{{insights.date}}
{{insights.type}}
{{insights.contentTypeTag}}
Kristin L. Bryan
Partner
Kristin Bryan is a litigator with deep expertise representing clients in complex bet-the-company data privacy, cybersecurity and data breach disputes in federal and state courts nationwide. She has obtained dismissals of numerous significant data privacy and cybersecurity litigations, in which plaintiffs collectively sought over US$280 billion in liquidated statutory damages for claims that her client’s business practices violated federal and state privacy laws.
Kristin is a pragmatic litigator and integral member of the firm’s privacy litigation team, which was ranked #2 in 2022 among all law firms by Global Data Review. She has broad experience defending data privacy, cybersecurity and data breach disputes across the country, including in the class action and multidistrict litigation context. Kristin has litigated cases brought under the Electronic Communications Privacy Act (ECPA), the Video Privacy Protection Act (VPPA), the Driver’s Privacy Protection Act (DPPA), the Fair Credit Reporting Act (FCRA), the Computer Fraud and Abuse Act (CFAA), the California Consumer Privacy Act (CCPA) and the Illinois Biometric Privacy Act (BIPA), among others. Kristin has also efficiently resolved privacy and cybersecurity class actions concerning deceptive trade practice and breach of fiduciary duty claims.
Kristin has advised clients concerning privacy issues implicated by the use of facial recognition technology and AI. She is currently defending a case concerning an AI consumer-facing platform in federal court in Illinois and recently opposed class certification. Kristin has represented clients in data breach litigations regarding the alleged disclosure of personal information and protected health information regulated under the Health Insurance Portability and Accountability Act (HIPAA). As part of her litigation practice, Kristin also advises clients on their most sensitive business, cybersecurity/privacy diligence and data breach issues, and in state and federal regulatory investigations regarding their privacy practices. She is editor-in-chief of the firm’s award-winning data privacy blog Consumer Privacy World and has published over 350 articles on developments regarding data privacy and cybersecurity.
Kristin is a Certified Information Privacy Professional (CIPP/US) and a leader in the data privacy and cybersecurity community. She holds a number of executive positions with the International Association of Privacy Professionals (IAPP), including with the Privacy Bar Advisory Board, is co-chair of her local KnowledgeNet Chapter, and was selected to participate in the IAPP’s 2022 Leadership Retreat. Kristin is also vice-chair of the American Bar Association’s Cybersecurity and Data Privacy Committee and on the ABA’s 11-member Technology and New Media Standing Committee.
Prior to joining the firm, Kristin practiced for five years at an international law firm in New York, specializing in data strategy and security.
- Obtaining dismissal on behalf of an insurance software provider in three competing federal class action litigations where plaintiffs sought to represent over 27 million putative class members and demanded over US$69 billion in statutory liquidated damages, as well as other relief concerning allegations that the provider stored drivers’ license information on unsecured external servers in violation of federal and state privacy laws. One of the cases was appealed to the Fifth Circuit, where in a case of first impression among the federal circuits, the court held that the alleged storage of information on an unsecured external server did not support a claim under the federal Driver’s Privacy Protection Act.
- Efficiently resolving two competing federal cybersecurity litigations brought against a healthcare institution concerning the alleged disclosure of personal information and protected health information under HIPAA, in relation to a data event involving a third-party services provider. Kristin obtained, along with the rest of the team, a ruling that her client was exempt from potential liability under the Florida Deceptive and Unfair Trade Practices Act.
- Obtaining a dismissal after opposing class certification of putative class action filed in California federal court against a lending institution, concerning claims under the Fair Credit Reporting Act and the California Consumer Credit Reporting Agencies Act.
- Defending a healthcare provider in privacy litigation concerning breach of fiduciary duty and other common law tort claims regarding the alleged unauthorized access and redisclosure of the plaintiff’s personal health record.
- Representing a media company in multidistrict privacy litigation that went to Third Circuit Court of Appeals concerning allegations that the media company and co-defendant Google used cookies to track the online behavior of website visitors, including minors, in violation of federal and state privacy laws.
- Representing a website operator in a state attorney general privacy investigation regarding the website operator’s marketing and ad sales practices.
Education
- Columbia Law School, J.D., 2010
- Dartmouth College, B.A., 2007
Admissions
- Ohio, 2016
- New York, 2011
Courts
- U.S. Dist. Ct., N. Dist. of New York
- U.S. Dist. Ct., S. Dist. of New York
- U.S. Dist. Ct., N. Dist. of Ohio
Memberships and Affiliations
- Co-chair, IAPP KnowledgeNet Chapter
- Member, IAPP Privacy Bar Advisory Board
- Vice-chair of the ABA’s Cybersecurity and Data Privacy Committee
- Member of the ABA’s Technology and New Media Standing Committee
- Named as a leading author in the Lexology Legal Influencers Q3 2022 for Technology, Media and Telecommunications (TMT) – US
- Ranked as a Cybersecurity & Privacy MVP by Law360 2022
- Recognized as a leading author in the Lexology Legal Influencers Q3 2021 for Technology, Media and Telecommunications (TMT) – US
- Recognized in The Best Lawyers in America 2021-2023: Ones to Watch for Commercial Litigation
- Quoted, “US Regulators Take Consumer Data Protection Into Their Own Hands,” VIXIO Regulatory Intelligence, August 15, 2022.
- Quoted, “Driver’s License Privacy Claims Face High Bar in Data Lawsuits,” Bloomberg Law, April 13, 2022.
- Quoted, “The Biggest Privacy Developments Of 2021”, Law 360, December 21, 2021.
- Quoted, “Why is the energy sector so vulnerable to hacking?”, ITPro, October 7, 2021.
- Quoted, “White Castle Biometric Privacy Case to Shape Litigation Landscape”, Bloomberg Law, September 7, 2021.
- Quoted, “New York Financial Regulator Seen Keeping Climate, Cyber Priorities When New Head is Named”, Thomson Reuters Regulatory Intelligence, August 27, 2021.
- Quoted, “Courts order handover of breach forensic reports in trend welcomed by consumers, feared by defendants”, Cyberscoop, August 4, 2021.
- Quoted, “Supreme Court’s TransUnion Ruling Curbs Consumer Privacy Claims”, Bloomberg Law, June 28, 2021.
- Quoted, “Florida Close to Passing Privacy Law as Deadline Looms,” Bloomberg Law, April 29, 2021.
Recent Speaking Engagements
- Speaker, “AI and Biometrics Privacy: Trends and Developments,” IAPP, June 2, 2022.
- Speaker, “Railroad Risk Management Roundtable Series-Cybersecurity,” February 3, 2022.
- Speaker, “Defending Work Product Status and Attorney-Client Privilege of Forensic Reports,” webinar hosted by Lawline, January 11, 2022.