Privacy & Security
Providing strategic, creative, and actionable advice on evolving privacy norms.
We are at the forefront of cutting-edge technologies and evolving privacy norms and are known for providing strategic, creative, and actionable advice to our clients.
Perkins Coie’s Privacy & Security team works with the world’s most innovative companies on data protection issues. We represent clients across a range of industries and stages of growth, from startups to Fortune 500 companies. We help our clients understand their information practices and address the full lifecycle of data protection issues—from building privacy and security programs from scratch to ongoing privacy counseling, complex commercial transactions, high-stakes privacy litigation, and regulatory enforcement.
Our team comprises litigators, former regulators, national security experts, and technologists who help clients achieve favorable results. With decades of experience in privacy laws and requirements around the world, we assist companies in and outside of the United States in identifying opportunities for global risk mitigation amid a fast-moving regulatory environment. We help clients fully understand their current privacy and data protection practices, policies, and procedures and assist them in designing and implementing enhanced compliance programs and identifying and remediating compliance gaps.
We support companies in building security programs and managing breach responses; responding to, objecting to, and litigating requests for user data; understanding the intersection of user privacy, online communications, and free speech and expression; handling high-profile privacy, data security, and consumer protection investigations; and Federal Trade Commission, state attorney general, local regulator, and foreign data protection authority enforcement actions. Additionally, we provide helpful tools to keep clients abreast of privacy and security issues, such as a 50-state security breach notification chart that tracks U.S. breach notification requirements, the Privacy Starter Kit, and the Data Navigator.
Our team has been ranked both globally and nationally by Chambers USA for exemplary work in Privacy & Data Security, technology, and related litigation.
How we help clients
- Privacy counseling and compliance.
- Privacy litigation.
- Privacy regulatory investigations and enforcement.
- ECPA counseling and litigation.
- Data security counseling and breach response.
- Ad tech law.
- Biometric law.
- National security.
- State consumer privacy laws.
Privacy & Security Services
Our Team
Privacy and data security are more important than ever. We provide unparalleled legal capabilities in these areas offering strategic advice on how to secure data and stay ahead of a changing legal landscape.
State Consumer Privacy Laws
The California Consumer Privacy Act (CCPA) first introduced a host of privacy rights for California consumers and created robust obligations for many businesses that collect personal information about California consumers. Since then, more than a dozen other states have passed their own comprehensive privacy laws, some with significant variations that complicate compliance for businesses. Meanwhile, momentum in state legislatures to pass more privacy laws continues to grow. Visit our State Consumer Privacy Laws page
Biometric Law
We advise some of the world’s leading businesses in the rapidly evolving environment of biometric law. Our lawyers are well equipped to help clients protect their interests, secure data, and maintain regulatory compliance. We have long been a leader in this space, advising clients on a wide range of biometric technologies, including facial recognition technologies, voiceprint technologies, and fingerprint technologies. Visit our Biometric Law page
Privacy Class Action Defense
Perkins Coie’s Privacy Class Action Defense lawyers have served as defense for the world's most innovative companies and industry leaders. Our experience spans all manner of privacy class actions, from alleged violations of specific federal and state privacy laws—like the California Consumer Privacy Act, Secure Communications Act, Wiretap Act, Telephone Consumer Protection Act, and Biometric Information Privacy Act—to cases asserting more general claims involving consumers’ personal data, such as the common law intrusion upon seclusion and violation of constitutional privacy rights. Plaintiffs often bring these cases on behalf of putative classes that number in the thousands or even millions, so they bring potential exposure in the millions of dollars and the risk of business interruption from threatened injunctive relief. Visit our Privacy Class Action Defense page
National Security
Clients seek our comprehensive counsel on issues involving counterespionage, counterterrorism, protection of critical infrastructure and cyberspace, and other domestic threats. We work closely with companies on prevention and readiness, intrusion response, and remediation/hardening. We also help clients form contracting and other business relationships with components of the U.S. intelligence community, including establishing subsidiaries to work with U.S. national security departments and agencies and mitigate any Foreign Ownership, Control, or Influence (FOCI). Visit our National Security page
Top 10 Security Issues to Consider
know your data. There are 10 key issues our data security professionals have identified that require a closer look.
