In an era where technology is rapidly changing, privacy and security concerns are even more pervasive. Katten's Privacy, Data and Cybersecurity practice attorneys offer diverse industry experience and practical solutions to address heightened risks and complex legal and regulatory obligations. We understand the benefits and potential challenges associated with the collection, use and disclosure of personal information, and provide clients with strategic advice to achieve their business needs, while resolving or preventing potential legal, business and reputational risks. Katten advises on the development of global data protection programs and counsels on privacy and security law and compliance, as well as how those laws apply to data use and information sharing.

Privacy compliance and advisory services

With the evolving legal and regulatory landscape, companies are faced with a multitude of new compliance obligations. We closely monitor emerging and proposed data protection laws and regulations. Our team can help you navigate through the patchwork of often inconsistent data protection standards and requirements. From privacy and security related program development, due diligence for mergers and acquisitions and other strategic transactions, to incident response management – we can help you prepare for the range of scenarios and issues.

US and international privacy and security law counsel

Our counsel to Fortune 500, midsized and emerging companies covers the full range of privacy, data and cybersecurity issues. We advise clients on all aspects of compliance with local, state and federal laws governing privacy and security, including such federal laws as:

  • Children's Online Privacy Protection Act (COPPA)
  • Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM)
  • Electronic Communications Privacy Act (ECPA)
  • Federal Trade Commission enforcement
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Information Portability and Accountability Act (HIPAA)
  • Telephone Consumer Protection Act (TCPA)

In the area of federal and state financial privacy and cybersecurity regulations, our counsel covers rules promulgated by the Securities and Exchange Commission, the Financial Industry Regulatory Authority, the New York Department of Financial Services and state insurance regulators.

Our experience also includes state laws such as all 50-state data breach notification laws, the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), and the growing body of similar state laws, as well as industry standards such as the ISO and NIST cybersecurity frameworks, the CIS Critical Security Controls and the PCI Data Security Standards.

For clients with global reach, we address compliance with international privacy and data protection laws and regulations, such as the EU and UK General Data Protection Regulation (GDPR), the EU ePrivacy Directive, Brazil's General Personal Data Protection Law (LGPD) and China's Personal Information Protection Law (PIPL).

Setting standards for industry best practices

We assist clients across the entire spectrum of considerations, including:


  • Data mapping and processing reviews
  • Employee privacy practices
  • Mobile app practices
  • Privacy audits
  • Privacy-by-design and other privacy practices, for online presence, mobile apps, internet of things (IoT)
  • Privacy policies and procedures
  • Regulatory compliance, including financial services, health care, GDPR and CCPA


  • Big data program evaluation
  • Data-driven advertising and marketing
  • Data flow analysis
  • International data transfers
  • Outsourcing and cloud solutions
  • Vendor management


  • Compliance and information security reviews
  • Incident and breach investigation, response, and litigation
  • Information security policies and procedures
  • Regulatory inquiries and actions
  • Security incident response planning
  • Training and response readiness, war games, and tabletop exercises

Our advice is practical, efficient and reflective of our work in highly regulated and public-facing industries, including:

  • Advertising, marketing and promotions
  • Consumer products and services
  • Financial services
  • Financial technology
  • Health care
  • Hospitality
  • Retail
  • Technology