Liisa M. Thomas

Overview

Liisa Thomas, a partner based in the Chicago and London offices, is Leader of the firm's Privacy and Cybersecurity Team and Office Managing Partner of the firm's Chicago office. She is a member of the Intellectual Property Practice, and focuses on privacy, advertising, and unfair competition law.

"Her business-friendliness and expertise set her apart."
- Chambers (2023)

Areas of Practice

Liisa Thomas is a recognized authority in privacy and cybersecurity law, serving as a go-to advisor for in-house counsel and C-suite executives at Fortune 500, multinational, and global companies. Based in Chicago and London, clients rely on her practical, business-focused, and cross-cultural approach to privacy, cybersecurity, digital advertising, and compliance law. Liisa is known for translating complex legal requirements—such as GDPR, CCPA, BIPA, TCPA, and cross-border data transfer issues—into actionable strategies that protect enterprise value and manage risk.

A sought-after keynote speaker and panelist, Liisa regularly presents at leading privacy, cybersecurity, and compliance conferences, as well as executive forums and legal seminars. She is recognized for delivering engaging, insightful presentations on emerging privacy regulations and best practices. Liisa is trainer for International Association of Privacy Professionals, and an adjunct professor at Northwestern University Law School, where she helps train next generation of privacy professionals.

Liisa’s leadership and impact in the legal field have been recognized by Chambers, Legal 500, Lawdragon, and others. She was the 2020 recipient of the Legacy Award from Illinois Legal Aid Online, an organization committed to access to justice. Beyond her legal practice, Liisa serves on the Board of Trustees of the Chicago Symphony Orchestra and plays violin in the Chicago Bar Association Symphony Orchestra, an ensemble of lawyers and judges.

Experience

Selected to serve on multiple IAPP advisory boards, including the education advisory board, helping to develop training content for privacy professionals.
Serve as a faculty trainer for IAPP, conducting privacy compliance training for global audiences.
Supported hundreds of clients, including Fortune 100 and 500 firms, launch privacy and data security compliance programs that navigate the complex legal patchwork.
Develop compliance approach for consumer-facing companies to address the ongoing and developing patchwork of US “comprehensive” laws, including financial incentives assessments, addressing loyalty program requirements, and provision of consumer rights of access, correction and deletion.
Assisted financial services firm with global privacy and data security assessment, including implementation of remediation plans.
Provided guidance to education platform regarding compliance with children's privacy law issues, including compliance with COPPA, FERPA and state laws.
Advised client contracting with schools on methods to address federal and state student privacy laws.
Served as lead counsel in massive ransomware incident, guiding client through forensic investigation to notification.
Developed cross-border data transfer programs for multiple Fortune 100 and Fortune 500 companies.
Helped a U.S.-based multinational corporation create binding corporate rules.
Created data breach assessment and notification programs (both post-breach and pro-active pre-breach plans) for Fortune 100 companies.
Provide data incident response coaching for clients for a wide variety of incidents, including phishing, ransomware, malware, and insider threat.
Assist clients in developing e-mail marketing campaigns, text message campaigns, pre-recorded call campaigns and online information collection programs in compliance with a wide variety of privacy and advertising laws.
Develop internal policies for safeguarding personally identifiable information gathered online and from employees.
Develop privacy compliance policies, procedures, monitoring programs and reporting plans.
Conduct internal trainings for business teams on privacy and advertising law requirements.

Honors

Thought Leading Co-Author, Data Protection - U.S., Mondaq, Spring 2025
Leading Author - Data Privacy and Protection and Technology, Media and Telecommunications, Lexology Legal Influencers, Q4 2024
Leading Global Cyber Lawyers list, Lawdragon, 2024
Who's Who Legal: Data, 2024-2025
Leading Lawyer, Chambers Global, Privacy & Data Security, 2015-2025
Hall of Fame (2020-2025), Leading Partner (2016-2021), Recommended Lawyer (2022-2025) - Cyber Law, Legal 500
Thought Leading Author, Data Protection - UK, Mondaq, Spring 2024
Top Author, JD Supra Readers' Choice Awards, 2023-2025
Best Lawyers in America, Best Lawyers, 2020-2025
Top Intellectual Property, Media & Advertising Lawyer, Super Lawyers, 2006, 2018-2025
Named to Cybersecurity Docket's "Incident Response 50" (2023-2024), "Incident Response 40" (2021-2022) and "Incident Response 30" (2016, 2018), honoring the best and brightest data breach response lawyers in the business
Sheppard Mullin's Diversity and Inclusion Award, 2022
Lawyer of the Year - Privacy and Data Security, Best Lawyers, 2022
Notable Women in Law, Crain’s Chicago Business, 2020, 2022, 2024
Leading Lawyer, Chambers USA, Nationwide Privacy & Data Security, 2014-2022, 2024-2025
Leading Lawyer, Leading Lawyers, 2016-2022, 2025
Legacy Award, Illinois Legal Aid Online, 2020
Notable Minorities in Accounting, Consulting & Law, Crain’s Chicago Business, 2020
Thought Leader on Cybersecurity, National Law Review, 2019
Notable Women Lawyers, Crain's Custom Media, 2018
Leading Lawyer, Chambers Illinois, Media & Entertainment: Transactional, 2013-2018
Leading Woman Lawyer, Chicago Lawyer Magazine’s Diversity Issue, 2018
"Data Protection Lawyer of the Year – USA," Global 100, 2017
"U.S. Data Protection Lawyer of the Year," Finance Monthly, 2017
"Best in Data Security Law Services," Corporate LiveWire’sGlobal Awards, 2017
Recipient, National Law Journal's Cybersecurity Trailblazer Award, 2016
Recipient, Lexology/ILO's Client Choice Award for IT and the Internet, 2016

