- J.D., University of Chicago, 1996
- B.A., Haverford College, 1993
- District of Columbia
Liisa Thomas, a partner based in the Chicago and London offices, is Leader of the firm's Privacy and Cybersecurity Practice Group.
Areas of Practice
Liisa's clients rely on her ability to provide clarity in a sea of confusing legal requirements and describe her as "extremely responsive, while providing thoughtful legal analysis combined with real world practical advice." She is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as "a no-nonsense roadmap for in-house and external practitioners alike."
Liisa is known as an industry leader in the privacy and data security space and has been recognized by Best Lawyers in America, Leading Lawyers Network, Chambers and The Legal 500, as well as noted by leading publications and organizations for her "broad depth of privacy knowledge." She was named to Cybersecurity Docket's "Incident Response 30," honoring 30 incident response professionals critical to managing data breaches, in both 2016 and 2018; recognized as the 2017 "Data Protection Lawyer of the Year - USA" by Global 100; honored as the 2017 "U.S. Data Protection Lawyer of the Year" by Finance Monthly; and the recipient of the "Best in Data Security Law Services" at Corporate LiveWire’s 2017 Global Awards.
Liisa, who was born in Finland and previously lived in France, Egypt and Spain, frequently coordinates global efforts in the privacy area for her clients. Clients value her global insights and familiarity with business systems outside of the U.S. With Liisa’s assistance, her clients – which include major consumer brands, advertising agencies and consumer research companies – are able to navigate thorny data breach disclosure issues, use emerging interactive advertising techniques and create compliant security programs, all while effectively managing their legal risks. Clients praise Liisa’s ability to add real value to their businesses, and describe her as "keeping [clients] one step ahead of where [they] need to be."
Liisa is an active advocate of women and minorities in the legal industry and was honored for her leadership in the legal field by the Illinois Diversity Council. She is currently an adjunct professor in Northwestern University Law School, and formerly taught privacy courses at several other Chicago-area law schools, including her alma mater, the University of Chicago. Liisa is the Vice-Chair of the Board of Trustees of the Chicago Symphony Orchestra, Chair of the CSO’s Negaunee Music Institute Board, and plays violin in the Chicago Bar Association Symphony Orchestra, an orchestra made up of lawyers and judges.
- Notable Minorities in Accounting, Consulting & Law, Crain’s Chicago Business, 2020
- Best Lawyers in America, Best Lawyers, 2020
- Thought Leader on Cybersecurity, National Law Review, 2019
- Notable Women Lawyers, Crain's Custom Media, 2018
- Leading Lawyer, Cyber Law, Legal 500 USA, 2016-2019
- Named to Cybersecurity Docket's "Incident Response 30," honoring 30 incident response professionals critical to managing data breaches, 2016 and 2018
- Leading Lawyer, Chambers Global, Privacy & Data Security, 2015-2019
- Leading Lawyer, Chambers USA, Nationwide Privacy & Data Security, 2014-2018
- Leading Lawyer, Chambers Illinois, Media & Entertainment: Transactional, 2013-2018
- Illinois Super Lawyer, Intellectual Property, Super Lawyers, 2006, 2018, 2019 and 2020
- Leading Woman Lawyer, Chicago Lawyer Magazine’s Diversity Issue, 2018
- "Data Protection Lawyer of the Year – USA," Global 100, 2017
- "U.S. Data Protection Lawyer of the Year," Finance Monthly, 2017
- "Best in Data Security Law Services," Corporate LiveWire’s Global Awards, 2017
- Recipient, National Law Journal's Cybersecurity Trailblazer Award, 2016
- Recipient, Lexology/ILO's Client Choice Award for IT and the Internet, 2016
Recent Privacy and Data Security Experience
- Assisting clients with GDPR preparedness projects, including compliance assessments and implementation of remediation plans.
- Assessing the scope of possible breaches of personally identifiable information through use of forensic experts and extensive on-site due diligence.
- Creating data breach assessment and notification programs (both post-breach and pro-active pre-breach plans) for Fortune 100 companies.
- Assisting clients to develop e-mail marketing campaigns, text message campaigns, pre-recorded call campaigns and online information collection programs in compliance with CAN-SPAM and COPPA, among other laws.
