privacy and security programs, including the Privacy Starter Kit, and Data Navigator.
Privacy Litigation
Perkins Coie’s Privacy & Security practice litigates cutting-edge legal issues for some of the world’s leading technology companies.
Our clients trust us with their sensitive and bet-the-company disputes, whether they are facing issues related to data collection, use, security, or disclosure or claims involving constitutional privacy, tort invasion of privacy, statutes with private rights of action, or consumer protection.
Building on our knowledge in wiretapping and other privacy-related claims, and years of experience representing the world’s biggest technology companies, we have emerged as a go-to firm for biometrics litigation. Leveraging our successful defense of Google in its first biometrics class action, we have represented numerous companies in these cases. In addition to developing novel defenses, we regularly counsel clients on designing their products to mitigate risk in this area.
We have also successfully defended privacy class actions for the world's most innovative companies and industry leaders. Companies that must coordinate defense of both regulatory and class action litigation from the same occurrence must observe different timelines and discovery requirements. Our litigators represent and defend clients in class action litigation related to privacy and security issues. We have defended privacy class actions across the country that cover the spectrum of claims—from alleged violations of federal and state privacy laws like the California Consumer Privacy Act (CCPA), Stored Communications Act (SCA), Wiretap Act, and Telephone Consumer Protection Act (TCPA), to more general claims involving consumers’ personal data, such as common law intrusion upon seclusion and violation of constitutional privacy rights.
Privacy Regulatory Investigations & Enforcement
We handle some of the highest-profile privacy, data security, and consumer protection investigations and enforcement actions of the Federal Trade Commission (FTC), state attorneys general, local regulators, and foreign data protection authorities. Companies across a wide array of industries, ranging from startups to some of the world’s largest corporations, turn to us for counsel at all stages of investigations, inquiries, negotiations, and lawsuits.
Data Security Counseling & Breach Response
Our data security and breach response team advises clients on the development of robust security programs and effectively managing breach responses. We have successfully handled hundreds of matters related to data breaches and security incidents across the United States and globally, and provide strategic guidance to strengthen preventative measures, minimize risks, and ensure compliance with evolving data protection regulations. Additionally, in the event of a security breach, we offer immediate, coordinated response services to mitigate damages, manage communication with stakeholders, and navigate legal implications, helping to restore trust and maintain operational continuity.
ECPA Counseling & Litigation
The firm’s premier Electronic Communications Privacy Act (ECPA) practice helps global technology leaders and rising startups respond to, and where appropriate, object to and litigate, requests for user data. Our lawyers counsel on and litigate cutting-edge issues at the intersection of user privacy and online communications, governmental surveillance and criminal investigations, and free speech and expression.
Transactional Privacy
Clients turn to us for assistance with complex commercial transactions in which data is a core part of the deal. Our team drafts and negotiates data protection agreements and other commercial agreements and counsels clients on the impact of data protection provisions in these agreements, including insurance, indemnity, and liability clauses. We also support mergers and acquisitions transactions for both buy-side and sell-side deals, which includes drafting privacy and security-related requests and disclosures, assessing potential compliance gaps and recommending mitigation measures, preparing privacy representations and disclosure schedules, and leading negotiations with counterparties on privacy and security issues.
Top 10 Security Issues to Consider
know your data. There are 10 key issues our data security professionals have identified that require a closer look.
Security Breach Notification Chart
Awards and Recognition
- We are ranked by Chambers USA among the best firms in the nation for privacy and data security.