Insights

Articles

3 Change Management Tools To Boost Compliance Efforts
Law360, 04.29.2025
Change Management Can Help Leaders Get on Board With Compliance
Bloomberg Law, 03.14.2025
7 Steps To Sell Corporate Leadership On Privacy Compliance
Law360, 01.28.2025
Eye on Privacy: 2024 Year in Review
01.21.2025
5 Privacy Law Trends That Will Continue In 2025
Law360, 01.09.2025
Firms Must Rethink How They Train New Lawyers In AI Age
Law360, 06.18.2024
Eye on Privacy: 2023 Year in Review
01.26.2024
8 Privacy Law Predictions For 2024
Law360, 01.08.2024
A Look At Mass. Sports Betting Data Privacy Regulations
Law360, 11.30.2023
Consumer Choice over Use of Personal Information
LexisNexis Practical Guidance, 11.01.2023
Consumer Requests: Access and Portability
LexisNexis Practical Guidance, 11.01.2023
Consumer Requests: Correcting and Deleting Personal Information
LexisNexis Practical Guidance, 11.01.2023
Consumer Requests: Preliminary Considerations for Responding
LexisNexis Practical Guidance, 11.01.2023
Privacy Policy Fundamentals: Preliminary Considerations for Drafting a Privacy Notice
LexisNexis Practical Guidance, 11.01.2023
Privacy Policy Fundamentals: The Notice Requirement
LexisNexis Practical Guidance, 11.01.2023
Data Protection Committee Issues Report On Privacy Law Issues
International Trademark Association, 11.01.2023
State Privacy Laws: Not As Comprehensive As You May Think
Law360, 09.19.2023
In-Office Engagement Is Essential To Associate Development
08.08.2023
GDPR and U.S. States' General Privacy Laws Deskbook
04.17.2023
Data Privacy Law Fundamentals Part 2
LexisNexis Practical Guidance, 04.06.2023
Data Privacy Law Fundamentals Part 1
LexisNexis Practical Guidance, 04.06.2023
Dark Patterns — How Brands Can Avoid Deceptive User Interfaces in Ad Campaigns
AdAge, 03.28.2023
5 Data Privacy Law Trends That Will Continue Into 2023
Law360, 01.02.2023
Tips for Managing and Mitigating Data Privacy Risk
Risk & Compliance, October-December 2022 issue
Eye on Privacy 2021 Year in Review
01.11.2022
5 Privacy Law Predictions for 2022
Law360, 01.07.2022

Liisa is a trusted authority and frequent thought leader on privacy, data security, and corporate compliance topics. She regularly advises C-Suite executives and in-house legal teams at Fortune 500 companies on these issues, as well as speaking at leading industry organizations and writing extensively for respected legal and business publications. She has authored two treatises with Westlaw (a division of Thomson Reuters), Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification and Thomas on Big Data: A Practical Guide to Global Privacy Laws, both recognized as no-nonsense roadmaps for in-house and legal practitioners. As the editor of the firm’s Eye on Privacy blog, Liisa works with her team to provide timely updates and practical guidance on global privacy, cybersecurity, digital advertising, compliance and regulatory developments. Examples of some of her publications and speeches, which provide overviews of innovative approaches for addressing privacy and security compliance, critical issues for enterprise privacy programs, and more, are listed below:

