Kristin Bryan is a litigator with deep expertise representing clients in complex bet-the-company data privacy, cybersecurity and data breach disputes in federal and state courts nationwide. She has obtained dismissals of numerous significant data privacy and cybersecurity litigations, in which plaintiffs collectively sought over US$280 billion in liquidated statutory damages for claims that her client’s business practices violated federal and state privacy laws.
Kristin is a pragmatic litigator and integral member of the firm’s privacy litigation team, which was ranked #2 in 2022 among all law firms by Global Data Review. She has broad experience defending data privacy, cybersecurity and data breach disputes across the country, including in the class action and multidistrict litigation context. Kristin has litigated cases brought under the Electronic Communications Privacy Act (ECPA), the Video Privacy Protection Act (VPPA), the Driver’s Privacy Protection Act (DPPA), the Fair Credit Reporting Act (FCRA), the Computer Fraud and Abuse Act (CFAA), the California Consumer Privacy Act (CCPA), the California Invasion of Privacy Act (CIPA) and the Illinois Biometric Privacy Act (BIPA), among others. Kristin has also efficiently resolved privacy and cybersecurity class actions concerning deceptive trade practice and breach of fiduciary duty claims. She is also experienced in defending website operators in putative class actions and in JAMS/AAA arbitrations concerning their privacy practices for claims brought under state wiretap laws and other theories of liability.
Kristin has advised clients concerning privacy issues implicated by the use of facial recognition technology and AI. She is currently defending a case concerning an AI consumer-facing platform in federal court in Illinois and recently opposed class certification. Kristin has represented clients in data breach litigations regarding the alleged disclosure of personal information and protected health information regulated under the Health Insurance Portability and Accountability Act (HIPAA). As part of her litigation practice, Kristin also advises clients on their most sensitive business, cybersecurity/privacy diligence and data breach issues, and in state and federal regulatory investigations regarding their privacy practices. She is editor-in-chief of the firm’s award-winning data privacy blog Consumer Privacy World and has published over 350 articles on developments regarding data privacy and cybersecurity.
Kristin is a Certified Information Privacy Professional (CIPP/US) and a leader in the data privacy and cybersecurity community. She holds a number of executive positions with the International Association of Privacy Professionals (IAPP), including with the Privacy Bar Advisory Board, is co-chair of her local KnowledgeNet Chapter, and was selected to participate in the IAPP’s 2022 Leadership Retreat. Kristin is also vice-chair of the American Bar Association’s Cybersecurity and Data Privacy Committee and on the ABA’s 11-member Technology and New Media Standing Committee.
Prior to joining the firm, Kristin practiced for five years at an international law firm in New York, specializing in data strategy and security.
Recent Speaking Engagements