- Named “Law Firm of the Year” in Technology Law by Best Lawyers, 2024
- Ranked globally in Nationwide Technology by Chambers USA, 2023-2024
- Ranked nationally in Privacy & Data Security: The Elite and Privacy & Data Security: Litigation by Chambers USA, 2003-2024
- Ranked globally in Privacy & Data Security USA and Privacy & Data Security: Litigation USA by Chambers Global Guide, 2023-2024
- Ranked in the Top 10 Best Law Firms for Privacy and Data Security by Vault, 2018-2025
- Ranked Tier 1 nationally for both Information Technology Law and Technology Law by U.S. News—Best Lawyers® in 2024
- Ranked Tier 2 nationally for Regulatory Enforcement Litigation (Telecom) by U.S. News—Best Lawyers® in 2024
- Named Law Firm of the Year for Technology Law by U.S. News—Best Lawyers® in 2024
Insights
News
Professional Experience
Privacy & Security Representative Experience
Worth Unlimited, LLC v. Reddit, Inc.
Superior Court of California, San Francisco County
Successfully defended motion to compel production of the identity of an anonymous speaker pursuant to domesticated subpoena in connection with out-of-state litigation.
Williams v. T-Mobile Usa Inc.
Circuit Court of Michigan, Wayne County
Defended T-Mobile against pretexting related claims.
Virtual Property and Real Money Transactions
Assisted virtual property trading platform company with regulatory compliance related to electronic payment systems and real money transactions.
Valentine, et al. v. NebuAd Inc., et al.
U.S. District Court for the Northern District of California
Represented Internet service providers WOW and Knology in a putative class action in which Internet subscribers alleged violations of federal and state privacy laws arising from the defendants' use on a trial basis of the NebuAd system. The system was designed to allow ISPs to serve targeted advertisements to their customers browsing the Web. Each of the ISP defendants was an out-of-state provider with no customers in California. Case dismissed on the grounds that the court lacked personal jurisdiction.
User Webservice
Federal Trade Commission
Represented webservice in Federal Trade Commission investigation under Section 5 of the FTC Act regarding user data privacy. Investigation closed.
Supnick v. Alexa Internet and Amazon.com Inc.
U.S. District Court for the Western District of Washington
Defense of purported nationwide class action challenging privacy practices related to information collected during visits to Web sites.
Security Breach Response
Provide counsel to numerous clients on the legal requirements following a data breach incidents, including the need for and content of consumer and regulator notifications, investigation and public relations. Advise on creation and modification of incident response plans. Supervise the maintenance of the security breach notification laws chart, which surveys the state laws that require notification in the event of security breaches involving the loss of personal data.
Privacy Counseling
Provide counsel to clients on a variety of issues surrounding the collection and use of personal data, including compliance with the Fair Credit Reporting Act (FCRA), Red Flag Rules, the Children’s Online Privacy Protection Act (COPPA), CAN-SPAM, Family Educational Rights and Privacy Act (FERPA), Federal Trade Commission guidance and statute statutory and common law requirements. Draft privacy policies conforming to companies’ data practices and applicable legal requirements.
Mobile Advertising Network
Federal Trade Commission
Represented mobile advertising network in defense of Federal Trade Commission investigation under Section 5 of the FTC Act. The Commission sought information about specific categories of advertisements displayed to consumers on mobile applications and the network’s screening practices. Investigation closed.
Miller v. Smart & Final Inc.
Lead counsel for retailer in putative nationwide class action alleging violation of the Fair Credit Reporting Act (FCRA).
Manard v. Knology, Inc.
U.S. District Court for the Middle District of Georgia
Represented Internet service provider Knology in a putative class action in which Internet subscribers alleged violations of federal and state privacy laws arising from the ISP's use on a trial basis of the NebuAd system. The system was designed to allow ISPs to serve targeted advertisements to their customers browsing the Web. Successfully obtained order compelling arbitration of claims. No. 4:10-CV-15, 2010 WL 2528320 (M.D. Ga. June 18, 2010).
Maestrini v. Smart & Final Inc.
Lead counsel in putative California Consumer Class Action alleging violation of State's Point of Sale privacy laws. Case dismissed with prejudice prior to certification.
Internet Enforcement—Fortune 500 Retailer
Led campaign against online scams that used infringing domain names, misleading websites, and false text messages to lure consumers into buying goods and services and disclosing personal information. Significantly reduced scams and consumer complaints regarding scams.
