Site Search
Professionals 170 results
Capabilities 64 results
Practice Area
Winston takes a strategic approach to privacy and data security, integrating our extensive capabilities across practices to provide our clients with cutting-edge privacy and data security counseling, crisis management, security incident investigation and notification management, defense of data security class action litigation and regulatory inquiries, and international data protection. Our Global Privacy & Data Security Practice features a core team of privacy professionals and is bolstered by more than 40 attorneys from a variety of other disciplines firmwide. Our team combines compliance counselors, transactional lawyers, former government regulators and federal prosecutors, seasoned investigators, and experienced litigators. Few firms can rival our in-depth, sophisticated, and integrated experience in this area.
Practice Area
Privacy: Regulated Personal Information (RPI)
Winston’s Regulated Personal Information (RPI) Practice offers seamlessly integrated counseling and litigation services to companies looking for practical and solution-oriented assistance navigating the compliance, regulatory, and private class action enforcement risks presented by the emerging patchwork of complex (and often conflicting) privacy laws in the United States and beyond.
Practice Area
Class Actions & Group Litigation
Winston has developed a consistent record of success handling class action cases in state and federal courts. The practice is anchored by seasoned class action lawyers, many of whom have been recognized by Chambers USA and other ranking organizations as being top practitioners in their field. Our clients rely on us to steer them through class action matters by drawing on the firm’s significant experience in resolving complex litigation using creative and aggressive arguments, across a broad range of class, collective, coordinated, and mass actions, as well multidistrict litigation. We also have succeeded at trial in several class actions—a rare occurrence.
Experience 27 results
Experience
|November 13, 2024
Winston and Strawn Paris represented Astorg, a leading Pan-European private equity firm in connection with the signing of a binding agreement to acquire a majority stake in Redslim (the “Company”) from its Founders, Eric Bensimon, Alberto Alcaniz, Soren Altmann and Patric Mezei (the “Founders”), who will re-invest significantly in the business. Redslim provides data management services, leveraging a proprietary technology platform, and focusing on Consumer-Packaged Goods (CPG) and Consumer Healthcare (CHC) segments. Through this partnership, Astorg will support the Company’s growth and international expansion, collaborating closely with the Founders and the management team.
Experience
|December 8, 2023
Winston Represented Interlock Equity in Investment in evolv Consulting
Winston represented Interlock Equity (Interlock), a Los Angeles-based growth-oriented private equity firm, in its strategic growth investment in evolv Consulting (evolv), a Dallas-based leading data-driven digital and business consulting firm. This investment will reinforce evolv’s market presence and deepen its industry expertise while broadening its solutions offerings and geographic footprint.
Experience
|October 3, 2023
Nauticus Robotics, Inc. acquires 3D at Depth, Inc.
Winston & Strawn represented Nauticus Robotics, Inc., a developer of autonomous vehicles and robots for data collection and intervention services for offshore industries, in connection with the announced acquisition of 3D at Depth, Inc. a global leader in commercial subsea laser LiDAR (Light Detection and Range) inspection and data services, for approximately US$34M in stock, before certain purchase price adjustments and the assumption of debt. Under the terms and subject to the conditions of the acquisition agreement, 3D security holders will receive approximately 9.9326 shares of Nauticus common stock for each share of 3D common stock equivalent they own, for an aggregate equity value of approximately US$34M, before purchase price adjustments. Nauticus will also assume approximately US$4.1M of debt in the transaction. The transaction is expected to close during the fourth quarter of 2023. Upon closing of the transaction, 3D will operate as a division of Nauticus.
Insights & News 1,981 results
Sponsorship
|October 15, 2025
Winston & Strawn Sponsors ChIPs 2025 Global Summit
Winston & Strawn is a proud sponsor of the 2025 ChIPs Global Summit, which brings together women from all over the world working in technology, policy, private practice, corporations, government, academia, and beyond. Each year, the summit aims to advance innovation through diversity of thought and connect women through engagement opportunities.
Seminar/CLE
|September 18, 2025
Winston Hosts New York Financial Services Symposium 2025
Winston’s Financial Services Industry Group was pleased to host our New York Financial Services Symposium. The event included a half-day of programming led by top industry thought leaders. Find key takeaways from each panel discussion below.
Client Alert
|September 12, 2025
|6 Min Read
Debanking Developments: OCC Bulletins Clarify Expectations, but Key Questions Remain
In this alert, Winston’s Financial Services Industry Group examines recent developments in debanking, focusing on two new OCC bulletins that clarify regulatory expectations. While these bulletins provide new insight into how the OCC is addressing debanking under the current administration, they also leave several important questions unanswered.
The OCC’s first bulletin addresses how politicized or unlawful debanking will factor into licensing applications and Community Reinvestment Act evaluations, emphasizing the importance of fair access and treatment. The second bulletin reminds banks of their obligations under the Right to Financial Privacy Act, particularly in light of recent congressional scrutiny, and underscores the need to protect customer financial records unless disclosure is legally required.
What does this mean for you?
Other Results 76 results
Law Glossary
What Is Privacy Compliance Law?
The area of privacy compliance law addresses how organizations meet legal and regulatory requirements for collecting, processing, or maintaining personal information. Data privacy breaches can lead to regulatory investigations and fines. When privacy is compromised, consumers or employees may respond with civil lawsuits. It is recommended, but not required by a federal law, that companies create and post privacy policies on websites and mobile apps. Once posted, companies must follow these policies or face scrutiny by the Federal Trade Commission. (California and Delaware state law does require privacy policies to be posted on websites and mobile applications, if the site collects personally identifiable information).
Law Glossary
What Is Data Breach and Data Security Law?
Within 48 U.S. states and the District of Columbia, data breach and data security laws require organizations and government agencies to provide notifications of security breaches when they involve personally identifiable information. Companies may also be required by state data breach laws to act to minimize the effects of a breach. The FTC can investigate companies that do not adhere to their stated privacy policies and do not have safeguards to protect customer data, but no broad federal law exists regarding breach notifications. However, these U.S. data security laws and government agency rules are enforced:
Law Glossary
What Is the General Data Protection Regulation (GDPR) Law?
The European Union General Data Protection Regulation (GDPR) law is an act, applied across the Union, which directs data privacy. The GDPR law is designed to protect the data privacy of all EU citizens and guide organizational approaches to handling data, as well as transferring it across borders. Under the GDPR, breach notification is mandatory within 72 hours if the breach is likely to “result in a risk for the rights and freedoms of individuals.” The GDPR applies to organizations within the EU as well as those outside of the EU if they offer goods or services to European citizens. It also applies to organizations that monitor the behavior of data subjects online.