Lydia de la Torre provides strategic privacy compliance advice related to US and EU privacy, including data protection and cybersecurity law, General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), other state’s privacy and cyber laws, US financial privacy laws, and marketing and advertising compliance, as well as information security. She also represents clients in investigations with an eye toward helping them avoid litigation.

    Lydia’s work in-house and with organizations has run the gamut, from pre-IPO start-ups to mature Fortune 500 companies, in a multitude of industries, including e-commerce, fintech and computer hardware. This experience has provided her with a direct understanding of client concerns.

    Before joining the firm, Lydia served as co-director of the Santa Clara Law School Data Privacy Certificate Program, where she continues to teach privacy law.

    Lydia is a frequently invited speaker on privacy-related topics, such as the freedom of speech implications of privacy laws, ethics and privacy, the application of privacy laws to blockchain technology, financial privacy laws and the CCPA. She is also a prolific writer and has been published in a variety of outlets, from mainstream media to privacy and legal publications. She is the editor of Golden Data, a Medium publication focused on data laws.

    Lydia is a member of the California Lawyers Association’s Antitrust and Privacy Section and an adjunct professor at Santa Clara Law School.

    Award Mouse thought multimedia interface book medal screen monitor
    • Assessing the ability of organizations to comply with privacy laws (including GDPR and CCPA), conducting gap assessments, and creating pragmatic roadmaps to build the processes and resources required in a manner tailored to the organization’s unique circumstances.
    • Identifying and designing strategies to comply with EU and US data transfer requirements, including drafting and negotiating service provider contracts compliant with Privacy Shield, GDPR and cybersecurity requirements, and intra-group data transfer agreements.
    • Providing advice on the privacy implications related to mergers and acquisitions involving databases and implementing strategies for compliance with legal requirements.
    • Advising on US financial privacy compliance, including GLBA, CalFIPPA, PCI-DSS, etc.
    • Advising clients on legal requirements related to data security, counseling them through incidents and data breaches, and representing them before administrative authorities with an eye toward avoiding litigation.


    • Universidad Complutense de Madrid, J.D.
    • Centro de Estudios Garrigues, LL.M.
    • Santa Clara University, School of Law, L.L.M.


    • California, 2011
    • Madrid, 1997


    • Spanish
    • English

    {{}} {{insights.source}} {{insights.type}}
    {{blog.title}} {{blog.source}}

    • Global Data Review, “California passes final version of CCPA, but questions remain,” September 16, 2019.
      Legislators have put their finishing touches on the California Consumer Privacy Act, but parts of the law will remain unclear pending guidance from its enforcer. In a move that was unexpected to some, legislators also passed an amendment requiring data brokers to register with the California attorney general. Squire Patton Boggs of counsel Lydia de la Torre deemed this amendment the “surprise of the night” in terms of last-minute amendments. While businesses and consumers have a clearer picture of the CCPA now that the time for amending the law is through, “what we really need is more guidance from [California Attorney General Xavier Becerra],” de la Torre said. “We have to go from the general description of the requirements to something more developed.” With all this work remaining outstanding, the CCPA will nonetheless come into force on 1 January – though de la Torre said she expects the attorney general to declare a grace period for companies to comply with the CCPA before his office starts levying enforcement actions.
    • The Recorder, “How Changes to California's Data-Privacy Rules Would Affect Employers,” September 14, 2019.
      State lawmakers have sent to Gov. Gavin Newsom what will likely be the final amendments to the California Consumer Privacy Act before the landmark data-privacy bill goes into effect on Jan. 1. “The most significant thing about CCPA amendments is actually that very few changes will take place,” said Lydia de la Torre, of counsel at Squire Patton Boggs. “Most bills were defeated and the changes are modest.”

    • Moderator, “California Consumer Privacy Act (CCPA) – Impact on Data-Driven Innovation,” sponsored by The Hive & Swissnex San Francisco. Palo Alto, California, February 20, 2020.
    • Author, “What Is “Personal Information” Under CCPA?” The California Lawyers Association, October 2, 2019.
    • Co-author, “CCPA Myth Buster: Not All Records Count,” IAPP –The Privacy Advisor, October 1, 2019.
    • Panelist, “NIST Draft Privacy Framework,” IAPP KnowledgeNet event, co-sponsored by CLA, August 2019.
    • Panelist, “Medios de Pago,” Argentina FinTech Law 2019 Conference, June 2019.
    • Keynote, “GDPR in the USA – Is your organization ready?” IAITAM CXO Conference, May 2019.
    • Author, “Blockchain: Challenges and solutions for compliance with GDPR,” Practicing Law Institute Course Handbook for the 20th Annual Conference on Privacy and Data Security Law, May 2019.
    • Panelist, “The privacy and security challenges of new technologies,” PLI’s Institute on Privacy and Data Security Law 2019 Conference, May 2019.
    • Panelist, “Privacy Law: Who let the data out? Data protection and privacy law in the 2020s” (led by Honorable Beth Labson Freeman), Northern District of California Judicial Conference 2019, April 2019.
    • Panelist, “Ethics and Privacy,” SCCE Regional Conference, March 2019.
    • Testimony, Testified before the California Senate Judiciary Committee on what is GDPR and how it differs from CCPA, March 2019.
    • Panelist, “CCPA v. GDPR,” Santa Clara Law School, Markula Center for Applied Ethics and the CLA Antitrust and Privacy Section, March 2019.
    • Author, “What does ‘valuable consideration’ mean under CCPA?” IAPP, December 6, 2018.
    • Panelist, “Mars meets Venus: How do we balance innovation and regulation,” “Privacy: The new transformation for the Silicon Valley,” co-sponsored by Squire Patton Boggs and SPJ, November 2018.
    • Panelist, “The California Consumer Privacy Act,” co-sponsored by the Santa Clara Law School University, CLA Antitrust and Privacy Section and the IAPP, November 2018.
    • Panelist, “Open Access, Privacy, Court Records and the Right to be Forgotten,” Santa Clara University Law Library event, October 2018.
    • Panelist, “Potential impact of the California Consumer’s Privacy Act,” Today’s General Counsel Institute’s “The exchange” eDiscovery San Francisco Conference, October 2018.
    • Panelist, “The California Consumers Privacy Act of 2018,” Net Diligence Conference – Cyber Risk Summit, Santa Monica, California, October 2018.
    • Panel dialogue leader, “The California Consumer Privacy Act - What impacts can be expected on companies and consumers through the US,” Sedona Conference (WG11), September 2018.
    • Author, “GDPR matchup: The California Consumer Privacy Act of 2018,” IAPP, July 31, 2018.

    Award Mouse thought multimedia interface book medal screen monitor