Internet Enforcement—Facebook
Ongoing management of a complete enforcement program for Facebook Inc. to enforce its Terms of Use; prosecute spammers, hackers and phishers; and to investigate and refer illegal behavior to law enforcement.
Intermarine, LLC v. Spliethoff Bevrachtingskantoor
U.S. District Court for the Northern District of California
Successfully moved to quash federal deposition subpoena issued to Dropbox, obtaining published order holding that providers like Dropbox do not need to make themselves available for testimony every time a subscriber’s records are at issue in a case.
Inquiry Into Google Wifi Data Collection Via Street View
Represented Google before regulatory bodies globally, and in litigation, regarding Google's WiFi data collection via Street View. Successfully obtained closing letter from the Federal Trade Commission, completing its investigation.
In the Matter of Google Inc.
Federal Trade Commission
Successfully represented Google before the Federal Trade Commission in defense of FTC complaintregarding launch of Google Buzz social networking application and Gmail user privacy. The resulting consent decree was the first FTC privacy and EU Safe Harbor settlement. Assisted the company in implementation of the privacy program described in the consent decree.
In Re Google Buzz Privacy Litigation
U.S. District Court for the Northern District of California
Represented Google in defense of consolidated nationwide class actions challenging Google Buzz social networking application for alleged violations of Gmail user privacy. Settlement approved by the court.
In re Facebook, Inc.
U.S. District Court for the Northern District of California
Successfully moved to quash subpoena, issued pursuant to 28 U.S.C. § 1782 seeking the content of social media communications belonging to a deceased user.
Hoang v. Amazon.com, Inc. and IMDb.com, Inc.
U.S. District Court for the Western District of Washington
Successfully represented Amazon.com, Inc. and IMDb.com, Inc. in defense of breach of contract, fraud, Consumer Protection Act, and Washington Privacy Act claims relating to IMDb.com’s online publication of the plaintiff’s accurate date of birth. Obtained successful summary judgment disposition for Amazon.com, and a unanimous defense verdict for IMDb.com following a jury trial.
Facebook Electronic Communications Privacy Act (ECPA) Compliance Program
Counseling and litigation related to subpoenas, court orders, warrants and other requests for user information subject to the ECPA, Stored Communications Act and other federal and state statutes.
Electronic Surveillance and User Data Disclosure Counseling
Assist communications service providers in developing procedures to comply with lawfully authorized electronic surveillance orders and user data disclosure requests, both domestically and internationally, primarily in accordance with the Electronic Communications Privacy Act (ECPA).
Crowley v. Cyberspace Corporation
U.S. District Court for the Northern District of California
Successful defense of putative class action challenging privacy practices of retailer and credit verification service. 166 F. Supp. 2d 1263 (N.D. Cal. 2001)
Craigslist.com Website Enforcement Program
Pre-litigation investigation, enforcement program and litigation related to Internet infringement of craigslist’s copyrights, trademarks and terms of use violations.
Counseling: Money Transmission and Anti-Money Laundering
Provide comprehensive counseling regarding compliance with state and federal money transmission laws as they relate to emerging payment systems, and in particular decentralized virtual currency business ventures. Develop and implement anti-money laundering programs, conduct related risk assessments, and represent clients before state and federal regulators like FinCEN and state departments of financial services.
Cloud Computing Provider
Federal Trade Commission
Represented cloud computing provider in Federal Trade Commission investigation under Section 5 of the FTC Act regarding security practices for mobile access to cloud computing service. Investigation closed.
Chance, et al. v. Avenue A Inc.
U.S. District Court for the Western District of Washington
Defense of nationwide class action challenging Internet privacy practices. Settled after successful summary judgment motion. 165 F. Supp. 2d 1153 (W.D. Wash. 2001)
Anti-Money Laundering Compliance Program Dealing With Emerging Payment Methods
Worked with national car association to develop anti-money laundering compliance program addressing traditional payment services, such as money transmission and consumer credit, as well as new payment products and services, such as open loop gift cards and P2P services.