“3 Change Management Tools to Boost Compliance Efforts,” Law360, April 2025
“7 Steps to Sell Corporate Leadership on Privacy Compliance,” Law360, January 2025
“Change Management Can Help Leaders Get On Board With Compliance,” Bloomberg Law, March 2025
“Firms Must Rethink How They Train New Lawyers In AI Age,” Law360, June 2024
“State Privacy Laws: Not As Comprehensive As You May Think,” Law360, September 2023
“Dark Patterns -- How Brands Can Avoid Deceptive User Interfaces in Ad Campaigns,” AdAge, March 2023
"Identifying and Preparing for Privacy and Cyber Security Risks," Risk & Compliance Magazine, July-Sept 2021 issue
"How to Take a Holistic Approach to Privacy Compliance in an Ever-Changing Legal Landscape," Global Data Review, January 14, 2021
"Dealing with US Biometric Laws and Litigation," Data Protection Leader, May 2018
"USA - Behavioural Advertising," Data Guidance, May 8, 2017

Consumer Finance and Fintech Blog

"State Privacy Law Roundup: What Financial Services Entities Need to Know," August 18, 2023

Covering Your Ads Blog

"FTC Increases Scrutiny of Negative Option Marketing," March 23, 2023

Esports and Games: Game Counsel

"Video Games, AI, and …the Law?," April 28, 2022

Healthcare Law Blog

"State Privacy Law Roundup: What Health Care Companies Need to Know," July 26, 2023

Retail Law Blog

"State Privacy Law Roundup: What Retailers Need to Know," July 26, 2023

Privacy & Cybersecurity: Eye on Privacy Blog

"Big Sky State Makes Big Privacy Updates," June 24, 2025
"Oregon Extends Privacy Law to Specifically List Auto Makers," June 18, 2025
"North Dakota Passes New Data Security Law for 'Financial Corporations'," June 17, 2025
"Growing List of States Attempting to Regulate Kids’ Social Media Accounts: Nebraska Husks Up," June 16, 2025
"Michigan AG Sues Roku Over Alleged Privacy Violations," May 28, 2025
"Montana Amends Law to Cover Collection and Use of Neural Data," May 27, 2025
"Virginia Will Add to Patchwork of Laws Governing Social Media and Children (For Now?)," May 15, 2025
"Belgian DPA Finds Certain Tax Information Transfers to IRS Unlawful," May 12, 2025
"Lessons from the FTC: The Cleo AI Settlement," April 29, 2025
"New Era of Collaboration? States Team Up to Coordinate on Privacy Laws," April 28, 2025
"Insurance Cybersecurity Certifications: An (Updated) State Roundup," April 14, 2025
"Arkansas’ Kids Social Media Law: Another One Bites the Dust," April 10, 2025

"Auto Insurer Settles With New York AG Over Insurance Application Platform Security Issues," April 4, 2025
"US State AI Legislation: Virginia Vetoes, Colorado (Re)Considers, and Texas Transforms," March 28, 2025

"SEC Creates New Tech-Focused Enforcement Team," March 28, 2025
"Utah Pioneers App Store Age Limits," March 27, 2025
"Oregon’s Privacy Law: Six Month Update, With Six Months to End of Cure Period," March 26, 2025

"New York AG Settles with School App," March 24, 2025
"Common Privacy Pitfalls in M&A Deals," March 12, 2025
"Forget It!: EDPB Announces Focus on Right to Erasure in 2025," March 11, 2025
"FTC Requests Input from Tech Platform Users About Speech," March 10, 2025

"FTC COPPA Rule Updates: On Hold?," February 26, 2025
"Oregon’s AI Guidance: Old Laws in Scope for New AI," February 25, 2025
"New Jersey Updates Discrimination Law: New Rules for AI Fairness," February 20, 2025

"New Year, Old Tradition: CPPA Focuses on Unregistered Data Brokers," February 18, 2025
"California’s Kids’ Social Media Law Wrangling Continues, and Maryland Too!," February 5, 2025
"EU Fines EU?!: Alleged Unlawful Data-Transfer Dust-Up," February 3, 2025
"Don’t Forget the EU: Italy Issued First GenAI Fine of €15 Million Alleging GDPR Violations," January 28, 2025
"Sheppard Mullin’s 2024 Eye on Privacy Year in Review," January 21, 2025
"Colorado Rolls Out Updated Privacy Rules Ahead of 2025 CPA Amendments," January 7, 2025
"New Year, New Protections for New York Artists and AI-Generated Replicas," January 6, 2025

"New York Modifies Data Breach Law Heading Into 2025," January 3, 2025
"FTC Keeps Sights on Data Brokers that Sell Sensitive Location Sites," December 20, 2024
"FCC’s One-To-One Consent Rule Takes Effect in January," December 19, 2024

"Coming to a State Near You: 5 State Privacy Laws Take Effect in January 2025," December 18, 2024
"‘All Hands on Deck’ – White House Continues to Call on Agencies for AI National Security Plan," December 16, 2024

