Wilson Sonsini Goodrich & Rosati's cross-disciplinary team of highly experienced professionals helps companies navigate the complex and ever-changing set of laws, regulations, and industry standards that govern the collection, storage, and use of information. With an insider's perspective on policy and enforcement culture, coupled with a real-world understanding of true litigation risk and industry practices, we provide an unparalleled combination of practical and policy experience. Our team includes former government officials, leading privacy litigators, and a deep bench of compliance attorneys, transactional lawyers, and legislative and regulatory strategists.

We have extensive experience with government investigations, enforcement actions, and litigation, with unique expertise in complex multi-jurisdictional privacy investigations and litigation.

We represent companies that use or rely on data as part of their business. Among many other matters, we regularly:

  • provide our clients with practical advice on how they can collect, use, and share data and still comply with the web of ever-changing privacy laws;
  • defend clients in class action and other privacy-related litigation;
  • devise thoughtful and effective business and legal responses to security breaches;
  • help clients create, enhance, and audit privacy and data security policies and programs;
  • develop and implement global compliance programs; and
  • counsel clients on compliance with regulations related to advertising and marketing in new media, including the use of endorsements and user-generated content.

Our privacy and data protection practice is regularly honored by well-known ranking authorities such as Law360, Chambers USA, Chambers Global, Chambers Europe, and Legal 500. Many of our attorneys are cited for excellence in these publications, are regularly invited to speak at major privacy conferences across the globe, and write extensively on data protection and data security topics.

Our major areas of focus are:

Government Investigations & Inquiries

With unparalleled experience in the area, WSGR is uniquely positioned to assist companies facing the onslaught of government investigations that are often triggered by high-profile privacy incidents, novel business practices, and data breaches. Global in scope, we meet the challenges these multi-jurisdictional inquiries pose by drawing on our experience of handling and coordinating privacy investigations initiated by the Federal Trade Commission, the Federal Communications Commission, U.S. state attorneys general, European Data Protection Authorities, and the European Union Article 29 Working Party.


We counsel companies of all sizes, from start-ups to industry leaders, on every facet of privacy and data security laws globally. We help companies craft creative and operational data compliance strategies to address sophisticated global issues and specific local requirements. Our attorneys help manage data at every step of the information life cycle and assist in setting up efficient information governance programs.

Our vast experience in privacy litigation gives us a peerless perspective on how to build truly effective compliance programs.

We advise on U.S. federal, state, and European privacy, including:

  • Electronic Communication Privacy Act (ECPA)
  • Stored Communications Act (SCA)
  • Video Privacy Protection Act (VPPA)
  • Children's Online Privacy Protection Act (COPPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Fair Credit Reporting Act (FCRA)
  • Gramm-Leach-Bliley Act (GLBA)
  • U.S. data breach notification laws
  • U.S. state privacy laws, including the California Consumer Privacy Act (CCPA)
  • EU General Data Protection Regulation (GDPR)
  • Revised European e-Privacy Directive
  • European Data Retention Directive

Our experience includes advising clients on best practices for implementing effective privacy programs online, offline, on mobile devices, and throughout their enterprises; when and how to comply with self-regulatory programs governing online advertising; and how to develop compliant marketing and promotional communications using new media.

We also help our clients determine and implement their most effective data transfer strategies, whether they involve membership in the U.S. safe harbor framework, approval of binding corporate rules (BCRs), cross-border privacy rules (CBPRs), or use of EU standard contractual clauses. In addition, we assist clients in reconciling the demands of EU data protection law with conflicting legal obligations such as Sarbanes-Oxley and e-discovery requirements.


Our litigation team has an unmatched series of precedent-setting victories in privacy and internet law, stemming from our attorneys' routine handling of most complex and cutting-edge privacy cases. Able to handle any privacy-related litigation, we have successfully defended our clients since the privacy litigation trend arose. Our team is currently defending dozens of putative privacy class actions, including cases involving allegations of the improper tracking of user behavior online and on mobile devices, the collection of unencrypted Wi-Fi transmissions, and claims under the Electronic Communications Privacy Act (ECPA), the Computer Fraud and Abuse Act (CFAA), the Video Privacy Protection Act (VPPA), the Telephone Consumer Protection Act (TCPA), and the Fair and Accurate Credit Transactions Act (FACTA).

National Security & Electronic Surveillance

Our national security team has significant expertise in the intersection of privacy, law enforcement, and national security. We advise our clients on the full range of issues that arise when the government seeks user data or customer information, or attempts to compel one of our clients to directly assist in the government's efforts to conduct intelligence and law enforcement operations. We have expertise in dealing with:

  • requests for information under the Foreign Intelligence Surveillance Act (FISA);
  • National Security Letters (NSLs);
  • issues under the Wiretap and Stored Communications Acts; and
  • other search warrants and subpoenas from federal, state, and local intelligence and law enforcement authorities.

We also assist clients involved in cutting-edge research and development and require specialized counsel to help them navigate the national security issues associated with being innovative in a global economy.

Our national security lawyers work seamlessly with other members of the data security team to advise clients responding to notifications from the Federal Bureau of Investigation, the Department of Homeland Security, and other members of the Intelligence Community that their systems, products, or employees may have been targeted for cyber exploitation by foreign state actors.


Our team includes experienced and practical attorneys who advise clients on the privacy and data security issues that arise in transactional matters. We regularly:

  • represent companies in high-stakes mergers, acquisitions, and asset dispositions in which data is a key asset and where data transfers raise sensitive, complex, and often novel privacy issues;
  • represent financial institutions and other companies in IPOs and other financial offerings involving companies whose business models involve collecting, processing, and disclosing user data; and
  • assist companies of all sizes in negotiating licensing, outsourcing, services, and other commercial transactions, including advising on privacy and data-security-related risks and obligations relating to the use, processing, security, and monetization of consumer data.

Our lawyers' transactional experience and understanding of prevailing norms enables us to provide legally sound advice while keeping our clients' business objectives in mind.