Privacy and Cybersecurity Litigation

At Robins Kaplan LLP, our goal is to eliminate issues threatening data privacy and cybersecurity before they arise. We put our real-world experiences with privacy, cybersecurity, cyber incident planning and response, and associated litigation to work in helping our clients assess potential risks, develop policies and procedures to mitigate and respond to potential risks, and conduct insurance assessments to ensure our clients are properly offsetting cyber risks. Using everything from table-top exercises to full simulations in our trial practice center, we prepare our clients to handle cyber crises in a holistic and achievable manner. In the event our clients fall victim to a cyber-attack, we stand ready to coach clients through the incident and are there to represent them in the aftermath of required notices and reporting.

Businesses across all industries face new threats every day in the ever-growing fields of the Internet of Things (IoT), big data, and cloud computing. Without proper privacy and cybersecurity planning, execution, and monitoring, these threats can lead to irreparable damage to businesses.

Our experienced attorneys defend against claims and investigations arising out of cybersecurity and privacy incidents. We also assert claims on behalf of clients who suffered injuries caused by a privacy or data breach. Moreover, we have multiple in-house resources—including computer specialists, financial advisors, economic consultants, and Ph.D. scientists—who facilitate the cost-effective analysis, communication, and litigation of the laws and computer systems that drive disputes over data and privacy.

Clients closely work with our skilled, trial-ready team to address any cyber privacy concern that arises, including, incident-response readiness, TCPA, FDCPA, CAN-SPAM, HIPAA, CASL, or any other legislative or regulatory system involving data and privacy. With us, clients gain a partner with deep experience, a broad range of resources, and a wealth of knowledge that keeps current on and anticipates the evolving array of local, national, and international rules that control information privacy law and cybersecurity law.


  • Our experience litigating privacy and cybersecurity disputes covers a wide range of forums and actions, including:
  • Attorney General Investigations and Actions
  • Federal and State Courts
  • International Trade Commission
  • Federal Trade Commission
  • Class Actions
  • Arbitrations and International Arbitration
  • Appeals


  • Incident response counseling
  • Incident response litigation
  • Class actions—both affirmative and defensive
  • Breach coaching for cyber incident response
  • Privacy and cybersecurity legal counseling and litigation representation
  • Cyber risk insurance assessments and policy drafting
  • Evaluating and drafting vendor agreements pertaining to cybersecurity and privacy issues
  • Incident response planning, including drafting response plans, testing with tabletop exercises or simulation exercises

Clients and Industries

Our privacy and data security experience includes investigating, litigating, and advising clients in multiple data-rich and data-sensitive industries, including:

  • Banks and Other Financial Services Providers
  • Cable Companies
  • Digital Health Companies
  • Educational Institutions
  • Food and Beverage Companies
  • Franchisors
  • Global Business and Technology Sourcing
  • Health Care Providers
  • Hospitality
  • Housing and Real Estate Marketplace Solutions Providers
  • Insurance Companies
  • Internet Service Providers
  • Law Firms
  • Mobile Application Developers
  • Pharmaceutical Companies
  • Retailers
  • Technology Companies

Selected Case Results*

  • Equifax Data Breach Litigation: This massive litigation alleges multiple acts of negligence on Equifax’s part, including a failure to adequately alert the more than 143 million customers impacted by the 2017 breach. Robins Kaplan partner Stacey Slaughter was appointed to the eight-member Financial Institution Plaintiffs’ Steering Committee in this multidistrict suit.

  • Represented Liberty Mutual in a Telephone Consumer Protection Action (TCPA) case. In November 2017, the firm successfully negotiated a settlement for $36,200—a phenomenal result in a TCPA case.

  • Co-counsel representation of SuperValu Inc. obtaining complete dismissal of claims in a consolidated putative class action for alleged compromised customer data collected in SuperValu’s retail locations.

  • Secured dismissal of class action against national retailer asserting that the retention of drivers’ license information violated the Drivers Privacy Protection Act (“DPPA”), 18 U.S.C. §§ 2721, et seq. That Act provides for liquidated damages (statutory damages) of $2,500 per person. 18 U.S.C. § 2725. The Circuit Court of Appeals affirmed the dismissal.

  • Negotiated $4.5 million nationwide and statewide class action settlement on behalf of national retailer. The two classes combined had nearly 500,000 members. 

  • In re Imagitas, Inc. DPPA Litigation: Obtained summary judgment affirmed by Court of Appeals in defense of alleged class actions that the insertion of advertising into motor vehicle registration mailings violated the DPPA.

  • Obtained denial of class certification for online retailer in case of first impression under Song Beverly Credit Card Act, California Civil Code Section 1747.08, involving requests for consumers’ personal identifying information (PII) in online credit card transactions.

  • Obtained denial of class certification for brick-and-mortar retailer in Song Beverly Credit Card Act (ZIP code) claim, California Civil Code Section 1747.08, holding requests for personal identification information as part of reward program enrollment and member lookups are special purposes incidental to the transactions and do not violate the Act. 

  • Obtained a motion to dismiss in favor of our client on a class action suit involving video purchases brought under the Video Privacy Protection Act (“VPPA”). 

  • Resolved multiple TCPA class actions on a nominal, confidential individual basis, avoiding class certification and minimizing discovery and business interruption costs for our defendant clients.   


* Past results are reported to provide the reader with an indication of the type of litigation we practice. They do not and should not be construed to create an expectation of result in any other case, as all cases are dependent upon their own unique fact situation and applicable law.

Anne M. Lockner


Pronouns: she/her

Back to Top