Overview

Liisa Thomas, a partner based in the Chicago and London offices, is Leader of the firm's Privacy and Cybersecurity Team and Office Managing Partner of the firm's Chicago office. She is a member of the Intellectual Property Practice, and focuses on privacy, advertising, and unfair competition law.

"Her business-friendliness and expertise set her apart."
- Chambers (2023)

Areas of Practice

Liisa Thomas is a recognized authority in privacy and cybersecurity law, serving as a go-to advisor for in-house counsel and C-suite executives at Fortune 500, multinational, and global companies. Based in Chicago and London, clients rely on her practical, business-focused, and cross-cultural approach to privacy, cybersecurity, digital advertising, and compliance law. Liisa is known for translating complex legal requirements—such as GDPR, CCPA, BIPA, TCPA, and cross-border data transfer issues—into actionable strategies that protect enterprise value and manage risk.

A sought-after keynote speaker and panelist, Liisa regularly presents at leading privacy, cybersecurity, and compliance conferences, as well as executive forums and legal seminars. She is recognized for delivering engaging, insightful presentations on emerging privacy regulations and best practices. Liisa is trainer for International Association of Privacy Professionals, and an adjunct professor at Northwestern University Law School, where she helps train next generation of privacy professionals.

Liisa’s leadership and impact in the legal field have been recognized by Chambers, Legal 500, Lawdragon, and others. She was the 2020 recipient of the Legacy Award from Illinois Legal Aid Online, an organization committed to access to justice. Beyond her legal practice, Liisa serves on the Board of Trustees of the Chicago Symphony Orchestra and plays violin in the Chicago Bar Association Symphony Orchestra, an ensemble of lawyers and judges.

Experience

Experience

  • Selected to serve on multiple IAPP advisory boards, including the education advisory board, helping to develop training content for privacy professionals.
  • Serve as a faculty trainer for IAPP, conducting privacy compliance training for global audiences.
  • Supported hundreds of clients, including Fortune 100 and 500 firms, launch privacy and data security compliance programs that navigate the complex legal patchwork.
  • Develop compliance approach for consumer-facing companies to address the ongoing and developing patchwork of US “comprehensive” laws, including financial incentives assessments, addressing loyalty program requirements, and provision of consumer rights of access, correction and deletion.
  • Assisted financial services firm with global privacy and data security assessment, including implementation of remediation plans.
  • Provided guidance to education platform regarding compliance with children's privacy law issues, including compliance with COPPA, FERPA and state laws.
  • Advised client contracting with schools on methods to address federal and state student privacy laws.
  • Served as lead counsel in massive ransomware incident, guiding client through forensic investigation to notification.
  • Developed cross-border data transfer programs for multiple Fortune 100 and Fortune 500 companies.
  • Helped a U.S.-based multinational corporation create binding corporate rules.
  • Created data breach assessment and notification programs (both post-breach and pro-active pre-breach plans) for Fortune 100 companies.
  • Provide data incident response coaching for clients for a wide variety of incidents, including phishing, ransomware, malware, and insider threat.
  • Assist clients in developing e-mail marketing campaigns, text message campaigns, pre-recorded call campaigns and online information collection programs in compliance with a wide variety of privacy and advertising laws.
  • Develop internal policies for safeguarding personally identifiable information gathered online and from employees.
  • Develop privacy compliance policies, procedures, monitoring programs and reporting plans.
  • Conduct internal trainings for business teams on privacy and advertising law requirements.

