Liisa M. Thomas

Liisa Thomas, a partner based in the Chicago and London offices, is Leader of the firm's Privacy and Cybersecurity Practice Group.

Areas of Practice

Liisa's clients rely on her ability to provide clarity in a sea of confusing legal requirements and describe her as extremely responsive, while providing thoughtful legal analysis combined with real world practical advice. She is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as a no-nonsense roadmap for in-house and external practitioners alike.

Liisa is known as an industry leader in the privacy and data security space and has been recognized by Best Lawyers in America, Leading Lawyers Network, Chambers and The Legal 500, as well as noted by leading publications and organizations for her broad depth of privacy knowledge. She was named to Cybersecurity Docket's Incident Response 30, honoring 30 incident response professionals critical to managing data breaches, in both 2016 and 2018; recognized as the 2017 Data Protection Lawyer of the Year - USA by Global 100; honored as the 2017 U.S. Data Protection Lawyer of the Year by Finance Monthly; and the recipient of the Best in Data Security Law Services at Corporate LiveWire’s 2017 Global Awards.

Liisa, who was born in Finland and previously lived in France, Egypt and Spain, frequently coordinates global efforts in the privacy area for her clients. Clients value her global insights and familiarity with business systems outside of the U.S. With Liisa’s assistance, her clients - which include major consumer brands, advertising agencies and consumer research companies - are able to navigate thorny data breach disclosure issues, use emerging interactive advertising techniques and create compliant security programs, all while effectively managing their legal risks. Clients praise Liisa’s ability to add real value to their businesses, and describe her as keeping [clients] one step ahead of where [they] need to be.

Liisa is an active advocate of women and minorities in the legal industry and was honored for her leadership in the legal field by the Illinois Diversity Council. She is currently an adjunct professor in Northwestern University Law School, and formerly taught privacy courses at several other Chicago-area law schools, including her alma mater, the University of Chicago. Liisa is the Vice-Chair of the Board of Trustees of the Chicago Symphony Orchestra, Chair of the CSO’s Negaunee Music Institute Board and plays violin in the Chicago Bar Association Symphony Orchestra, an orchestra made up of lawyers and judges.

Honors

•Notable Minorities in Accounting, Consulting & Law, Crain’s Chicago Business, 2020
•Best Lawyers in America, Best Lawyers, 2020
•Thought Leader on Cybersecurity, National Law Review, 2019
•Notable Women Lawyers, Crain's Custom Media, 2018
•Leading Lawyer, Cyber Law, Legal 500 USA, 2016-2019
•Named to Cybersecurity Docket's Incident Response 30, honoring 30 incident response professionals critical to managing data breaches, 2016 and 2018
•Leading Lawyer, Chambers Global, Privacy & Data Security, 2015-2020
•Leading Lawyer, Chambers USA, Nationwide Privacy & Data Security, 2014-2019
•Leading Lawyer, Chambers Illinois, Media & Entertainment: Transactional, 2013-2018
•Illinois Super Lawyer, Intellectual Property, Super Lawyers, 2006, 2018-2020
•Leading Woman Lawyer, Chicago Lawyer Magazine’s Diversity Issue, 2018
• Data Protection Lawyer of the Year - USA, Global 100, 2017
• U.S. Data Protection Lawyer of the Year, Finance Monthly, 2017
• Best in Data Security Law Services, Corporate LiveWire’s Global Awards, 2017
•Recipient, National Law Journal's Cybersecurity Trailblazer Award, 2016
•Recipient, Lexology/ILO's Client Choice Award for IT and the Internet, 2016

Digital Media

Nota Bene Episode 25: Keeping Up with Privacy Laws Affecting Your Business with Liisa Thomas

Hot Topics in Privacy Law

Insights

Articles

Liisa has published extensively in the area of privacy and data security. She is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification (Thomson Reuters, 2018), which has been described as “a no-nonsense roadmap for in-house and external practitioners alike.” Liisa is also the editor of the firm’s eyeonprivacy.com blog, a recap of recent developments in the privacy and cyber space. A few of her more recent additional publications include:

• 3 Privacy Law Predictions For The New Year, Law360, January 1, 2020
• 4 Privacy Law Predictions for 2019, Law360, January 23, 2019
•Co-Author with A. Thomson, From Panic to Pragmatism: De-Escalating and Managing Commercial Data Breaches, Cyber Security: A Peer Reviewed Journal, Vol. 2, No. 1, Summer 2018 issue
• Dealing with US Biometric Laws and Litigation, Data Protection Leader, May 2018
• USA - Behavioural Advertising, Data Guidance, May 8, 2017
• CFPB Provides Guidance on Consumer Data Protection, Financial Regulation Journal, November 23, 2017