"California’s Privacy Regulator Had a Busy November, Data Broker Edition: What Does It Mean for Businesses?," December 13, 2024
"California’s Privacy Regulator Had a Busy November, Cybersecurity Audits and Insurance Edition: What Does It Mean for Businesses?," December 12, 2024

"California’s Privacy Regulator Had a Busy November, Risk Assessment Edition: What Does It Mean for Businesses?," December 11, 2024
"California’s Privacy Regulator Had a Busy November, Automated Decisionmaking Edition: What Does It Mean for Businesses?," December 10, 2024

"California’s Privacy Regulator Had a Busy November: What Does It Mean for Businesses?," December 9, 2024
"Click! FTC Updates Its Negative Option Rule," November 19, 2024

"New York AG Settles EnforcemENT Action with ENT," November 15, 2024
"UK and US Issue Joint Statement on Children’s Privacy," November 11, 2024

"How Legitimate Is Your Business Interest? The EDPB Has Some Thoughts," November 7, 2024
"#StatusUpdate on Social Media, Apps, and Children’s Privacy," November 6, 2024
"EDPB Provides Insight for Use of Tracking Tools," November 1, 2024
"The Privacy and Data Security Impact of California’s Recent AI Bills," October 29, 2024
"Amendments to NYDFS’ Cybersecurity Regulations Take Effect November 1," October 28, 2024
"FTC Social Media Staff Report Suggests Enforcement Direction and Expectations," October 21, 2024
"California Joins Colorado in the Brain Wave Action," October 1, 2024
"Promising Decision in Wiretapping Case, Win for Businesses," September 26, 2024

"California: Age-Appropriate Design Code Act Partially Blocked, New Social Media Law Signed," September 25, 2024

"Malaysia In Process of Updating Its Privacy Law," September 24, 2024
"October 1st Reminder – Big Sky Privacy Law Goes into Effect," September 23, 2024

"New Data Breach Notification Obligations for PA – and a New Reporting Portal," September 17, 2024
"Brazil’s Data Protection Authority Issues Rules Clarifying Data Transfers," September 20, 2024

"Camera Company Will Pay $2.95 Million to Settle Security Claims," September 11, 2024
"Regulators On Both Sides of the Pond Seek Input on Children’s Privacy," September 6, 2024
"Biotech Company Settles with Three State AGs Over Security Practices," August 27, 2024

"Illinois Updates Employment Law to Address Artificial Intelligence," August 26, 2024
"NY AG Releases Website Privacy Guides for Businesses and Consumers," August 22, 2024
"CARU Settles With KidGeni AI Platform Over Alleged Privacy Violations," August 16, 2024
"AI Summer Roundup: EU and Colorado Celebrate Summer with AI Legislation," August 13, 2024
"Colorado’s Privacy Law Gets in on the Brain Wave Action," August 6, 2024
"Ring, Ring, it’s the FCC Calling- TracFone to Pay $16M to Settle FCC Investigation," August 1, 2024
"Websites Beware!: FTC Joins Other Regulators in Scrutinizing Alleged Dark Patterns," July 24, 2024

"Indiana Amends Breach Notification Law Along with New Adult Website Verification Requirement," July 23, 2024
"Keystone State Tweaks its Data Breach Notification Law Again," July 22, 2024
"Rhode Island, the Ocean State, Sails the Privacy Waves," July 8, 2024
"It’s (Almost) July 1!: Did You Remember Oregon and Texas (and Florida)’s New Privacy Laws?" June 25, 2024
"Impact of Tennessee’s Cybersecurity Class Action Safe Harbor," June 25, 2024
"Vermont Governor Vetoes Comprehensive Privacy Bill," June 17, 2024
"What Does an Adaptable Privacy Program Look Like?" June 13, 2024
"The Land of 10,000 Lakes Adds New Consumer Privacy Law: Minnesota Joins Privacy Fray," June 10, 2024
"The Privacy Patchwork: Beyond US State 'Comprehensive' Laws," June 3, 2024
"Mid-Year Recap: Think Beyond US State Laws!" May 29, 2024
"Tennessee’s ELVIS Act Incorporates AI Considerations into Right of Publicity Protections," May 24, 2024
"Maryland, the Old Line State, Creates New Lines with Consumer Privacy Law," May 20, 2024

