With a team that includes former experienced privacy litigators and former government officials, O’Melveny’s Data Security and Privacy group helps clients manage the serious legal and financial risks in this rapidly changing area, taking an approach that crosses borders and legal disciplines.

Our ranks include a former US National Security Advisor, a former Cabinet Secretary and Senior Advisor to the President, a former White House Counsel, a former Deputy Secretary of Commerce, a former Director of the Federal Trade Commission’s Bureau of Competition, and a former resident legal advisor to the US Embassy in Beijing and federal cybercrime prosecutor

Armed with this deep experience in government, we help clients navigate the complex and shifting decision-making procedures followed by federal agencies, Congress, and other governmental and regulatory bodies, and manage Congressional, FTC, SEC, DOJ, and state attorneys general investigations. And our award-winning litigators defend clients against challenges fueled by the aggressive expansion of the plaintiff’s bar, including consumer class actions and shareholder litigation.

We regularly assist senior business executives, company boards, and corporate legal departments with a wide range of challenges, including:

  • Senior Management and Board Counseling
  • Government Investigations and Regulatory Actions
  • Shareholder, Consumer, and Customer Litigation
  • Labor and Employment Issues
  • Intellectual Property Concerns
  • International Aspects of Data Privacy Matters

E-Commerce Company

O’Melveny represented a leading internet search engine in class actions related to data privacy in federal court. These cases involved claims that the company tracked or disclosed personally-identifiable user information to third parties and that the company itself accessed user information without authorization. Read

Insurance Company

O’Melveny conducted an internal investigation for a large insurance company into a cyber attack on client accounts and advised the company on responding to the attack. Read

International Cosmetics and Household Goods Company

We performed an international analysis covering regulatory requirements for the online collection and cross-border transfers of customer information for the U.S., China, and the European Union. Read

Major financial services institutions

O’Melveny advises several financial institutions on cybersecurity preparedness and incident response. We are currently advising a large banking client in responding to the Equifax data breach and are advising a separate banking client on cybersecurity issues as part of stress testing exercises mandated by Dodd-Frank. We have also advised a large insurance and retirement firm on response in the aftermath of a cybersecurity incident affecting customer accounts. Additionally, we have helped a large mortgage-market participant prepare for privacy and data security issues related to the implementation of a large database used for predictive analytics and research purposes. Separately, we helped that same client develop protocols for information-sharing with federal regulators and law enforcement, and advised on privilege consideration surrounding the company’s disclosure of threat and incident information. Read

Managed Care and Health Care Providers

We provide advice and counseling to multiple clients in the health care industry on data security preparedness and breach response planning and have assisted in evaluating crisis management practices. This work has included designing HIPAA and 50-state compliant incident response policies, testing incident response plans, and enhancing policies and procedures to cure any determined gaps or risks. Read

Multinational corporations

We advise numerous multinational corporations on the impact of the China Cyber Security Law on their China operations. Read


O’Melveny represented the specialty pharmacy in defending multiple class actions under statutory privacy laws involving separate alleged violations of calling and faxing activities to patients and medical practices related to its services. O’Melveny successfully resolved the first class action without providing classwide relief and reached a favorable settlement in the second action. Read

Online Music Company

We counseled an online music company on its response to a ransomware demand and worked with the company to inform state governments of the data breach. Read


O’Melveny represents Visa on matters related to data compromise events at merchants or processors, including on issues related to many of the largest account data compromise events in the history of the payment card industry, such as counseling on and the settlement of claims arising from data breaches at Target Corporation, The Home Depot, Heartland Payment Systems, and others. Read