Data, Privacy and Cybersecurity

Leading companies turn to us for their most sensitive and high-stakes data, privacy, and cybersecurity matters. We work at the forefront of new technologies and global regulation, helping clients manage risk, respond to scrutiny, and move forward with confidence.

Subscribe to receive our insights.

Data, AI, and cybersecurity issues now shape core business decisions. Organizations are navigating evolving regulation, deploying new technologies, and managing enterprise risk across multiple jurisdictions at once. With more than 100 lawyers worldwide, our global Data, Privacy and Cybersecurity team helps clients govern and use data responsibly, respond to incidents and regulatory scrutiny, and advance digital initiatives in ways that support growth. We combine regulatory insight, technical understanding, and practical experience to advise on high-stakes matters and long-term strategy, delivering coordinated guidance that reflects how these challenges play out across markets and industries.

Cybersecurity and Incident Response

Regulatory Investigations and Enforcement

Artificial Intelligence and Digital Regulation

Health and Life Sciences Privacy

Data and AI in Transactions

Sector-focused Solutions

Data and National Security

Data and Technology Governance

Technology and Digital Policy

We help organizations develop and execute global data strategies that align with fast-moving privacy, cybersecurity, and AI regulation. Our team advises on governance frameworks, cross-border data use, and enterprise risk management, helping clients operate confidently across jurisdictions while supporting growth and innovation.

We work with boards and senior leadership to design practical programs that withstand regulatory scrutiny and adapt to change. From monitoring legislative developments and engaging with regulators to implementing day-to-day controls, we provide coordinated guidance that strengthens resilience, reduces risk, and enables responsible use of data at scale.

When a cyber incident puts your organization at risk, we move quickly to contain exposure, meet legal obligations, and protect your reputation. We have led responses to some of the most complex and high-profile breaches globally and advise boards and executives on preparedness, resilience, and real-time crisis management.

Our support spans the full incident lifecycle:

Rapid response and coordination across jurisdictions
Retaining forensic and technical vendors under privilege
Internal investigations and risk assessments for leadership and boards
Engagement with regulators, law enforcement, and key stakeholders
Crisis management, communications, and disclosure strategy
Guidance on global notification and regulatory obligations
Defense of follow-on litigation, enforcement actions, and class claims

From ransomware and data theft to nation-state and operational threats, we deliver coordinated, global response and practical guidance when it matters most.

When regulators come calling, companies turn to us. We defend organizations in high-stakes investigations and enforcement actions brought by state attorneys general, federal regulators, and global data protection authorities. Much of our work is resolved before it ever becomes public, with early, strategic engagement that protects our clients’ business, reputation, and relationships with regulators.

Our team has deep experience managing parallel inquiries, responding to civil investigative demands, and coordinating strategy across jurisdictions. From state AG investigations to global enforcement risk, we deliver decisive, discreet defense grounded in real regulatory insight and a track record on the most sensitive matters.

Learn more

We are at the forefront of global AI governance and digital regulation, advising leading companies on how to deploy AI responsibly and at scale. Our team helps organizations design and operationalize governance frameworks, navigate fast-moving rules like the EU AI Act, and manage risk across jurisdictions while continuing to innovate.

Learn more

We advise leading health care and life sciences organizations on complex privacy and cybersecurity issues tied to clinical care, research, and digital innovation. Our team guides clients through HIPAA, HITECH, and global health data laws while addressing emerging risks around AI, connected devices, and advanced analytics. We help design modern governance programs, respond to incidents and investigations, and protect sensitive health data so clients can innovate and operate with confidence.

Data, privacy, and cybersecurity considerations are central to today’s business deals. We help clients identify and address these issues in corporate and commercial transactions, whether negotiating technology and data-sharing agreements, structuring outsourcing arrangements, or evaluating risks in strategic partnerships and acquisitions. Our team ensures that data protection and security obligations are built into contracts from the start, safeguarding value and reducing exposure across industries and jurisdictions.

Data, AI, and cybersecurity risks play out differently across industries, and our advice reflects the realities of each sector. We support leading financial institutions, fintech, life sciences companies, health systems, technology platforms, and global consumer brands on their most sensitive data and cyber challenges.

We advise on the fast‑evolving intersection of data, technology, and national security, including safeguarding sensitive data from foreign access, navigating emerging U.S. controls on cross‑border data‑related transactions, assessing risks tied to foreign technology platforms and critical infrastructure, and addressing AI‑driven threats to data integrity and national‑security operations.