"May 1 Brings Another Privacy Law to the Beehive State: The Utah Motor Vehicle Data Protection Act," April 29, 2024
"Utah’s New AI Disclosure Requirements Effective May 1," April 26, 2024
"Nebraska Fourth State to Enact Privacy Law in 2024," April 25, 2024
"Utah Breach Notice Law Amended, Effective May 1," April 22, 2024
"Kentucky’s New Consumer Privacy Law: Is the Privacy Grass Greener in the Bluegrass State?" April 12, 2024
"New Hampshire, the Granite State, Joins Privacy Law Deluge: Sets Its Law in Stone," March 27, 2024
"ICO Has Concerns Over Facial Recognition Use," March 25, 2024
"FTC Seeks Comments on AI Impersonation Rules," March 20, 2024
"Sheppard Mullin Creates Privacy Law Resource Center," March 19, 2024
"DPA 101: Do You Know Where Your Data Is?" February 28, 2024
"AI-Generated Voice Calls: New Tech, Old Rules," February 27, 2024
"EDPB Provides Guidance on Determining Primary Supervisory Authority," February 27, 2024
"UK ICO Uses AI In Cookie Banner Review," February 7, 2024
"The Garden State Cultivates a Consumer Privacy Law – The First for 2024," January 29, 2024
"Privacy Day 2024: A Look Back at Developments from 2024," January 26, 2024
"FTC Continues Focus on Data Brokers and Sensitive Information," January 9, 2024
"Current Status of US State Privacy Law Deluge: It’s 2024, Do You Know Where Your Privacy Program’s At?" January 9, 2024
"Bookmark This!: Colorado Launches Universal Opt Out Mechanism List," January 8, 2024
"FTC Reaches $7 Million Settlement Over Response Tree’s “Consent Farm” Sites," January 4, 2024
"Data Broker Rulemaking in Texas and Oregon," December 22, 2023
"California Releases Automated Decision Rules in Draft," December 20, 2023
"Connected Devices: Eyes on EU Data Act," December 19, 2023
"FTC Decision with Global Tel*Link Signals Expectations for Use of Testing Environments," November 29, 2023
"What Is the Privacy Impact of the White House AI Order for Businesses?," November 28, 2023
"CNIL Fines Canal+ Over Marketing and Data Security Concerns," November 27, 2023
"Amended Kochava Complaint Gives Insight into FTC’s View of Harm from Data Profiles," November 21, 2023
"FTC Vocalizes AI Voice Cloning Challenge," November 17, 2023
"Massachusetts Wagers Big on Privacy in Sports Betting," November 15, 2023
"No Need to Mind the Gap – UK Extension is a Data Bridge for US-UK Data Transfers," October 10, 2023
"The Comprehensive Privacy Law Deluge: Impact on Loyalty Programs," October 2, 2023
"SEC Gives Finality on Cybersecurity Disclosures for Public Companies," September 28, 2023
"What Do the CPPA’s Draft Regulations on Risk Assessments and Cybersecurity Audits Mean for Companies?," September 14, 2023
"The 'First State' Officially Becomes the Thirteenth State with a Comprehensive Data Privacy Law," September 13, 2023
"The Comprehensive Privacy Law Deluge: Record-Keeping and Related Requirements," September 11, 2023
"Considerations for Participation in the EU-US Data Privacy Framework," September 7, 2023
"Texas’ SCOPE Act Puts Focus on Social Media and Minors," September 5, 2023
"Scraping the Bottom of the Barrel: X Corp. Sues Bright Data Over Site Scraping," August 29, 2023
"OpenAI – FTC OpensAnInvestigation," August 28, 2023
"In 2024 Oregon Will Join Short List of States Requiring Data Broker Registration," August 16, 2023
"California Regulator Drives Inquiry into Vehicle Data," August 15, 2023
"Iowa Joins Growing List to Offer Potential Safe Harbor for Companies With Security Programs," August 10, 2023
"State Comprehensive Privacy Laws – Beaver State Makes a Dozen," July 21, 2023
"Impact of the Last Minute CCPA-Enforcement Delay," July 10, 2023
"EU Adopts Adequacy Decision for EU-US Data Privacy Framework," July 10, 2023
"The Comprehensive Privacy Law Deluge: Approaching Notice Obligations," July 6, 2023
"EDPB Adopts Binding Corporate Rules Recommendations," July 5, 2023
"The Comprehensive Privacy Law Deluge: Updating Vendor Contracts," June 27, 2023
"The Comprehensive Privacy Law Deluge: What to Do About “Profiling”," June 26, 2023
"The Lone Star State Joins the Privacy Law Deluge: Another Governor Signs," June 19, 2023
"The Comprehensive Privacy Law Deluge: Approaching Choice and Rights," June 14, 2023
"Connecticut Enters AI Fray," June 13, 2023
"Don’t Forget Deception: FTC and Biometrics," June 13, 2023
"Another Governor Signs: Florida Privacy Law Will be Effective July 2024," June 12, 2023
"Where Do We Stand?: EU to US Data Transfers," June 9, 2023
"The Comprehensive US Privacy Law Deluge: Which US Privacy Laws Apply to Your Company?" May 30, 2023
"Montana Governor Signs Big Sky’s Privacy Law," May 23, 2023
"EyeMed Data Breach Multistate Settlement," May 18, 2023
"Another Governor Signs: Tennessee Volunteers to Join the Privacy Patchwork," May 15, 2023
"Governor Signs: Hoosier State Adds to the US Privacy Patchwork," May 3, 2023

