Liisa Thomas, a partner based in the Chicago and London offices, is Leader of the firm's Privacy and Cybersecurity Team and Office Managing Partner of the firm's Chicago office. She is a member of the Intellectual Property Practice, and focuses on privacy, advertising, and unfair competition law.

"Her business-friendliness and expertise set her apart."
- Chambers (2023)

Areas of Practice

Liisa's clients rely on her ability to provide clarity in a sea of confusing legal requirements and describe her as "extremely responsive, while providing thoughtful legal analysis combined with real world practical advice." She is the author of two treatises: Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as "a no-nonsense roadmap for in-house and external practitioners alike;" and Thomas on Big Data, praised for being a "comprehensive and detailed analysis of the complex and rapidly changing world of privacy law."

Known as an industry leader in privacy, data security and advertising law, Liisa has been recognized by Best Lawyers in America, Leading Lawyers Network, Chambers, Super Lawyers, and The Legal 500, for her "broad depth of privacy knowledge." Among other honors, she was named Lawyer of the Year – Privacy and Data Security 2022 by Best Lawyers; one of Crain’s Chicago Business Notable Women in the Law; in the Legal 500 Hall of Fame – Cyber Law from 2020 to 2023; recognized as the 2017 "Data Protection Lawyer of the Year - USA" by Global 100; honored as the 2017 "U.S. Data Protection Lawyer of the Year" by Finance Monthly; and has been recognized as a top intellectual property, media and advertising lawyer from 2018 to 2023 by Super Lawyers.

Liisa, who was born in Finland and previously lived in France, Egypt and Spain, frequently coordinates global efforts privacy, data security and digital advertising matters for her clients. Clients value her global insights and familiarity with business systems outside of the U.S. With Liisa’s assistance, her clients – which include major consumer brands, advertising agencies and consumer research companies – are able to navigate thorny data breach disclosure issues, use emerging interactive advertising techniques and create compliant security programs, all while effectively managing their legal risks. Clients praise Liisa’s ability to add real value to their businesses, and describe her as "keeping [clients] one step ahead of where [they] need to be."

Liisa is an active advocate of women and minorities in the legal industry, received the 2020 Legacy Award from Illinois Legal Aid Online, and was honored for her leadership in the legal field by the Illinois Diversity Council. She is currently an adjunct professor in Northwestern University Law School, where she was the 2021-2022 recipient of the Edward Avery Harriman Law School Lectureship. She formerly taught privacy courses at several other Chicago-area law schools, including her alma mater, the University of Chicago. Liisa is served on the Board of Trustees of the Chicago Symphony Orchestra and plays violin in the Chicago Bar Association Symphony Orchestra, an orchestra made up of lawyers and judges.



  • Selected to serve on multiple IAPP advisory boards, including the education advisory board, helping to develop training content for privacy professionals.
  • Serve as a faculty trainer for IAPP, conducting privacy compliance training for global audiences.
  • Supported hundreds of clients, including Fortune 100 and 500 firms, launch privacy and data security compliance programs that navigate the complex legal patchwork.
  • Develop compliance approach for consumer-facing companies to address the ongoing and developing patchwork of US “comprehensive” laws, including financial incentives assessments, addressing loyalty program requirements, and provision of consumer rights of access, correction and deletion.
  • Assisted financial services firm with global privacy and data security assessment, including implementation of remediation plans.
  • Served as lead counsel in massive ransomware incident, guiding client through forensic investigation to notification.
  • Developed cross-border data transfer programs for multiple Fortune 100 and Fortune 500 companies.
  • Helped a U.S.-based multinational corporation create binding corporate rules.
  • Created data breach assessment and notification programs (both post-breach and pro-active pre-breach plans) for Fortune 100 companies.
  • Provide data incident response coaching for clients for a wide variety of incidents, including phishing, ransomware, malware, and insider threat.
  • Assist clients in developing e-mail marketing campaigns, text message campaigns, pre-recorded call campaigns and online information collection programs in compliance with a wide variety of privacy and advertising laws.
  • Develop internal policies for safeguarding personally identifiable information gathered online and from employees.
  • Develop privacy compliance policies, procedures, monitoring programs and reporting plans.
  • Conduct internal trainings for business teams on privacy and advertising law requirements.