We help organizations build accountable, resilient governance frameworks for data and emerging technologies, including AI governance and model‑risk oversight, cross‑border data controls, data‑lifecycle and stewardship structures, third‑party and platform governance, and cybersecurity and operational‑resilience requirements that ensure responsible and compliant technology use.

We advise on the rapidly evolving global policy landscape governing data and emerging technologies, drawing on close relationships with regulators across U.S. federal and state governments as well as key international jurisdictions. Our work spans AI rulemaking, cross border data flows, platform accountability, cybersecurity and critical infrastructure requirements, and national security driven technology restrictions. We also closely monitor fast moving U.S. state level initiatives that increasingly shape national and international policy. This enables clients to anticipate regulatory shifts, engage effectively with policymakers worldwide, and influence outcomes that determine how data and technology can be developed, deployed, and governed.

Hear from our clients and industry leaders

The team is pragmatic, responsive and client-focused. They balance strong data privacy expertise with practical advice tailored to business realities, not legal theory.

Chambers & Partners, Global Guide, 2026

The team takes a nuanced and strategic approach, delivering practical, business-focused solutions that reflect both legal precision and commercial realities.

Chambers & Partners, Global Guide, 2026

Their global reach and deep bench of experts mean they can advise on just about any matter."

Chambers & Partners, Global Guide, 2025

Hogan Lovells has a deep understanding of relevant data privacy and security requirements and provide practical advice which is of the utmost importance when trying to implement laws often unclear and vague."

Chambers & Partners, USA Guide, 2025

I have complete trust in Hogan Lovells during complex technical and sophisticated matters. It’s evident the firm ensures their team are educated on trends and the impacts of the industry on their clients."

Chambers & Partners, USA Guide, 2025

Key contacts

Eduardo Ustaran

Partner

Eduardo Ustaran

Partner

London

Scott T. Loughlin

Partner

Scott T. Loughlin

Partner

Washington, D.C.

Meet the Data, Privacy and Cybersecurity team

Resources

Digital Client Solutions

The Data Chronicles

This multimedia series is dedicated to the ever-changing legal and regulatory developments in the world of data, privacy, and cybersecurity.

Learn more

Digital Client Solutions

Chronicle of Data Protection

Global insight, legal foresight: Data, privacy and cybersecurity unlocked

Learn more

Insights

Follow the Sun

Global perspectives on the future of data, privacy, and cybersecurity

Learn more

Future of Digitalization

Connected Life

Enabling ecosystems that connect the world

Learn more

Digital Client Solutions

AI Act Applicability Resources

The EU AI Act is here. Your AI compliance journey starts now.

Learn more

Digital Client Solutions

AI Hub

As innovation surges, the AI landscape is evolving rapidly. Our interactive AI Hub serves as a central resource covering the latest trends and developments.

Learn more

Digital Client Solutions

Digital Transformation Academy

Embrace the digital transformation impacting organizations, and today's society, with our comprehensive academy.

Learn more

Representative experience

Hogan Lovells conducted a comprehensive review of client data privacy and security practices of Bloomberg L.P., culminating in a public report.

We assessed Uber’s customer data privacy program, and made recommendations following negative media reports.

Our team regularly counsels companies on EU privacy developments and compliance strategies, including for the cross-border transfer of personal data.

Engaged in a 120-country analysis of privacy laws relevant to financial institutions and consulting services for a consulting firm.

We performed an intensive review of privacy safeguards, and prepared a strategic plan for a defense contractor's privacy and data protection program.

Our team advised a leading payment card issuer on privacy and data security contracting issues relating to the launch of a mobile payments platform.

We represented the Future of Privacy Forum in FTC, FCC, NIST, and state regulatory actions concerning smart grid, broadband, and other emerging issues.

Our team was recognized by The Financial Times, which shortlisted us for its 2015 North America Innovative Lawyers competition.