- Developing internal policies for safeguarding personally identifiable information gathered online and from employees.
- Developing privacy compliance policies, procedures, monitoring programs and reporting plans.
- Training management on the requirements of the law, including those with respect to the maintenance and retention of employee records.
- Developing cross-border data transfer programs for multiple Fortune 100 and Fortune 500 companies.
- Helping a U.S.-based multinational corporation create Binding Corporate Rules.
Podcasts & Webinars
- February 27, 2019
- December 5, 2018
Liisa has published extensively in the area of privacy and data security. She is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification (Thomson Reuters, 2018), which has been described as “a no-nonsense roadmap for in-house and external practitioners alike.” Liisa is also the editor of the firm’s eyeonprivacy.com blog, a recap of recent developments in the privacy and cyber space. A few of her more recent additional publications include:
- "3 Privacy Law Predictions For The New Year," Law360, January 1, 2020
- "4 Privacy Law Predictions for 2019," Law360, January 23, 2019
- Co-Author with A. Thomson, "From Panic to Pragmatism: De-Escalating and Managing Commercial Data Breaches," Cyber Security: A Peer Reviewed Journal, Vol. 2, No. 1, Summer 2018 issue
- "Dealing with US Biometric Laws and Litigation," Data Protection Leader, May 2018
- "USA - Behavioural Advertising," Data Guidance, May 8, 2017
- "CFPB Provides Guidance on Consumer Data Protection," Financial Regulation Journal, November 23, 2017
- Law360, January 1, 2019
- Law360, January 1, 2019
- Data Guidance, June 2018
- Bloomberg Law, May 23, 2018
- Commercial Dispute Resolution, October 11, 2017
- Sheppard Mullin Adds Practice Leader to Grow Winston Lateral RosterThe American Lawyer, September 26, 2017
- Sheppard Mullin Nabs Leading Cybersecurity PartnerLaw360, September 25, 2017
- FTC Takes First EU-U.S. Privacy Shield Enforcement ActionsBloomberg Law: Privacy & Data Security, September 8, 2017
- Practising Law InstituteOctober 17-18, 2019
- IAPP Privacy. Security. Risk. 2019September 23, 2019
- Practising Law InstituteSeptember 13, 2019
- Association of Corporate CounselJune 5, 2019
- May 18-22, 2019
- May 2, 2019
- May 1, 2019
- IAPP Data Protection Intensive: UK 2019March 12, 2019
- Third Thursday Emerging Company Webinar Seriesvia GlobalMeet, December 5, 2018
- IAPP Europe Data Protection CongressNovember 27, 2018
- IAPP's Privacy, Security, Risk ConferenceOctober 17, 2018
- SIM Women’s Leadership SummitSeptember 28, 2018
- PLI's Advertising Law InstituteSeptember 13-24
- ACI’s Digital Advertising Law and Compliance ConferenceNew York City, June 25, 2018
- New YorkJune 7, 2018
- Bloomberg Law Leadership ForumNew York, May 23, 2018
- University of Chicago Law SchoolChicago Symphony Orchestra Club, May 17, 2018
- Interactive Data Breach SimulationApril 25, 2018
- IAPP Europe Data Protection Intensive 2018London, April 17, 2018
- at ACI's Cyber Risk & Data Security ConferenceChicago, April 10-12, 2018
- IAPP Global Privacy Summit 2018Washington, D.C., March 26, 2018
- Data Breach BootcampSQUARE - Brussels Meeting Centre, November 6, 2017
- PLI Practising Law InstitutePLI California Center, October 17, 2017
- Data Breach BootcampRenaissance San Diego, October 2017
- Hands-On Data Breach Simulation: Understanding the Roles of Legal, Forensics/IT, and PRGeorge Washington University The Marvin Center, October 4, 2017
- executive committee of the Board of Trustees, Chicago Symphony Orchestra (CSO)
- Chair, Negaunee Music Institute Board, CSO
- subcommittee chair, INTA Building Bridges Committee, International Trademark Association
- Member, International Association of Privacy Professionals
- Member, Women’s Foodservice Forum
- Adjunct Professor, Northwestern University School of Law
- Member, Leading Lawyers Network
- Violinist, Chicago Bar Association Symphony Orchestra