  • Leading Global Cyber Lawyers list, Lawdragon, 2024
  • Who's Who Legal: Data, 2024
  • Leading Lawyer, Chambers Global, Privacy & Data Security, 2015-2023
  • Top Author, JD Supra Readers' Choice Awards, 2023-2024
  • Best Lawyers in America, Best Lawyers, 2020-2024
  • Top Intellectual Property, Media & Advertising Lawyer, Super Lawyers, 2006, 2018-2023
  • Named to Cybersecurity Docket's "Incident Response 50" (2023-2024), "Incident Response 40" (2021-2022) and "Incident Response 30" (2016, 2018), honoring the best and brightest data breach response lawyers in the business
  • Recommended Lawyer - Cyber Law, Legal 500, 2022
  • Sheppard Mullin's Diversity and Inclusion Award, 2022
  • Lawyer of the Year - Privacy and Data Security, Best Lawyers, 2022
  • Notable Women in Law, Crain’s Chicago Business, 2020, 2022, 2024
  • The Legal 500 Hall of Fame – Cyber Law, Legal 500, 2020-2022
  • Leading Lawyer, Chambers USA, Nationwide Privacy & Data Security, 2014-2022
  • Leading Lawyer, Leading Lawyers, 2016-2022
  • Leading Lawyer, Cyber Law, Legal 500 USA, 2016-2021
  • Legacy Award, Illinois Legal Aid Online, 2020
  • Notable Minorities in Accounting, Consulting & Law, Crain’s Chicago Business, 2020
  • Thought Leader on Cybersecurity, National Law Review, 2019
  • Notable Women Lawyers, Crain's Custom Media, 2018
  • Leading Lawyer, Chambers Illinois, Media & Entertainment: Transactional, 2013-2018
  • Leading Woman Lawyer, Chicago Lawyer Magazine’s Diversity Issue, 2018
  • "Data Protection Lawyer of the Year – USA," Global 100, 2017
  • "U.S. Data Protection Lawyer of the Year," Finance Monthly, 2017
  • "Best in Data Security Law Services," Corporate LiveWire’sGlobal Awards, 2017
  • Recipient, National Law Journal's Cybersecurity Trailblazer Award, 2016
  • Recipient, Lexology/ILO's Client Choice Award for IT and the Internet, 2016
  • JD Supra Top Author 2023
  • JD Supra Top Author 2024
  • Legal500 US Recommended Attorney
  • Liisa Thomas, Chambers 2023
  • Liisa Thomas, Legal 500 Hall of Fame



Liisa has published extensively in the area of privacy, data security, and digital media and advertising. She is the author of two treatises: Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification (Thomson Reuters, 2018), which has been described as "a no-nonsense roadmap for in-house and external practitioners alike;" and Thomas on Big Data (Thomson Reuters, 2021), praised for being a "comprehensive and detailed analysis of the complex and rapidly changing world of privacy law." Liisa is also the editor of the firm’s eyeonprivacy.com blog, a recap of recent developments in the privacy and cyber space. A few of her more recent additional publications include:

Consumer Finance and Fintech Blog

Covering Your Ads Blog 

Esports and Games: Game Counsel

Healthcare Law Blog 

Retail Law Blog

Privacy & Cybersecurity: Eye on Privacy Blog

Media Mentions

Speaking Engagements

  • Speaker, "Which Rights for Which Data? A Legal Take on the Big Data Landscape," INTA The Business of Data Conference, March 22, 2023
  • Coffee Chat with Liisa Thomas
    Northwestern Law and Technology Initiative, July 12, 2022
  • Panelist, “Legal trends to watch: from influencer missteps to privacy pitfalls,” Ad Age Next: CMO Conference, December 1, 2021
  • Speaker and faculty, “Technotainment” 2021: Distributing Content Across Multiple Platforms, Practising Law Institute, September 17, 2021




  • Training Advisory Board, International Association of Privacy Professionals (IAPP)

  • Executive Committee of the Board of Trustees, Chicago Symphony Orchestra (CSO)
  • Chair, Negaunee Music Institute Board, CSO
  • Subcommittee Chair, INTA Building Bridges Committee, International Trademark Association
  • Member, International Association of Privacy Professionals
  • Member, Women’s Foodservice Forum
  • Adjunct Professor, Northwestern University School of Law
  • Member, Leading Lawyers Network
  • Violinist, Chicago Bar Association Symphony Orchestra

Digital Media


M.S., Learning and Organizational Change, Northwestern University, 2021

J.D., University of Chicago, 1996

B.A., Haverford College, 1993


  • Illinois
  • District of Columbia


Jump to Page

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.