Security Breach Notification Chart
Awards and Recognition
- We are ranked by Chambers USA among the best firms in the nation for privacy and data security.
- Named “Law Firm of the Year” in Technology Law by Best Lawyers, 2024
- Ranked globally in Nationwide Technology by Chambers USA, 2023-2024
- Ranked nationally in Privacy & Data Security: The Elite and Privacy & Data Security: Litigation by Chambers USA, 2003-2024
- Ranked globally in Privacy & Data Security USA and Privacy & Data Security: Litigation USA by Chambers Global Guide, 2023-2024
- Ranked in the Top 10 Best Law Firms for Privacy and Data Security by Vault, 2018-2025
- Ranked Tier 1 nationally for both Information Technology Law and Technology Law by U.S. News—Best Lawyers® in 2024
- Ranked Tier 2 nationally for Regulatory Enforcement Litigation (Telecom) by U.S. News—Best Lawyers® in 2024
- Named Law Firm of the Year for Technology Law by U.S. News—Best Lawyers® in 2024
Insights
News
Professional Experience
Privacy & Security Representative Experience
Worth Unlimited, LLC v. Reddit, Inc.
Superior Court of California, San Francisco County
Successfully defended motion to compel production of the identity of an anonymous speaker pursuant to domesticated subpoena in connection with out-of-state litigation.
Williams v. T-Mobile Usa Inc.
Circuit Court of Michigan, Wayne County
Defended T-Mobile against pretexting related claims.
Virtual Property and Real Money Transactions
Assisted virtual property trading platform company with regulatory compliance related to electronic payment systems and real money transactions.
Valentine, et al. v. NebuAd Inc., et al.
U.S. District Court for the Northern District of California
Represented Internet service providers WOW and Knology in a putative class action in which Internet subscribers alleged violations of federal and state privacy laws arising from the defendants' use on a trial basis of the NebuAd system. The system was designed to allow ISPs to serve targeted advertisements to their customers browsing the Web. Each of the ISP defendants was an out-of-state provider with no customers in California. Case dismissed on the grounds that the court lacked personal jurisdiction.
User Webservice
Federal Trade Commission
Represented webservice in Federal Trade Commission investigation under Section 5 of the FTC Act regarding user data privacy. Investigation closed.
Supnick v. Alexa Internet and Amazon.com Inc.
U.S. District Court for the Western District of Washington
Defense of purported nationwide class action challenging privacy practices related to information collected during visits to Web sites.
Security Breach Response
Provide counsel to numerous clients on the legal requirements following a data breach incidents, including the need for and content of consumer and regulator notifications, investigation and public relations. Advise on creation and modification of incident response plans. Supervise the maintenance of the security breach notification laws chart, which surveys the state laws that require notification in the event of security breaches involving the loss of personal data.
Privacy Counseling
Provide counsel to clients on a variety of issues surrounding the collection and use of personal data, including compliance with the Fair Credit Reporting Act (FCRA), Red Flag Rules, the Children’s Online Privacy Protection Act (COPPA), CAN-SPAM, Family Educational Rights and Privacy Act (FERPA), Federal Trade Commission guidance and statute statutory and common law requirements. Draft privacy policies conforming to companies’ data practices and applicable legal requirements.
Mobile Advertising Network
Federal Trade Commission
Represented mobile advertising network in defense of Federal Trade Commission investigation under Section 5 of the FTC Act. The Commission sought information about specific categories of advertisements displayed to consumers on mobile applications and the network’s screening practices. Investigation closed.
Miller v. Smart & Final Inc.
Lead counsel for retailer in putative nationwide class action alleging violation of the Fair Credit Reporting Act (FCRA).
Manard v. Knology, Inc.
U.S. District Court for the Middle District of Georgia
Represented Internet service provider Knology in a putative class action in which Internet subscribers alleged violations of federal and state privacy laws arising from the ISP's use on a trial basis of the NebuAd system. The system was designed to allow ISPs to serve targeted advertisements to their customers browsing the Web. Successfully obtained order compelling arbitration of claims. No. 4:10-CV-15, 2010 WL 2528320 (M.D. Ga. June 18, 2010).
Maestrini v. Smart & Final Inc.
Lead counsel in putative California Consumer Class Action alleging violation of State's Point of Sale privacy laws. Case dismissed with prejudice prior to certification.