Honors

Honors

  • Thought Leading Co-Author, Data Protection - U.S., Mondaq, Spring 2025
  • Leading Author - Data Privacy and Protection and Technology, Media and Telecommunications, Lexology Legal Influencers, Q4 2024
  • Leading Global Cyber Lawyers list, Lawdragon, 2024
  • Who's Who Legal: Data, 2024-2025
  • Leading Lawyer, Chambers Global, Privacy & Data Security, 2015-2025
  • Hall of Fame (2020-2025), Leading Partner (2016-2021), Recommended Lawyer (2022-2025) - Cyber Law, Legal 500
  • Thought Leading Author, Data Protection - UK, Mondaq, Spring 2024
  • Top Author, JD Supra Readers' Choice Awards, 2023-2025
  • Best Lawyers in America, Best Lawyers, 2020-2025
  • Top Intellectual Property, Media & Advertising Lawyer, Super Lawyers, 2006, 2018-2025
  • Named to Cybersecurity Docket's "Incident Response 50" (2023-2024), "Incident Response 40" (2021-2022) and "Incident Response 30" (2016, 2018), honoring the best and brightest data breach response lawyers in the business
  • Sheppard Mullin's Diversity and Inclusion Award, 2022
  • Lawyer of the Year - Privacy and Data Security, Best Lawyers, 2022
  • Notable Women in Law, Crain’s Chicago Business, 2020, 2022, 2024
  • Leading Lawyer, Chambers USA, Nationwide Privacy & Data Security, 2014-2022, 2024-2025
  • Leading Lawyer, Leading Lawyers, 2016-2022, 2025
  • Legacy Award, Illinois Legal Aid Online, 2020
  • Notable Minorities in Accounting, Consulting & Law, Crain’s Chicago Business, 2020
  • Thought Leader on Cybersecurity, National Law Review, 2019
  • Notable Women Lawyers, Crain's Custom Media, 2018
  • Leading Lawyer, Chambers Illinois, Media & Entertainment: Transactional, 2013-2018
  • Leading Woman Lawyer, Chicago Lawyer Magazine’s Diversity Issue, 2018
  • "Data Protection Lawyer of the Year – USA," Global 100, 2017
  • "U.S. Data Protection Lawyer of the Year," Finance Monthly, 2017
  • "Best in Data Security Law Services," Corporate LiveWire’sGlobal Awards, 2017
  • Recipient, National Law Journal's Cybersecurity Trailblazer Award, 2016
  • Recipient, Lexology/ILO's Client Choice Award for IT and the Internet, 2016
  • Chambers USA 2025_ Liisa Thomas
  • JD Supra Readers' Choice Top Author 2025
  • JD Supra Top Author 2023
  • JD Supra Top Author 2024
  • Legal 500 Hall of Fame 2024
  • Legal 500 Hall of Fame 2025
  • Legal 500 Recommended Lawyer 2025
  • Legal500 US Recommended Attorney
  • Liisa Thomas - Chambers 2024
  • Mondaq Thought Leader Spring 2025

Insights

Articles

Liisa is a trusted authority and frequent thought leader on privacy, data security, and corporate compliance topics. She regularly advises C-Suite executives and in-house legal teams at Fortune 500 companies on these issues, as well as speaking at leading industry organizations and writing extensively for respected legal and business publications. She has authored two treatises with Westlaw (a division of Thomson Reuters), Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification and Thomas on Big Data: A Practical Guide to Global Privacy Laws, both recognized as no-nonsense roadmaps for in-house and legal practitioners. As the editor of the firm’s Eye on Privacy blog, Liisa works with her team to provide timely updates and practical guidance on global privacy, cybersecurity, digital advertising, compliance and regulatory developments. Examples of some of her publications and speeches, which provide overviews of innovative approaches for addressing privacy and security compliance, critical issues for enterprise privacy programs, and more, are listed below:

Consumer Finance and Fintech Blog

Covering Your Ads Blog

Esports and Games: Game Counsel

Healthcare Law Blog

Retail Law Blog

Privacy & Cybersecurity: Eye on Privacy Blog


Media Mentions

Speaking Engagements

  • Speaker, "Which Rights for Which Data? A Legal Take on the Big Data Landscape," INTA The Business of Data Conference, March 22, 2023
  • Coffee Chat with Liisa Thomas
    Northwestern Law and Technology Initiative, July 12, 2022
  • Panelist, “Legal trends to watch: from influencer missteps to privacy pitfalls,” Ad Age Next: CMO Conference, December 1, 2021
  • Speaker and faculty, “Technotainment” 2021: Distributing Content Across Multiple Platforms, Practising Law Institute, September 17, 2021

Events

Memberships

Memberships

  • 2025 Cybersecurity & Privacy Editorial Advisory Board, Law360
  • Training Advisory Board, International Association of Privacy Professionals (IAPP)

  • Member of the Board of Trustees, Chicago Symphony Orchestra (CSO)
  • Board member, FGLI (First-Generation, Lower-Income) Consortium
  • Subcommittee Chair, INTA Building Bridges Committee, International Trademark Association
  • Member, International Association of Privacy Professionals
  • Member, Women’s Foodservice Forum
  • Adjunct Professor, Northwestern University School of Law
  • Member, Leading Lawyers Network
  • Violinist, Chicago Bar Association Symphony Orchestra

Digital Media

Education

M.S., Learning and Organizational Change, Northwestern University, 2021

J.D., University of Chicago, 1996

B.A., Haverford College, 1993

Admissions

  • Illinois
  • District of Columbia

Languages

Jump to Page

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.