"May 2nd Marks Effective Date of Pennsylvania Breach Law Amendments," May 1, 2023
"Utah Amends Data Breach Law, Creates Cyber Center," April 21, 2023
"The Beehive State Joins the Buzz Around Minors and Social Media," April 12, 2023
"Colorado Privacy Law Regulations Finalized: Time to Review Information Practices," March 28, 2023
"UK App Code Provides Privacy and Security Compliance Direction," February 9, 2023
"CNIL Weighs in On GDPR Applicability to US Company," February 7, 2023
"Graduation Goods Settlement: A Good Reminder of AGs’ Data Security Priorities," February 1, 2023
"EU’s Initial Response to US Proposed Data Transfers Framework," December 22, 2022

"Lessons From New York AG Scrutiny of Breach Investigation and Response," November 14, 2022

"FTC Action Against Drizly and CEO Provides Insight Into Its Security Expectations," November 3, 2022

"IAB Steps In State Signal Morass," October 25, 2022
"Comparing and Contrasting the Opt Out Preference Signal Across States," October 24, 2022
"State Comprehensive Privacy Laws: Status of the Regulations," October 20, 2022
"EU To Review New EU-US Data Transfers Framework," October 10, 2022
"Impact on Companies of California’s Children’s Privacy Law – Effective 2024," September 28, 2022
"FTC Renews Focus on Dark Patterns," September 27, 2022
"Children’s App Settles with CARU Over COPPA and Guideline Violation Allegations," August 25, 2022
"NAD Examines Privacy Statements Made By DuckDuckGo in Online Ads," July 28, 2022
"Preparing for US State Privacy Law Compliance: The Six Month Mark," July 25, 2022
"Wegmans Settles With NYAG for $400,000 Over Data Incident," July 14, 2022
"Privacy and Cybersecurity Training: Addressing Regulatory Concerns," July 12, 2022
"UK ICO and NCSC Issue Caution About Making Ransomware Payments," July 11, 2022
"What Should We Do About the Draft CPRA Regulations?: Choice," June 27, 2022
"Maryland Amends Data Security and Breach Notice Obligations," June 22, 2022
"FTC Weighs In On Data Breach Notification," June 16, 2022
"FTC Continues Focus on Children’s Privacy," May 27, 2022
"What’s the Big Deal About Dark Patterns?," May 25, 2022
"Connecticut Fifth State to Pass a Comprehensive Privacy Law," May 12, 2022
"Formation of CBPR Forum Signals Continued Movement," May 2, 2022
"Arizona Expands Regulator Data Breach Notification Obligations," April 11, 2022
"Indiana Breach Notification Law Amended, Changes Effective July 1, 2022," April 5, 2022
"DAA Issues Warning On Device Fingerprinting," March 23, 2022
"Keeping Both Eyes on Cybersecurity," March 22, 2022
"FTC Continues to Signal Interest in Digital Health Industry, Publishing Updated Resources," March 15, 2022