Internet Enforcement—Fortune 500 Retailer
Led campaign against online scams that used infringing domain names, misleading websites, and false text messages to lure consumers into buying goods and services and disclosing personal information. Significantly reduced scams and consumer complaints regarding scams.
Internet Enforcement—Facebook
Ongoing management of a complete enforcement program for Facebook Inc. to enforce its Terms of Use; prosecute spammers, hackers and phishers; and to investigate and refer illegal behavior to law enforcement.
Intermarine, LLC v. Spliethoff Bevrachtingskantoor
U.S. District Court for the Northern District of California
Successfully moved to quash federal deposition subpoena issued to Dropbox, obtaining published order holding that providers like Dropbox do not need to make themselves available for testimony every time a subscriber’s records are at issue in a case.
Inquiry Into Google Wifi Data Collection Via Street View
Represented Google before regulatory bodies globally, and in litigation, regarding Google's WiFi data collection via Street View. Successfully obtained closing letter from the Federal Trade Commission, completing its investigation.
In the Matter of Google Inc.
Federal Trade Commission
Successfully represented Google before the Federal Trade Commission in defense of FTC complaintregarding launch of Google Buzz social networking application and Gmail user privacy. The resulting consent decree was the first FTC privacy and EU Safe Harbor settlement. Assisted the company in implementation of the privacy program described in the consent decree.
In Re Google Buzz Privacy Litigation
U.S. District Court for the Northern District of California
Represented Google in defense of consolidated nationwide class actions challenging Google Buzz social networking application for alleged violations of Gmail user privacy. Settlement approved by the court.
In re Facebook, Inc.
U.S. District Court for the Northern District of California
Successfully moved to quash subpoena, issued pursuant to 28 U.S.C. § 1782 seeking the content of social media communications belonging to a deceased user.
Hoang v. Amazon.com, Inc. and IMDb.com, Inc.
U.S. District Court for the Western District of Washington
Successfully represented Amazon.com, Inc. and IMDb.com, Inc. in defense of breach of contract, fraud, Consumer Protection Act, and Washington Privacy Act claims relating to IMDb.com’s online publication of the plaintiff’s accurate date of birth. Obtained successful summary judgment disposition for Amazon.com, and a unanimous defense verdict for IMDb.com following a jury trial.
Facebook Electronic Communications Privacy Act (ECPA) Compliance Program
Counseling and litigation related to subpoenas, court orders, warrants and other requests for user information subject to the ECPA, Stored Communications Act and other federal and state statutes.
Electronic Surveillance and User Data Disclosure Counseling
Assist communications service providers in developing procedures to comply with lawfully authorized electronic surveillance orders and user data disclosure requests, both domestically and internationally, primarily in accordance with the Electronic Communications Privacy Act (ECPA).
Crowley v. Cyberspace Corporation
U.S. District Court for the Northern District of California
Successful defense of putative class action challenging privacy practices of retailer and credit verification service. 166 F. Supp. 2d 1263 (N.D. Cal. 2001)
Craigslist.com Website Enforcement Program
Pre-litigation investigation, enforcement program and litigation related to Internet infringement of craigslist’s copyrights, trademarks and terms of use violations.
Counseling: Money Transmission and Anti-Money Laundering
Provide comprehensive counseling regarding compliance with state and federal money transmission laws as they relate to emerging payment systems, and in particular decentralized virtual currency business ventures. Develop and implement anti-money laundering programs, conduct related risk assessments, and represent clients before state and federal regulators like FinCEN and state departments of financial services.
Cloud Computing Provider
Federal Trade Commission
Represented cloud computing provider in Federal Trade Commission investigation under Section 5 of the FTC Act regarding security practices for mobile access to cloud computing service. Investigation closed.
Chance, et al. v. Avenue A Inc.
U.S. District Court for the Western District of Washington
Defense of nationwide class action challenging Internet privacy practices. Settled after successful summary judgment motion. 165 F. Supp. 2d 1153 (W.D. Wash. 2001)
Anti-Money Laundering Compliance Program Dealing With Emerging Payment Methods
Worked with national car association to develop anti-money laundering compliance program addressing traditional payment services, such as money transmission and consumer credit, as well as new payment products and services, such as open loop gift cards and P2P services.