Data Privacy, AI & Cybersecurity

We counsel businesses on AI compliance, regulatory and risk management matters as both a developer of AI and as user of AI. Our lawyers support clients in the use of AI platforms across employment, healthcare, advertising, financial services, advertising, education, insurance, bankruptcy and other verticals. We design and develop AI compliance programs, provide guidance on procurement and contractual best practices, counsel on AI intellectual property risks, advise on AI-related regulatory issues for mergers and acquisitions, and advise Boards of Directors on AI risk. Whether launching an AI product, developing an AI internal use strategy, or auditing an existing system, we help clients align innovation with accountability and governance.

We advise companies on compliance with Illinois’ Biometric Information Privacy Act (BIPA), one of the most litigated privacy statutes in the U.S. Our team counsels on notice, consent, retention, and vendor requirements for the collection and use of biometric identifiers such as fingerprints, facial scans, and voice data. We also defend clients in high-stakes BIPA litigation, including consumer class actions, and help develop workplace and operational policies that reduce risk while enabling the responsible use of biometric technologies.

We take a proactive approach to cybersecurity, helping businesses prepare for, and respond to, data breaches and digital threats. We assist with incident response plans, regulatory compliance, cyber insurance reviews, and board-level risk training. In the event of a breach, we coordinate forensic investigations, notification protocols, and regulatory reporting to minimize reputational and legal impact.

Data breaches frequently lead to class action lawsuits seeking statutory or liquidated damages under state and federal privacy laws. These cases can involve claims under statutes such as BIPA, CCPA, FCRA, and state breach notification laws, often paired with common law theories. Hinshaw defends companies across industries in these high-stakes matters, leveraging extensive experience in privacy and consumer protection litigation.

Our attorneys have handled hundreds of privacy class actions, including cases before federal appellate courts and state supreme courts. We focus on cost-effective strategies, from early motion practice to class certification challenges, and we tailor defense approaches to each client’s business, risk profile, and reputational concerns. Drawing on our litigation strength and regulatory insight, we help companies navigate breach-related class actions efficiently and protect their brands in an evolving privacy landscape.

We guide clients through every stage of a breach, from immediate containment to long-term remediation. Our lawyers coordinate forensic investigations, design notification strategies, and manage communications with regulators, customers, and business partners. We also defend companies in resulting litigation and regulatory actions, ensuring that both compliance obligations and reputational risks are addressed.

Hinshaw guides clients in designing data management policies and data strategies and building data driven products aligned with their legal obligations and operational risk. Our lawyers work across teams to help companies meet expectations from regulators, customers, and business partners in a data-driven economy.

We help companies create and maintain robust programs that meet domestic and global standards. Our team advises on a full range of 19 and counting state comprehensive privacy laws, regulations, and enforcement actions, as well as international frameworks such as the General Data Protection Regulation (GDPR). We also counsel on federal and state industry-specific laws such as GLBA, BIPA, FACTA, FCRA, VPPA, FERPA, HIPAA, TCPA, CAN-SPAM, and AI transparency acts. We support clients in building internal governance programs, managing regulatory concerns for programmatic advertising and across advertising’s changing ecosystem, managing third-party data flows, and aligning marketing, HR, and customer operations with evolving privacy obligations.

While technology  transformation creates opportunities for innovation, it also introduces significant legal risks to your business. At Hinshaw, we help clients stay compliant, secure, and prepared for what’s next. If you’re licensing a new technology or acquiring a new division, our lawyers deliver strategies that support trust and long-term resilience and can help support your data driven technology transactions.

Privacy and data protection class actions are among the fastest-growing areas of consumer litigation, with claims often tied to statutes such as BIPA, CCPA, TCPA, and California’s Invasion of Privacy Act (CIPA), as well as wiretapping claims based on website session replay and similar technologies. Hinshaw defends companies in privacy class actions across industries, bringing deep experience in motion practice, class certification challenges, settlement strategy, and trial defense. Our team combines litigation strength with regulatory knowledge to develop strategies that reduce exposure, resolve disputes efficiently, and protect client reputation in the courts and the marketplace.

Hinshaw has decades of experience counseling on TCPA compliance and defending clients in high-stakes TCPA litigation, including nationwide class actions. We draft consent disclosures, policies, procedures, and training materials, and we advise on risk mitigation strategies for marketing, servicing, and collections activities. Our team also advocates before the FCC and courts on TCPA-related rulemaking and challenges.

We defend media, streaming, retail, and technology companies in class actions and regulatory investigations brought under the VPPA. These claims often challenge the use of online tracking technologies—such as cookies, pixels, and analytics tools—alleging unauthorized disclosure of video viewing information. Our attorneys bring deep experience challenging standing, defeating class certification, and negotiating favorable resolutions. We also counsel clients on VPPA compliance strategies, including consent frameworks and vendor contracts, to reduce exposure in this fast-evolving area.

Websites and mobile platforms are under heightened scrutiny for how they collect and share consumer information. Plaintiffs’ lawyers are targeting practices involving session replay, chat tools, cookies, and other tracking technologies through claims under state privacy and wiretapping statutes. Hinshaw counsels companies on disclosure and consent frameworks, vendor agreements, and privacy policies that meet regulatory expectations while supporting digital engagement. We also defend clients in class actions and enforcement actions tied to website data practices, helping businesses balance compliance, consumer trust, and operational needs.