Eye on Privacy Blog Posts

Turn On the Camera Part Three: Fulfilling CCPA Training Obligations in the Face of COVID-19, March 11, 2020

Books

•Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notifications Worldwide
02.2019

Media Mentions

•Law360's 2020 Cybersecurity & Privacy Editorial Board
Law360, 03.27.2020
•Cybersecurity & Privacy Policy To Watch In 2019
Law360, 01.01.2019
•Cybersecurity & Privacy Predictions For 2019
Law360, 01.01.2019
•Thought Leaders in Privacy: Liisa M. Thomas
Data Guidance, 06.2018
•Sheppard Mullin Partner: U.S. Privacy Norms Already Close to Europe’s
Bloomberg Law, 05.23.2018
•Sheppard Mullin Appoints Privacy Litigator
Commercial Dispute Resolution, 10.11.2017
•Sheppard Mullin Adds Practice Leader to Grow Winston Lateral Roster
The American Lawyer, 09.26.2017
•Sheppard Mullin Nabs Leading Cybersecurity Partner
Law360, 09.25.2017
•FTC Takes First EU-U.S. Privacy Shield Enforcement Actions
Bloomberg Law: Privacy & Data Security, 09.08.2017

Events

•Top Privacy and Cyber Questions in Uncertain Times: A Virtual Resource for In-House Privacy Teams
Webinar, 04.07.2020

•Cybersecurity and Privacy: Convergence in a World of Increasing Cyber Attacks and Data Breaches
03.05.2020

•Advertising Law Institute 2019
Practising Law Institute, October 17-18, 2019

•Privacy Bootcamp for Security Professionals
IAPP Privacy. Security. Risk. 2019, 09.23.2019

•Advertising Law Institute 2019
Practising Law Institute, 09.13.2019

•To CCPA and Beyond! Creating a Flexible Approach to Privacy Compliance
Association of Corporate Counsel, 06.05.2019

•2019 INTA Annual Meeting
May 18-22, 2019

•Women Leading Privacy at the IAPP Global Privacy Summit 2019
05.02.2019

•Global Privacy Summit 2019 Active Learning Day
05.01.2019

•Data Breach Simulation
IAPP Data Protection Intensive: UK 2019, 03.12.2019

•Hot Topics in Privacy Law
Third Thursday Emerging Company Webinar Series, via GlobalMeet, 12.05.2018

•Data Breach Workshop
IAPP Europe Data Protection Congress, 11.27.2018

•Data Breach Bootcamp
IAPP's Privacy, Security, Risk Conference, 10.17.2018

•Security Ecosystems
SIM Women’s Leadership Summit, 09.28.2018

•Big Data and Online Behavioral Advertising (OBA): An Advertiser’s Perspective
PLI's Advertising Law Institute, September 13-24

•Limiting Exposure: Exploring Privacy Concerns for 2018 and Avoiding Unnecessary Risk
ACI’s Digital Advertising Law and Compliance Conference, New York City, 06.25.2018

•Labor & Employment Law Update
New York, 06.07.2018

•Ready or Not, GDPR is Here
Bloomberg Law Leadership Forum, New York, 05.23.2018

•Law in the Information Age Panel
University of Chicago Law School, Chicago Symphony Orchestra Club, 05.17.2018

•Data Security and Privacy Roundtable
Interactive Data Breach Simulation, 04.25.2018

•Data Breach Bootcamp
IAPP Europe Data Protection Intensive 2018, London, 04.17.2018

•Analyzing the Growth of Biometric Data Collection and Resolving Related Privacy Breach Concerns
at ACI's Cyber Risk & Data Security Conference, Chicago, April 10-12, 2018

•Data Breach Bootcamp
IAPP Global Privacy Summit 2018, Washington, D.C., 03.26.2018

•IAPP Europe Data Protection Congress 2017
Data Breach Bootcamp, SQUARE - Brussels Meeting Centre, 11.06.2017

•Advertising Law Institute 2017
PLI Practising Law Institute, PLI California Center, 10.17.2017

•Privacy. Security. Risk. 2017
Data Breach Bootcamp, Renaissance San Diego, 10.2017

•Privacy + Security Forum
Hands-On Data Breach Simulation: Understanding the Roles of Legal, Forensics/IT, and PR, George Washington University The Marvin Center, 10.04.2017