Books

Media Mentions

Sheppard Mullin Attorneys Named to Law360's 2025 Editorial Advisory Boards
Law360, 03.24.2025
California Neural Privacy Law Spurs Fresh Compliance Headache
Bloomberg Law, 10.04.2024
Nine Impacts of New Jersey and New Hampshire Privacy Laws
Cybersecurity Law Report, 02.14.2024
The Most-Read Legal Industry Law360 Guest Articles of 2023
Law360, 12.22.2023
Sheppard Mullin’s New River North Office Promotes Individuality
Chicago Lawyer Magazine, 09.06.2023
Mastering the Dynamic Landscape of Privacy and Cybersecurity Laws
MSL 300, 08.15.2023
Despite Federal Regulations, States Likely to Tread Their Own AI Regulatory Path
Legaltech News, 06.22.2023
How I Made Office Managing Partner: 'Inclusion, Compassion and Zest for My Work and Community,' Says Liisa Thomas
Law.com, 01.23.2023
Forget What You’ve Heard, Cybersecurity Attorneys Don’t Always Need Tech Skills
Legaltech News, 07.21.2022
New role, same vision
Chicago Lawyer, 07.2022
Sheppard Mullin Names New Chicago Leader
Law360, 05.23.2022
Spotlight on ILAO supporters and leaders: Liisa Thomas
Illinois Legal Aid Online, 10.07.2021
Does the Lindy effect apply to law?
Legal Evolution, 07.11.2021
Black Cyber Lawyers See Racial Diversity as Key to Data Safety
Bloomberg Law, 07.01.2021
Law360's 2020 Cybersecurity & Privacy Editorial Board
Law360, 03.27.2020
Cybersecurity & Privacy Policy To Watch In 2019
Law360, 01.01.2019
Cybersecurity & Privacy Predictions For 2019
Law360, 01.01.2019
Thought Leaders in Privacy: Liisa M. Thomas
Data Guidance, 06.2018
Sheppard Mullin Partner: U.S. Privacy Norms Already Close to Europe’s
Bloomberg Law, 05.23.2018
Sheppard Mullin Appoints Privacy Litigator
Commercial Dispute Resolution, 10.11.2017
Sheppard Mullin Adds Practice Leader to Grow Winston Lateral Roster
The American Lawyer, 09.26.2017
Sheppard Mullin Nabs Leading Cybersecurity Partner
Law360, 09.25.2017
FTC Takes First EU-U.S. Privacy Shield Enforcement Actions
Bloomberg Law: Privacy & Data Security, 09.08.2017

Speaking Engagements

Speaker, "Which Rights for Which Data? A Legal Take on the Big Data Landscape," INTA The Business of Data Conference, March 22, 2023
Coffee Chat with Liisa Thomas
Northwestern Law and Technology Initiative, July 12, 2022
Panelist, “Legal trends to watch: from influencer missteps to privacy pitfalls,” Ad Age Next: CMO Conference, December 1, 2021
Speaker and faculty, “Technotainment” 2021: Distributing Content Across Multiple Platforms, Practising Law Institute, September 17, 2021

