Privacy and security concerns are pervasive. Katten's Privacy, Data and Cybersecurity practice attorneys offer diverse industry experience and substantial knowledge of the latest laws and practices in privacy and data protection. We understand the benefits and potential risks associated with the collection, use and disclosure of customer and employee information, and we help clients resolve or prevent potential problems. Katten advises on the development of privacy protection practices and counsels on privacy and security law and compliance, as well as how those laws apply to data use and information sharing.

Compliance and incident preparation

In an era in which compliance requirements are rapidly increasing, data breach is a matter of when, not if. We can help you prepare for the range of scenarios and issues. We have multiple attorneys who have obtained certifications from the International Association of Privacy Professionals (IAPP).

US and international privacy and security law counsel

Our counsel to Fortune 500, midsized and emerging companies covers the full range of privacy, data and cybersecurity issues. We advise clients on all aspects of compliance with local, state and federal laws governing privacy and security, including such federal laws as:

  • Children's Online Privacy Protection Act
  • Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003
  • Federal Trade Commission enforcement
  • Gramm-Leach-Bliley Act
  • Health Information Portability and Accountability Act

In the area of federal and state financial privacy and cybersecurity regulations, our counsel covers rules promulgated by the Securities and Exchange Commission, the Financial Industry Regulatory Authority, the New York Department of Financial Services and state insurance regulators.

Our experience also includes state laws such as data breach notification laws, the California Consumer Privacy Act (CCPA) and the likely growing body of similar state laws, as well as industry standards such as the NIST cybersecurity framework, the CIS Critical Security Controls and the PCI Data Security Standards.

For clients with global reach, we address compliance with international privacy and data protection laws and regulations, such as the EU GDPR — including the EU-US Privacy Shield — and the EU ePrivacy Directive.

Setting standards for industry best practices

We assist clients across the entire spectrum of considerations, including:


  • Data mapping and processing reviews
  • Employee privacy practices
  • Mobile app practices
  • Privacy audits
  • Privacy-by-design and other privacy practices, for online presence, mobile apps, internet of things (IoT)
  • Privacy policies and procedures
  • Regulatory compliance, including financial services, health care, GDPR and CCPA


  • Big data program evaluation
  • Data-driven advertising and marketing
  • Data flow analysis
  • International data transfers
  • Outsourcing and cloud solutions
  • Vendor management


  • Compliance and information security reviews
  • Incident and breach investigation, response, and litigation
  • Information security policies and procedures
  • Regulatory inquiries and actions
  • Security incident response planning
  • Training and response readiness, war games, and tabletop exercises

Our advice is practical, efficient and reflective of our work in highly regulated and public-facing industries, including:

  • Advertising, marketing and promotions
  • Consumer products and services
  • Financial services
  • Health care
  • Hospitality
  • Retail