- J.D., University of Chicago, 1996
- B.A., Haverford College, 1993
- District of Columbia
Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Practice Group Leader of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and external practitioners alike.”
She is known as an industry leader in the privacy and data security space and is consistently recognized by Leading Lawyers Network, Chambers and The Legal 500, and leading publications and organizations for her work in this area of law. Liisa was recently recognized as the 2017 Data Protection Lawyer of the Year - USA by Global 100, the 2017 U.S. Data Protection Lawyer of the Year by Finance Monthly, and the “Best in Data Security Law Services” at Corporate LiveWire’s 2017 Global Awards.
Liisa, who was born in Finland and has lived in France, Egypt, and Spain, frequently coordinates global efforts in the privacy area for her clients. Clients value her global insights and familiarity with business systems outside of the United States. With Liisa’s assistance, her clients—which include major consumer brands, advertising agencies, and consumer research companies—are able to navigate thorny data breach disclosure issues, use emerging interactive advertising techniques, and create compliant security programs, all while effectively managing their legal risks. Clients praise Liisa’s ability to add real value to their businesses, and describe her as “keeping [clients] one step ahead of where [they] need to be.”
She is an active advocate of women and minorities in the legal industry and has been honored for her leadership in the legal field by the Illinois Diversity Council. Liisa is currently an adjunct professor in Northwestern University Law School, and has taught privacy courses at several other Chicago-area law schools, including her alma mater, the University of Chicago. Liisa serves on the Board of Trustees of the Chicago Symphony Orchestra, is Vice-Chair of the CSO’s Negaunee Music Institute Board, and plays violin in the Chicago Bar Association Symphony Orchestra, an orchestra made up of lawyers and judges.
- Liisa is known as an industry leader in the privacy and data security space and is consistently recognized by Leading Lawyers Network, Chambers and The Legal 500, and leading publications and organizations for her work in this area of law. See below for a selection of Liisa’s honors:
- Leading Lawyer, Chambers USA, Nationwide Privacy & Data Security
- Leading Lawyer, Chambers Illinois, Media & Entertainment: Transactional
- Recognized for Privacy, The Legal 500 USA
- Member, Leading Lawyers Network
- "Data Protection Lawyer of the Year – USA," Global 100 (2017)
- "U.S. Data Protection Lawyer of the Year," Finance Monthly (2017)
- "Best in Data Security Law Services," Corporate LiveWire’s Global Awards (2017)
- Recipient, National Law Journal's Cybersecurity Trailblazer Award (2016)
- Recipient, Lexology/ILO's Client Choice Award for IT and the Internet (2016)
- Named to Cybersecurity Docket's inaugural "Incident Response 30," honoring 30 incident response professionals critical to managing data breaches (2016)
Recent Privacy and Data Security Experience:
- Assessing the scope of possible breaches of personally identifiable information through use of forensic experts and extensive on-site due diligence.
- Creating data breach assessment and notification programs (both post-breach and pro-active pre-breach plans) for Fortune 100 companies.
- Assisting clients to develop e-mail marketing campaigns, text message campaigns, pre-recorded call campaigns, and online information collection programs in compliance with CAN-SPAM and COPPA, among other laws.
- Developing internal policies for safeguarding personally identifiable information gathered online and from employees.
- Developing privacy compliance policies, procedures, monitoring programs, and reporting plans.
- Training management on the requirements of the law, including those with respect to the maintenance and retention of employee records.
- Developing cross-border data transfer programs for multiple Fortune 100 and Fortune 500 companies.
- Helping a U.S.-based multinational corporation create Binding Corporate Rules.
Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and external practitioners alike.” She has lectured widely and has both authored and been featured in numerous publications. See below for a selection of Liisa’s published works, media mentions and speaking engagements:
- "USA - Behavioural Advertising," Data Guidance, May 8, 2017
- "CFPB Provides Guidance on Consumer Data Protection," Financial Regulation Journal, November 23, 2017
Privacy Law Blog Posts
- "2018: The Year of the FTC and Informational Injuries?" January 17, 2018
- "As GDPR Looms, Australia to Participate in APEC’s CBPR Program," January 11, 2018
- "How Will Breach Laws Develop in 2018?" January 3, 2018
- "Assessing GDPR Guidelines Part II: Data Impact Assessments," December 14, 2017
- "Assessing GDPR Guidelines Part I: Profiling and Automated Decision Making," December 13, 2017
- "CFPB Provides Guidance on Consumer Data Protection," November 14, 2017
- "FTC Gives COPPA Guidance on Voice Recordings," October, 24 2017
- "EU Concludes Privacy Shield Still Adequate," October 19, 2017
- "Employees Sue for Fingerprint Use," October 9, 2017
- Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification2017
- Commercial Dispute Resolution, October 11, 2017
- Sheppard Mullin Adds Practice Leader to Grow Winston Lateral RosterThe American Lawyer, September 26, 2017
- Sheppard Mullin Nabs Leading Cybersecurity PartnerLaw360, September 25, 2017
- FTC Takes First EU-U.S. Privacy Shield Enforcement ActionsBloomberg Law: Privacy & Data Security, September 8, 2017
- Privacy Bootcamp, IAPP Europe Data Protection Congress, November 7, 2017
- Advertising Law Institute 2017, October 17, 2017
- Data Breach Simulation at IAPP Conference, October 16, 2017
- Privacy + Security Forum, October 4, 2017
- PLI’s Advertising Law Institute 2017, September 14, 2017
- IAPP Global Privacy Summit, April 18, 2017
- Incident Response Forum 2017, April 4, 2017
- April 10-12, 2018
- Data Breach BootcampSQUARE - Brussels Meeting Centre, November 6, 2017
- PLI Practising Law InstitutePLI California Center, October 17, 2017
- Data Breach BootcampRenaissance San Diego, October 2017
- Hands-On Data Breach Simulation: Understanding the Roles of Legal, Forensics/IT, and PRGeorge Washington University The Marvin Center, October 4, 2017
- Board of Trustees, Chicago Symphony Orchestra
- Vice-Chair, CSO’s Negaunee Music Institute Board
- Chair, INTA Bulletins Committee, International Trademark Association
- Member, International Association of Privacy Professionals
- Member, Women’s Foodservice Forum
- Adjunct Professor, Northwestern University’s Masters of Science in the Law Program
- Violinist, Chicago Bar Association Symphony Orchestra