{{insights.date}}
{{insights.type}}
{{insights.contentTypeTag}}
Kristin L. Bryan
Partner
Kristin Bryan is a uniquely talented litigator with deep expertise representing clients in complex bet-the-company disputes in litigation and arbitration across the US, including in mass arbitrations and putative class actions. Kristin was recognized as a Law360 MVP (a designation given to only five attorneys nationally for her practice area) for obtaining dismissals of numerous significant data litigations, in which plaintiffs collectively sought over US$280 billion in liquidated statutory damages for claims that her client’s business practices violated federal and state privacy laws.
Trusted for her pragmatic judgment, Kristin is go-to outside litigation counsel for numerous publicly traded companies.
She is a leader and integral member of the firm’s privacy litigation team, which was ranked #4 in 2024 among all law firms by Global Data Review. Kristin has broad experience defending data privacy, biometric, cybersecurity and data breach disputes across the country, having handled such cases for the duration of her legal career which started at Debevoise & Plimpton in New York.
Kristin has litigated cases brought under the Electronic Communications Privacy Act (ECPA), the Video Privacy Protection Act (VPPA), the Driver’s Privacy Protection Act (DPPA), the Fair Credit Reporting Act (FCRA), the Computer Fraud and Abuse Act (CFAA), the California Consumer Privacy Act (CCPA), the California Invasion of Privacy Act (CIPA) and the Illinois Biometric Privacy Act (BIPA), among others. Kristin has also efficiently resolved privacy and cybersecurity class actions concerning deceptive trade practice and breach of fiduciary duty claims. She is experienced in defending companies in putative class actions and in JAMS/AAA arbitrations concerning their privacy practices.
Kristin has advised clients concerning privacy issues implicated by the use of facial recognition technology and AI. She has represented clients in data breach litigations regarding the alleged disclosure of personal information and protected health information regulated under the Health Insurance Portability and Accountability Act (HIPAA). She is editor-in-chief of the firm’s award-winning data privacy blog Privacy World and has published over 350 articles on developments regarding data privacy and cybersecurity.
Kristin is a Certified Information Privacy Professional (CIPP/US) and a leader in the data privacy and cybersecurity community. She has held a number of executive positions with the International Association of Privacy Professionals (IAPP), including with the Privacy Bar Advisory Board, and was selected to participate in the IAPP’s 2022 Leadership Retreat. Kristin is also vice-chair of the American Bar Association’s Cybersecurity and Data Privacy Committee.
- Obtaining dismissal on behalf of an insurance software provider in three competing federal class action litigations where plaintiffs sought to represent over 27 million putative class members and demanded over US$69 billion in statutory liquidated damages, as well as other relief concerning allegations that the provider stored drivers’ license information on unsecured external servers in violation of federal and state privacy laws. One of the cases was appealed to the Fifth Circuit, where in a case of first impression among the federal circuits, the court held that the alleged storage of information on an unsecured external server did not support a claim under the federal Driver’s Privacy Protection Act.
- Defending commercial website operators in dozens of cases involving claims brought under state and federal wiretap laws as well as under the federal Video Privacy Protection Act concerning the alleged unauthorized disclosure of individuals’ personal information to third party advertisers, in both civil litigation and JAMS/AAA arbitration.
- Defending multiple companies offering facial recognition and AI-based technologies in litigation concerning purported violation of the Illinois Biometric Information Privacy Act, among other claims.
- Efficiently resolving two competing federal cybersecurity litigations brought against a healthcare institution concerning the alleged disclosure of personal information and protected health information under HIPAA, in relation to a data event involving a third-party services provider. Kristin obtained, along with the rest of the team, a ruling that her client was exempt from potential liability under the Florida Deceptive and Unfair Trade Practices Act.
- Obtaining a dismissal after opposing class certification of putative class action filed in California federal court against a lending institution, concerning claims under the Fair Credit Reporting Act and the California Consumer Credit Reporting Agencies Act.
- Defending a healthcare provider in privacy litigation concerning breach of fiduciary duty and other common law tort claims regarding the alleged unauthorized access and redisclosure of the plaintiff’s personal health record.
- Representing a media company in multidistrict privacy litigation that went to Third Circuit Court of Appeals concerning allegations that the media company and co-defendant Google used cookies to track the online behavior of website visitors, including minors, in violation of federal and state privacy laws.
- Representing a website operator in a state attorney general privacy investigation regarding the website operator’s marketing and ad sales practices.
Education
- Columbia Law School, J.D., 2010
- Dartmouth College, B.A., 2007
Admissions
- Ohio, 2016
- New York, 2011
Courts
- U.S. Dist. Ct., Dist. of Colorado
- U.S. Dist. Ct., N. Dist. of New York
- U.S. Dist. Ct., S. Dist. of New York
- U.S. Dist. Ct., N. Dist. of Ohio
Memberships & Affiliations
- Former Co-Chair, IAPP KnowledgeNet Chapter
- Vice-Chair of the ABA’s Cybersecurity and Data Privacy Committee
- Named as a leading author in the Lexology Legal Influencers Q3 2022 for Technology, Media and Telecommunications (TMT) – US
- Ranked as a Cybersecurity & Privacy MVP by Law360 2022
- Recognized as a leading author in the Lexology Legal Influencers Q3 2021 for Technology, Media and Telecommunications (TMT) – US
- Recognized in Best Lawyers: Ones to Watch in America 2021-2025 for Commercial Litigation
- Quoted, “US Regulators Take Consumer Data Protection Into Their Own Hands,” VIXIO Regulatory Intelligence, August 15, 2022.
- Quoted, “Driver’s License Privacy Claims Face High Bar in Data Lawsuits,” Bloomberg Law, April 13, 2022.
- Quoted, “The Biggest Privacy Developments Of 2021,” Law 360, December 21, 2021.
- Quoted, “Why is the energy sector so vulnerable to hacking?,” ITPro, October 7, 2021.
- Quoted, “White Castle Biometric Privacy Case to Shape Litigation Landscape,” Bloomberg Law, September 7, 2021.
- Quoted, “New York Financial Regulator Seen Keeping Climate, Cyber Priorities When New Head is Named,” Thomson Reuters Regulatory Intelligence, August 27, 2021.
- Quoted, “Courts order handover of breach forensic reports in trend welcomed by consumers, feared by defendants,” Cyberscoop, August 4, 2021.
- Quoted, “Supreme Court’s TransUnion Ruling Curbs Consumer Privacy Claims,” Bloomberg Law, June 28, 2021.
- Quoted, “Florida Close to Passing Privacy Law as Deadline Looms,” Bloomberg Law, April 29, 2021.
Recent Speaking Engagements
- Speaker, “Federal Privacy and Cybersecurity Update,” Cleveland Marshall Annual Privacy and Cybersecurity Conference, April 20, 2023.
- Speaker, “The Expanding Landscape of Biometric Data Law: Where We Are and What’s to Come,” Lexology Masterclass, March 28, 2023.
- Speaker, “Federal Privacy Legislation: Within Reach After a Decade of Debate. If So, What Next?,” Lexology Masterclass, December 7, 2022.
- Speaker, “AI and Biometrics Privacy: Trends and Developments,” IAPP, June 2, 2022.
- Speaker, “Railroad Risk Management Roundtable Series-Cybersecurity,” February 3, 2022.
- Speaker, “Defending Work Product Status and Attorney-Client Privilege of Forensic Reports,” webinar hosted by Lawline, January 11, 2022.