Covington has an industry-leading data privacy and cybersecurity practice. Described by Chambers and Partners as an “accomplished group of privacy and data security practitioners” that “provides dynamic, practical, real-world advice,” we specialize in helping clients address complex, cutting-edge challenges to managing data privacy and cybersecurity risk. We regularly draw upon our cross-disciplinary expertise to provide efficient and effective counseling and representation. Our work ranges from assisting large, multinational clients in conducting privacy and security audits—to assess the ways in which they collect, handle, and protect their customers’ and employees’ personal information—to providing regulatory compliance advice in connection with specific business practices.

Our practice provides exceptional coverage of all of the substantive areas of privacy and data security, including IT/technology, data security, financial privacy, health privacy, employment privacy, litigation and transactions. Our client list contains a broad range of leading companies across numerous sectors, including consumer products, banking and financial services, health care, Internet services, pharmaceuticals, and telecommunications.

With global data privacy and cybersecurity attorneys based in Washington, New York, San Francisco, London, Brussels, and Beijing, our multi-lingual team has represented clients worldwide on a full range of legal, regulatory, and legislative matters involving privacy and cybersecurity issues.

Representative Matters

  • On behalf of one of the world’s leading consumer electronics and technology companies, we completed a comprehensive global privacy audit under the laws of the United States, the European Union, and China, including an assessment of the data collection, use, and sharing practices of numerous business units (including HR data), cross-border data transfers, and adopting a going-forward privacy governance and risk-management approach and corresponding policies and procedures.
  • Advising numerous companies on Binding Corporate Rules (BCRs), including Processor Rules. We help develop the BCR corpus and manage the entire approval process before the lead data protection authorities in several EU Member States including Belgium, Germany, Luxembourg and the UK.
  • Advised a global pharmaceutical company on the data breach notification requirements in more than 80 countries, following a security breach affecting employees in Europe, Asia and the Americas.
  • Advised a leading online companyon risk management and affirmative strategies, including potential litigation options, in connection with the unauthorized use and disclosure of customer personal information by a third-party service provider. Based on our advice, the client was able to resolve the potentially difficult situation quickly and on favorable terms.
  • Represented a third-party advertising service in responding to an inquiry by the FTC into the company’s technology for selecting and delivering online advertising. matter was resolved without any formal enforcement action.


  • Ranked by Chambers Global as a leading Data Protection practice (2013-2015).
  • Ranked by Chambers Europe as a leading Data Protection practice (2014-2015).
  • Ranked by Chambers UK as a leading Data Protection practice (2013-2015).
  • Ranked by Legal 500 EMEA as a leading EU Regulatory, Privacy and Data Protection practice (2013-2015).
  • Ranked by Chambers USA as a leading Privacy & Data Security practice (2013-2015).
  • Ranked by Legal 500 US as a leading Data Protection and Privacy practice (2013-2015).
  • Ranked by Legal 500 US as a leading Cyber Crime practice (2015).
  • Ranked by Legal 500 UK as a leading Data Protection practice (2013-2015).
  • Legal 500 UK Awards, winner of the TMT: Data Protection category (2014)
  • The Lawyer shortlisted our London technology and media group for its TMT Team of the Year Award (2013).
  • Law360's Practice Groups of the Year, Privacy & Consumer Protection (2011-2012)
Print PDF Word Version Print this page


Responding to a Data Security Breach - 10 Steps Every Company Should Take to Manage Risk

Insider Threats to Cybersecurity—Prevent, Prepare, React Webinar (7/15/2015) 

Managing the Big Legal Issues with Big Data Webinar (5/3/2012)

Reform of the European Data Protection Framework Webinar (2/6/2012)

Reform of the Data Protection Directive Webinar for Life Sciences Companies (4/13/2011)

Reform of the Data Protection Directive Webinar (4/13/2011)

+1 202 662 5278
+32 2 549 5252
+44 20 7067 2020