Awards and recognitions

Band 1 for Data Protection

Chambers & Partners, Global Guide

2013-2026

Band 1 for Data Protection

Chambers & Partners, Europe Guide

2020-2025

Band 1 for Privacy and Data Security: The Elite

Chambers & Partners, USA Guide

2011-2025

Band 1 for Data Protection and Information Law

Chambers & Partners, UK Guide

2021-2025

Band 1 for TMT: Data Protection

Chambers & Partners, Asia-Pacific Guide

2024-2025

Recognized as a top firm for Privacy and Data Security: Healthcare

Chambers & Partners, USA Guide

2019-2025

Tier 1 for UK Data Protection

Legal 500 UK

2019-2025

Data Protection and Cybersecurity – Hong Kong

Legal 500 Asia-Pacific

2025

Privacy and Data Security Law Firm of the Year

Chambers & Partners USA

2015, 2017, 2022

Navigate change with our latest insights

KSA REAL ESTATE LEGAL LANDSCAPE – HOW IT ALL BEGAN AND WHERE WE ARE TODAY

26 May 2026

News

The Data Chronicles | AI disputes and enforcement in the U.S.

02 April 2026

News

The Data Chronicles | DOJ’s cybersecurity fraud initiative

26 March 2026

Insights and Analysis

Mile‑High machine learning: New policy framework would significantly alter Colorado AI Act

23 March 2026

Insights and Analysis

FTC COPPA workshop and policy statement promote flexibility for use of age verification technologies

19 March 2026

News

FTC seeks public comment on potential changes to Negative Option Rule

13 March 2026

Insights and Analysis

EU Digital Omnibus – Where simplification is likely and what businesses should plan for

09 March 2026

View more insights and analysis

Chronicle of Data Protection

Global insight, legal foresight: Data, privacy and cybersecurity unlocked.

Learn more

You may also be interested in...

Awards & rankings

Hogan Lovells strengthens its position in Legal 500 Latin America: Mexico 2026

30 October 2025

Select Hong Kong 2025

Hogan Lovells Events

Select Hong Kong 2025

14 October 2025 | 8:45 a.m. - 3:30 p.m. (HKT)

Compliance Across Borders: Transatlantic Considerations for EU Privacy Pros

Sponsorships and Speaking Engagements

Compliance Across Borders: Transatlantic Considerations for EU Privacy Pros

Thursday 25 September 2025 | 04.30 pm - 07.00 pm CEST

Press releases

Hogan Lovells advises Lürssen on the sale of its naval division NVL to Rheinmetall

17 September 2025

Press releases

Hogan Lovells advises JTL-Software on the acquisition of Bringly

26 August 2025

Strafford Webinar - DOL Withdrawal of Current Guidance for Retirement Plan Investments: Private Equity, Cryptocurrency, and ESG Investing

Sponsorships and Speaking Engagements

Strafford Webinar - DOL Withdrawal of Current Guidance for Retirement Plan Investments: Private Equity, Cryptocurrency, and ESG Investing

26 August 2025 | 1:00 p.m. - 2:30 p.m. (ET)

Awards & rankings

Partner Vassi Iliadis named in Bloomberg's 40 Under 40 list

13 August 2025

TechReg Talks Webinar Series | Under the Lens: Navigating Tech Regulatory Investigations

Hogan Lovells Events

TechReg Talks Webinar Series | Under the Lens: Navigating Tech Regulatory Investigations

22 July 2025 | 1:00 - 2:00 p.m. (ET)

Press releases

Hogan Lovells advises Azerion on the sale of Whow Games to DoubleDown Interactive

11 July 2025

Awards & rankings

Hogan Lovells recognized as one of the most innovative law firms of the past 20 years by the Financial Times

25 June 2025

UK AI Summit: AI Investment & Law

Hogan Lovells Events

UK AI Summit: AI Investment & Law

22 May 2025 | 12:00 p.m. - 7:30 p.m. (BST)

AI Health Law Policy Summit 2025

Hogan Lovells Events

AI Health Law Policy Summit 2025

29 April 2025 1:30 p.m. (ET) - 30 April 2025 3:00 p.m. (ET)

DOJ’s Civil Cyber-Fraud Initiative: FCA risk in a new era of enforcement

Hogan Lovells Events

DOJ’s Civil Cyber-Fraud Initiative: FCA risk in a new era of enforcement

10 April 2025 | 1:00 p.m. - 2:30 p.m. (EDT)

Press releases

Hogan Lovells advises Cerralvo Capital on €50 million investment in Herchenbach

17 March 2025

Press releases

Hogan Lovells reports strong, steady growth driven by key, strategic investments across its practices, sectors, and regions — achieving nearly US$3 billion in global revenue