Events

Twenty-Sixth Annual Institute on Privacy and Cybersecurity Law
The Rest of the Story: US Privacy and Security Law Developments Beyond Comprehensive State Privacy Laws, 06.09.2025
Compliance & Ethics Essentials 2025 (Chicago)
Social Responsibility and Third Party Risk Management, 04.28.2025
IAPP Global Privacy Summit 2025
Foundations of Privacy and Data Protection, Washington, D.C., 04.22.2025
Navigating the Privacy Maze: Mastering Privacy and Data Security Issues in Mergers & Acquisitions
Webinar, 03.04.2025
Data Privacy Day 2025: Trends on the Horizon
Webinar, 01.28.2025
IAPP Privacy. Security. Risk. 2024
Foundations of Privacy and Data Protection, Los Angeles, CA, 09.22.2024
Twenty-Fifth Annual Institute on Privacy and Cybersecurity Law
Beyond Comprehensive State Laws – What’s Happening in Privacy and Data Security Law in the Rest of the US?, 06.03.2024
IAPP Global Privacy Summit 2024
Foundations of Privacy and Data Protection, Washington, D.C., 04.02.2024
The Business of AI Conference
Bringing It Together: What the Future with AI Holds , 03.21.2024
Foundations of Privacy and Data Protection
10.04.2023
Handling the US State Privacy Law Deluge
Webinar, 08.01.2023
Tech Me Up! Session #1 – From Regulation to Innovation: AI regulation in the EU, UK and Worldwide
Taylor Wessing Webinar, 07.11.2023
Twenty-Fourth Annual Institute on Privacy and Cybersecurity Law
Beyond the Comprehensive State Privacy Laws – What’s Happening in Privacy and Data Security Law in the Rest of the US?, 06.05.2023
Foundations of Privacy and Data Protection
06.01.2023
Incident Response Forum Masterclass
Managing Insurance Issues Before and After an Incident, Virtual, 04.20.2023
Privacy Litigation and Enforcement in a CPRA+ World
Webinar, 02.08.2023
Understanding and Managing Cyber and Privacy Risk in an Increasingly Risky World
Virtual, 10.11.2022
Advertising Law Institute
September 29-30, 2022
Privacy in the Multiverse of Madness: Protecting Data in Real Life and Beyond
7th Annual Internet of Things (IoT) National Institute, Virtual, 09.13.2022
Twenty-Third Annual Institute on Privacy and Cybersecurity Law
The Allegro Royal Sonesta Hotel Chicago Loop, 171 West Randolph Street, Chicago, IL 60611, June 6-7, 2022
Understanding and Managing Risk in an Increasingly Risky World
Webinar, 05.25.2022
Privacy Connect: What do you think? - A Review of Privacy Program Management
Webinar, 04.06.2022
Understanding and Managing Risk in a Risky Technotainment World
"Technotainment" 2021: Distributing Content Across Multiple Platforms, In-person or virtual, 09.17.2021
ABA Internet of Things (IoT) National Institute 2021
Virtual, 6.10.2021-6.11.2021
Compliance Under Biden
Practical Insights for Turbulent Times: WSJ Risk & Compliance Forum, Virtual, 05.05.2021
Inside Scoop video #3: Project Management for Privacy Professionals
ANA Law & Public Policy Conference, In-person or virtual, 04.28.2021
Inaugural Ad Law Symposium
Webinar, 01.27.2021
2020 ANA/BAA Marketing Law Conference: A Virtual Experience
Virtual, 11.10.2020-11.12.2020
Advertising Law Institute 2020
Practising Law Institute Webcast, In-person or virtual, 10.15.2020-10.16.2020
Hot Topics in Privacy and Cyber Security in Uncertain Times: A Virtual Resource for In-House Privacy Teams
Webinar, 07.15.2020
Virtual Chicago KnowledgeNet: May 26, 2020
05.26.2020
Top Privacy and Cyber Questions in Uncertain Times: A Virtual Resource for In-House Privacy Teams
Webinar, 04.07.2020
Cybersecurity and Privacy: Convergence in a World of Increasing Cyber Attacks and Data Breaches
03.05.2020
Advertising Law Institute 2019
Practising Law Institute, October 17-18, 2019
Privacy Bootcamp for Security Professionals
IAPP Privacy. Security. Risk. 2019, 09.23.2019
Advertising Law Institute 2019
Practising Law Institute, 09.13.2019
To CCPA and Beyond! Creating a Flexible Approach to Privacy Compliance
Association of Corporate Counsel, 06.05.2019
2019 INTA Annual Meeting
May 18-22, 2019
Women Leading Privacy at the IAPP Global Privacy Summit 2019
05.02.2019
Global Privacy Summit 2019 Active Learning Day
05.01.2019
Data Breach Simulation
IAPP Data Protection Intensive: UK 2019, 03.12.2019
Hot Topics in Privacy Law
Third Thursday Emerging Company Webinar Series, via GlobalMeet, 12.05.2018
Data Breach Workshop
IAPP Europe Data Protection Congress, 11.27.2018
Data Breach Bootcamp
IAPP's Privacy, Security, Risk Conference, 10.17.2018
Security Ecosystems
SIM Women’s Leadership Summit, 09.28.2018
Big Data and Online Behavioral Advertising (OBA): An Advertiser’s Perspective
PLI's Advertising Law Institute, September 13-24
Limiting Exposure: Exploring Privacy Concerns for 2018 and Avoiding Unnecessary Risk
ACI’s Digital Advertising Law and Compliance Conference, New York City, 06.25.2018
Labor & Employment Law Update
New York, 06.07.2018
Ready or Not, GDPR is Here
Bloomberg Law Leadership Forum, New York, 05.23.2018
Law in the Information Age Panel
University of Chicago Law School, Chicago Symphony Orchestra Club, 05.17.2018
Data Security and Privacy Roundtable
Interactive Data Breach Simulation, 04.25.2018
Data Breach Bootcamp
IAPP Europe Data Protection Intensive 2018, London, 04.17.2018
Analyzing the Growth of Biometric Data Collection and Resolving Related Privacy Breach Concerns
at ACI's Cyber Risk & Data Security Conference, Chicago, April 10-12, 2018
Data Breach Bootcamp
IAPP Global Privacy Summit 2018, Washington, D.C., 03.26.2018
IAPP Europe Data Protection Congress 2017
Data Breach Bootcamp, SQUARE - Brussels Meeting Centre, 11.06.2017
Advertising Law Institute 2017
PLI Practising Law Institute, PLI California Center, 10.17.2017
Privacy. Security. Risk. 2017
Data Breach Bootcamp, Renaissance San Diego, 10.2017
Privacy + Security Forum
Hands-On Data Breach Simulation: Understanding the Roles of Legal, Forensics/IT, and PR, George Washington University The Marvin Center, 10.04.2017

Memberships

2025 Cybersecurity & Privacy Editorial Advisory Board, Law360
Training Advisory Board, International Association of Privacy Professionals (IAPP)
Member of the Board of Trustees, Chicago Symphony Orchestra (CSO)
Board member, FGLI (First-Generation, Lower-Income) Consortium
Subcommittee Chair, INTA Building Bridges Committee, International Trademark Association
Member, International Association of Privacy Professionals
Member, Women’s Foodservice Forum
Adjunct Professor, Northwestern University School of Law
Member, Leading Lawyers Network
Violinist, Chicago Bar Association Symphony Orchestra