Brittany advises clients in identifying, evaluating and managing complex global privacy and information security risks and compliance issues.

Brittany Bacon is a partner in the firm’s top-ranked Global Privacy and Cybersecurity practice.  She has national recognition for her work in the areas of privacy and data security.  Chambers USA 2018 quotes clients who call her “very diligent, intelligent and hard-working” and “very client-focused, attentive and responsive.”  Chamber USA 2018 also quotes a client who calls her “one of the very best individuals I have worked with on privacy-related matters.” Legal 500 refers to Brittany as “a rising star in the cybersecurity world,” listing her as a “Next Generation Lawyer” for cyber law.  In 2018, Brittany was also named a New York Law Journal “Rising Star” and a Law360 “Rising Star” in privacy and cybersecurity.

Brittany assists clients in identifying, evaluating and managing a panoply of global privacy and information security risks and compliance issues.  A significant aspect of her practice is advising large, multi-national companies on catastrophic cybersecurity incidents.  This includes advising clients on data breach notification responsibilities, counseling them on responding to multi-jurisdictional regulatory investigations, and providing strategic advice in the breach context for managing inquiries from Boards of Directors, consumers, media and potential acquiring companies in a deal setting.  Brittany helps companies design and build privacy and data security governance programs, and develop written policies, procedures and standards.  She advises clients on conducting proactive breach preparedness activities, including developing workable incident response plans and legal breach notification procedures, running executive-level tabletops with data breach hypotheticals, and engaging third-party experts (such as forensic investigation firms, credit monitoring services, PR firms and call centers) in advance of an incident.

In relation to her privacy compliance practice, Brittany has extensive experience in advising clients on state, federal and international privacy laws.  She routinely conducts privacy impact assessments and advises companies on managing risk in connection with extensive and innovative data collection and use.  She works with start-ups whose technology is often years ahead of the laws designed to regulate it.  She also regularly negotiates privacy and data security provisions of complex commercial and technology-related contracts and helps companies design robust vendor management programs.

Relevant Experience

  • Advised over 50 companies (including health care companies, retailers, consumer goods companies, and financial institutions) on data breach and cybersecurity incident response, including preparation of required notifications pursuant to state breach notification laws, the HITECH Act and Interagency Guidance, call center training and development of media strategies.
  • Advised major multi-national company with a data security incident extending to 78 countries, managed the U.S. legal escalation call center and responded to multiple international data protection authorities.
  • Advises clients on FTC, SEC and state Attorney General (including Multistate Task Force) investigations and enforcement actions for alleged data security and privacy violations.
  • Provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness.
  • Assisted Fortune 100 company in responding to congressional inquiries relating to a cybersecurity incident.
  • Prepares comprehensive data security policies, standards and procedures in connection with corporate information security programs.
  • Assists clients with complying with privacy and information security requirements, including under GLB, HIPAA and state information security laws.
  • Advises clients on managing FTC Consent Orders and CIDs in connection with data security incidents.
  • Advised major global bank on massive cyber intrusion.
  • Advised multinational clients on Safe Harbor certification and annual recertification.
  • Develops comprehensive vendor management programs.
  • Counsels clients in negotiating information sharing agreements with government agencies.
  • Assists clients in establishing a vendor management program, including evaluating and negotiating privacy and data security provisions and indemnities contained in vendor agreements.
  • Evaluates compliance issues and drafts notices and consents for corporate programs involving business uses of employee-owned electronic devices.
  • Drafts online and offline privacy policies, procedures and notices.
  • Evaluates compliance and enforcement issues related to the collection of information in the context of credit card transactions under the Song-Beverly Act and other state and federal laws.
  • Develops employee training materials and handbooks focusing on privacy and information security practices.
  • Counsels clients on HIPAA compliance, including security breach notification obligations under the HITECH Act and preparation of HIPAA security policies and procedures.

Media Appearances

  • Radio Times, Privacy and Security on the Internet (Bacon interviewed), July 22, 2015
  • FOX5NY, Cash, Credit Cards, Chips – Consumer Payment Methods Fluctuate in Light of Data Breaches (Bacon interviewed), October 21, 2014


  • Member, New York Bar Association

Awards & Recognition

  • Named a Rising Star, Law360, 2018
  • Named a New York Law Journal 2018 Rising Star
  • Selected as one of Global Data Review’s 40 Under 40 data lawyers, 2018
  • Recognized as an Associate to Watch in Privacy & Data Security, Chambers USA, 2018
  • Ranked in the Next Generation Lawyers for Data Protection and Privacy, Legal 500 United States, 2017-2018
  • City Bar Justice Center’s 2016 Jeremy G. Epstein Award for Pro Bono Service