06 March 2025

Press releases

Hogan Lovells advises Trilantic Europe ETI on the acquisition of all shares in Axicom

11 February 2025

DOJ Restricts Bulk Data Transfers to China and Other Countries of Concern

Hogan Lovells Events

DOJ Restricts Bulk Data Transfers to China and Other Countries of Concern

11 February 2025 | 1:00 p.m. - 2:00 p.m. (EST)

Press releases

Hogan Lovells continues expansion in Singapore with leading cybersecurity hire, Charmian Aw

10 February 2025

Press releases

Hogan Lovells launches flagship Geopolitical Risk and National Security initiative

06 February 2025

Breakfast Seminar Life Sciences: Update regulatory ontwikkelingen in Nederland en de EU

Hogan Lovells Events

Breakfast Seminar Life Sciences: Update regulatory ontwikkelingen in Nederland en de EU

6 February 2025 | 9:00 a.m. - 10:30 a.m. (CET)

Life Sciences 4.0: The EU AI Act unfolded

Hogan Lovells Events

Life Sciences 4.0: The EU AI Act unfolded

Webinar 1: 8 October 2024, 2:00 p.m. - 3:00 p.m. (CET) | Webinar 2: 3 December 2024, 3:00 p.m. - 4:00 p.m. (CET) | In-person event: 30 January 2025, 12:00 p.m. - 5:00 p.m. (CET)

NRF 2025: Retail’s Big Show

Sponsorships and Speaking Engagements

Retail Law & Risk Workshop: Protecting your retail business from insider threats

6 June 2024 | 1:20 p.m. - 2:20 p.m. (PT)

Press releases

Hogan Lovells advises Waste Management Inc on its $7.2 billion take-private acquisition of Stericyle Inc

05 June 2024

AI Webinar Series: The evolving AI legal landscape for the Technology and Telecoms sectors

Hogan Lovells Events

AI Webinar Series: The evolving AI legal landscape for the Technology and Telecoms sectors

29 May 2024 | 12:00 p.m. - 1:15 p.m. (ET)

AI Health Law & Policy Summit

Hogan Lovells Events

Sponsorships and Speaking Engagements

ACI’s Cybersecurity Law and Compliance

29 February 2024 | 11:15 a.m. - 12:15 p.m. (ET)

Press releases

Hogan Lovells welcomes the New Year with 28 new partner and 59 new counsel promotions

04 January 2024

Hogan Lovells Financial Institutions Sector Event

Hogan Lovells Events

Hogan Lovells Financial Institutions Sector Event

14 November 2023 | 3:15 p.m. - 8:00 p.m. (HKT)

Global Class Actions to host State of Play Series focused on the UK

Hogan Lovells Events

Global Class Actions to host State of Play Series focused on the UK

9 November 2023 | 2:00 p.m. - 3:00 p.m. (GMT)

Press releases

Hogan Lovells counsels Meharry and The Diaspora Human Genomics Institute in academic-industry collaboration to promote genomics research equity

31 October 2023

Press releases

Hogan Lovells Events

Launch Seminar: Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2023

1 June 2023 | 12:15 p.m. - 2:00 p.m. (GMT +8)

Launch Seminar: Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2023

Hogan Lovells Events

Launch Seminar: Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2023

1 June 2023 | 12:15 p.m. - 2:00 p.m. (GMT +8)

Marketing with Health Data: A discussion of the current state and uncertainty of how and when health and life sciences companies may use health or other sensitive data in connection with marketing, advertising and other promotional activities in the U.S.

Hogan Lovells Events

Marketing with Health Data: A discussion of the current state and uncertainty of how and when health and life sciences companies may use health or other sensitive data in connection with marketing, advertising and other promotional activities in the U.S.

1 June 2023 | 1:00p.m. - 2:00 p.m. (ET)

Hogan Lovells Events

Marketing with Health Data: A discussion of the current state and uncertainty of how and when health and life sciences companies may use health or other sensitive data in connection with marketing, advertising and other promotional activities in the U.S.

