At Wilson Sonsini Goodrich & Rosati, we know that privacy and data security issues are critical to our clients. In fact, the firm was among the first in the nation to focus on privacy and information governance as a discrete and specialized practice. We have assembled a cross-disciplinary team of highly experienced professionals well equipped to help companies of any size comply with the complex and ever-changing set of laws, regulations, and industry standards that govern the collection, storage, and use of information. Our practice, which was honored in both 2014 and 2012 by Law360 as a "Privacy Group of the Year," includes the following experts:

  • The former director of the Federal Trade Commission's Bureau of Consumer Protection
  • A former top advisor to former FTC Chairman Jon Leibowitz
  • A former senior official at the Department of Justice's National Security Division
  • The co-chairman of the Task Force on Privacy and the Protection of Personal Data of the International Chamber of Commerce (ICC)
  • A litigation team with an unmatched series of precedent-setting victories in privacy and Internet law
  • A Brussels-based team of European data protection lawyers qualified to practice in several EU member states
  • Numerous attorneys who have earned certification by the International Association of Privacy Professionals

We have advised hundreds of companies on all aspects of privacy and data security law globally. Our clients span a broad array of industries, including the Internet, cloud computing, mobile, software, digital media and entertainment, social media, hospitality, healthcare, life sciences, and many other emerging technologies. Among other matters, our team regularly:

  • Defends clients in privacy-related litigation, including consumer class actions
  • Develops, enhances, and audits privacy and data security polices, tools, and procedures, including privacy notices, consent forms, privacy impact assessments tool kits, checklists, security policies, and training materials
  • Devises business and legal responses to security breaches in the U.S. and abroad
  • Develops and helps implement global compliance programs, including strategies for compliance with data transfer restrictions
  • Counsels on compliance with domestic and international regulations, such as the EU cookies rules related to advertising and marketing in new media, including user-generated content and the use of endorsements
  • Provides strategic advice on the upcoming changes to the EU data protection legal framework
  • Addresses and negotiates privacy and data security matters in international and domestic transactions
  • Helps companies implementing multijurisdictional projects by acting as a one-stop-shop coordinating compliance with local requirements

Our goal is to help our clients maintain the highest standards for the collection, protection, and use of customer and employee information while pursuing their business interests. With an insider's perspective on policy and enforcement culture, coupled with a real-world understanding of enterprise and industry practices and true litigation risk, we provide an unparalleled combination of practical and policy experience. In addition, we always are ready to vigorously defend clients in government investigations, enforcement actions, and litigation matters.

Full Range of Offerings


We have successfully defended numerous clients in privacy-related actions, including those that have arisen from data breaches, use of consumer data, and marketing practices. The actions have involved claims of invasion of privacy and other common-law torts, as well as alleged violations of the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, the Video Privacy Protection Act, the Telephone Consumer Protection Act, and the Fair and Accurate Credit Transactions Act. Currently, we are defending multiple privacy class actions, including cases involving the tracking of user behavior online and on mobile devices, the collection of unencrypted Wi-Fi transmissions, and claims under the ECPA, VPPA, and FACTA. For a list of leading Internet privacy cases that the firm is handling or has previously handled, please click here.

Government Investigations

We represent clients in investigations before the Federal Trade Commission, the Federal Communications Commission, state Attorneys General, and other government agencies concerning data breaches, collection and use of customer information, online behavioral advertising, location-based data issues, children's privacy (COPPA), and compliance with privacy-related statutes such as the Fair Credit Reporting Act. We also represent clients in investigations and audits by EU data protection authorities.

Global Privacy & Data Security Counseling

We counsel clients on all facets of U.S. state and federal privacy laws, including COPPA, HIPAA, FCRA, and GLB, and European data protection laws, as well as issues related to existing or emerging privacy and data security laws in Asia and Latin America. The issues we cover include adherence to self-regulatory programs, information security, online behavioral advertising, marketing and promotional communications, online and mobile privacy issues, privacy by design, privacy impact assessments, document retention policies, and privacy policies.

European Data Protection Services

We advise clients on all aspects of European and national privacy and data protection requirements, including the General Data Protection Directive, the revised e-Privacy Directive, and the Data Retention Directive, as well as their implementation into local law. Our advice ranges from providing strategic pan-European advice on data protection issues, such as the review of the EU data protection framework, to assisting companies on complying with specific and detailed local requirements in EU Member States. Over the years, our team has created unmatched contacts with data protection regulators in Europe. We represent clients before national data protection authorities and liaise with European Institutions and the Article 29 Working Party on behalf of clients. We have developed the WSGR EU Data Protection Observatory to help companies navigate the latest developments related to the draft EU Data Protection Regulation.

We also develop strategies for transfering clients' personal data outside the European Union, including implementation and approval of binding corporate rules (BCRs), assistance with membership in the U.S. safe harbor framework, and use of EU standard contractual clauses. In addition, we assist clients in reconciling the demands of EU data protection law with conflicting legal obligations such as SOX and e-discovery requirements.

Data Due Diligence

We represent clients in transactions involving data security and privacy issues such as those arising from cloud computing, outsourcing, the Internet (including e-commerce), mobile devices, and trans-border deals. We conduct due diligence in connection with mergers and acquisitions, asset dispositions, and IPOs and other financial offerings, as well as structure and design data-transfer policies and procedures.

Employee Privacy Counseling & Litigations

We counsel employers regarding privacy-related issues in the workplace, such as review of employee communications, corporate social networks or social-networking activities using company computers, drug testing, record-keeping requirements, and pre-hire background checks. Our expertise covers both domestic and international issues, including the strict requirements of EU local privacy and labor laws. We also advise companies on compliance with federal and state privacy laws related to employees and other personnel in connection with mergers and acquisitions. In addition, we defend companies against employee privacy claims.