Privacy Litigation & Enforcement Actions

We have the regulatory experience and relationships needed to quickly recover from litigation and enforcement actions and offer cost-effective practical step-by-step guidance that will help you get back to business.

Our approach

Our team is led by former state and federal prosecutors, so we know what’s needed to confront and move beyond litigation, government investigations and enforcement actions that can follow a patient or consumer complaint or data breach. We distinguish ourselves by our deep relationships with regulators and nationally recognized negotiation strategies. It’s what allows us to move quickly and efficiently in the face of serious and unexpected disruptions. With stringent enforcement and progressively higher penalties, we know what’s at stake. We offer cost-effective step-by-step guidance to help clients get back to business confidently and efficiently.

Who we work with

  • Companies at any stage of privacy complaints, data theft or loss, whether intentional or accidental, including victims of hacking, disgruntled or negligent employees and natural disasters
  • All industries including technology, health care, finance, infrastructure, defense, energy, big data, social media, data storage and professional services
  • Any company who is facing government audit or other investigation by a federal or state regulatory authority (e.g., the Office for Civil Rights, the Federal Trade Commission, The Federal Communications Commission and state attorneys general)


  • Recognized by Chambers USA as a nationwide leader in the fields of Privacy Law and Healthcare: Regulatory & Litigation
  • Included in The BTI Litigation Outlook 2013 report Honor Roll as one of the “Most Feared Law Firms” for litigation
  • U.S. News & World Report/Best Lawyers “Best Law Firms” nationally recognized Government Investigations & White Collar Criminal Defense practice

Recent experience

  • Defended a client in litigation involving the theft of 1.7 million patient records
  • Assisted a client during a state attorney general investigation of a website hacking incident involving the notification of over 3,500 individuals
  • Represented multiple large health care systems with investigations by the Office for Civil Rights and state regulatory bodies following patient complaints and breaches of protected health information
  • Represented a health care provider through an OCR investigation following the theft of paper medical records
  • Represented multiple health care providers with enforcement actions following the loss or theft of laptops
  • Represented a client during a government investigation following the loss of a laptop containing the PHI of over 11,000 individuals

Big questions for BIPA case law in 2021

Cybersecurity Law Report | February 17, 2021

In this article focusing on case law developments around Illinois’ Biometric Information Privacy Act in the year ahead, Chicago Complex Commercial Disputes partner Rich Tilghman is quoted extensively for his outlook on facial and voice recognition cases, extraterritoriality, arbitration defenses, what counts as a BIPA violation, and collected data.

The Once-and-Future Privacy Shield

Rochester Business Journal | November 06, 2020

Data Privacy & Cybersecurity deputy leader and Rochester associate Jenny Holmes contributed this article analyzing the European Court of Justice’s recent invalidation of the Privacy Shield and its impact on data flows between the US and the EU. This article was co-developed with Los Angeles partner Jason P. Gonzalez and Boston associate Troy K. Lieberman, both from the Data Privacy & Cybersecurity team.

Keep up with laws developing to protect our consumer data

Rochester Business Journal | November 15, 2019

In the latest installment of his monthly column, Rochester Corporate partner Jeremy Wolk analyzes state-level legislation aimed at enhancing consumer privacy rights and protections, similar to the European Union’s General Data Protection Regulation. Rochester Corporate associate Jenny Holmes contributed to the column.

Facebook lawsuit underscores importance of transparent collection and use of data

Rochester Business Journal | January 25, 2019

Rochester Corporate partner Jeremy Wolk wrote this contributed column analyzing a lawsuit filed against Facebook in Washington, DC, alleging violations of state-level consumer protection laws by the social media company. This article incorporates perspective from an alert written by Washington Complex Commercial Disputes associate Brian Donnelly, Rochester Corporate associate Jenny Holmes, and Los Angeles Government Investigations & White Collar Defense associate Karina Puttieva.

Problems with the California Consumer Privacy Act

Los Angeles/San Francisco Daily Journal | January 23, 2019

Los Angeles Government Investigations and White Collar Defense partner Jason Gonzalez and associate Karina Puttieva co-wrote this contributed article identifying issues with the “remarkably unclear” California Consumer Privacy Act, a measure passed last year that regulates large businesses businesses who buy, sell or share consumers’ personal information.

State AGs at odds over Google privacy pact at high court

Law360 | September 05, 2018

This article mentions Complex Commercial Disputes partners Chris Mason, Sarah André, Dan Deane and Seth Horvath as counsel for The New York Bar Foundation and The New York State Bar Association in an amicus brief—filed with the United States Supreme Court—in support of the approval by a California District Court, and the Ninth Circuit, of Google’s settlement involving a “cy pres” remedy in a privacy-related case.

Cybersecurity and benefits plans: The next front in the ongoing battle to protect personal information

Confero | June 30, 2018

Rochester Corporate group associate Jenny Holmes contributed this article to the quarterly magazine for Westminster Consulting, discussing why benefit plans are inviting targets for would-be data thieves, and what plan administrators need to do to protect personal data.

Back to top