1 June 2023 | 1:00p.m. - 2:00 p.m. (ET)

Press releases

Hogan Lovells launches cross-practice, cross-sector Global AI Trends Guide for 2023

31 May 2023

Press releases

Hogan Lovells partner gives testimony to UK Parliament on the future of data privacy

24 May 2023

Biomed Israel: 2023 Regulatory outlook: Medical technology trends shaping the future

Sponsorships and Speaking Engagements

Biomed Israel: 2023 Regulatory outlook: Medical technology trends shaping the future

17 May 2023 | 12:00 p.m. - 1:30 p.m. (IDT)

Welcome to the future – the Metaverse and NFTs

Hogan Lovells Events

Welcome to the future – the Metaverse and NFTs

25 April 2023 | 12:15 p.m. - 2:00 p.m. (HKT)

APAC Life Sciences and Health Care Webinar Series - Spotlight on Greater China

Webinar

APAC Life Sciences and Health Care Webinar Series - Spotlight on Greater China

17 May 2022 - 4 April 2023

A Perfect Storm? Successfully Handling Ransomware and Other Cybersecurity Incidents

Sponsorships and Speaking Engagements

A Perfect Storm? Successfully Handling Ransomware and Other Cybersecurity Incidents

22 March 2023 | 4:00 PM - 5:30 PM (ET)

AI & Data Regulation: What privacy professionals need to know about the EU, UK, and U.S. approaches

Hogan Lovells Events

Technology, policy, and the 118th Congress

20 January 2023 | 12:00 - 1:00 p.m. (ET)

Privacy and cybersecurity breakfast seminars on U.S. and life sciences developments in Amsterdam

Hogan Lovells Events

Hogan Lovells advises Mitsubishi Corporation Group on the sale of all shares in MCE Bank GmbH to Santander Consumer Bank AG

10 November 2022

Press releases

Select Hong Kong 2025

Hogan Lovells Events

Select Hong Kong 2025

14 October 2025 | 8:45 a.m. - 3:30 p.m. (HKT)

Compliance Across Borders: Transatlantic Considerations for EU Privacy Pros

Sponsorships and Speaking Engagements

Compliance Across Borders: Transatlantic Considerations for EU Privacy Pros

Thursday 25 September 2025 | 04.30 pm - 07.00 pm CEST

Strafford Webinar - DOL Withdrawal of Current Guidance for Retirement Plan Investments: Private Equity, Cryptocurrency, and ESG Investing

Sponsorships and Speaking Engagements

Strafford Webinar - DOL Withdrawal of Current Guidance for Retirement Plan Investments: Private Equity, Cryptocurrency, and ESG Investing

26 August 2025 | 1:00 p.m. - 2:30 p.m. (ET)

TechReg Talks Webinar Series | Under the Lens: Navigating Tech Regulatory Investigations

Hogan Lovells Events

TechReg Talks Webinar Series | Under the Lens: Navigating Tech Regulatory Investigations

22 July 2025 | 1:00 - 2:00 p.m. (ET)

UK AI Summit: AI Investment & Law

Hogan Lovells Events

UK AI Summit: AI Investment & Law

22 May 2025 | 12:00 p.m. - 7:30 p.m. (BST)

AI Health Law Policy Summit 2025

Hogan Lovells Events

AI Health Law Policy Summit 2025

29 April 2025 1:30 p.m. (ET) - 30 April 2025 3:00 p.m. (ET)

DOJ’s Civil Cyber-Fraud Initiative: FCA risk in a new era of enforcement

Hogan Lovells Events

DOJ’s Civil Cyber-Fraud Initiative: FCA risk in a new era of enforcement

10 April 2025 | 1:00 p.m. - 2:30 p.m. (EDT)

DOJ Restricts Bulk Data Transfers to China and Other Countries of Concern

Hogan Lovells Events

DOJ Restricts Bulk Data Transfers to China and Other Countries of Concern

11 February 2025 | 1:00 p.m. - 2:00 p.m. (EST)

Breakfast Seminar Life Sciences: Update regulatory ontwikkelingen in Nederland en de EU

Hogan Lovells Events

Breakfast Seminar Life Sciences: Update regulatory ontwikkelingen in Nederland en de EU

6 February 2025 | 9:00 a.m. - 10:30 a.m. (CET)

Life Sciences 4.0: The EU AI Act unfolded

Hogan Lovells Events

Life Sciences 4.0: The EU AI Act unfolded

Webinar 1: 8 October 2024, 2:00 p.m. - 3:00 p.m. (CET) | Webinar 2: 3 December 2024, 3:00 p.m. - 4:00 p.m. (CET) | In-person event: 30 January 2025, 12:00 p.m. - 5:00 p.m. (CET)

NRF 2025: Retail’s Big Show