O’Melveny Worldwide


Our proven team guides you through privacy and data security suits—and the reputational and enforcement risks that come with them.

The Threat of Mass Arbitration: How Companies Can Avoid Becoming the Next Target

Our proven team guides you through privacy and data security suits—and the reputational and enforcement risks that come with them.

The Threat of Mass Arbitration: How Companies Can Avoid Becoming the Next Target

Personal information is critical to your business, but it comes with increasingly complex and ever-expanding legal obligations from states and the federal government. It’s also a constant target for plaintiffs, who are pursuing more class actions and other legal challenges to companies’ business and data security practices. Our litigators, including many with industry and government experience dealing with information privacy and data security, are here to help.

We advise clients on complex, often novel data privacy claims, bringing to bear decades of legal, industry, and government experience, shaped by state privacy laws such as the Illinois Biometric Information Privacy Act (BIPA), California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), other recent comprehensive state privacy regimes, and state wiretapping statutes. Our team includes an award-winning class-action and commercial litigator with two decades of experience defending companies against privacy and cybersecurity claims, the former lead cyber hacking and intellectual property US Attorney for the Northern District of Texas, and a former general counsel at a major media company. Their insight helps us offer holistic counsel. We advise executives, technology leads, and in-house counsel on avoiding and managing operational, reputational, and enforcement risk, and we defend any investigations or litigation that might arise.

Advanced Micro Devices

Won dismissal of in related consumer and securities class actions over an alleged security vulnerability called “Spectre” that could affect microprocessors used in nearly all computers.

American Airlines

Obtained dismissal of a biometric privacy class claim brought against American under Illinois’ Biometric Information Privacy Act, a first-of-its-kind win for the airline and the industry more broadly amid states’ increasing efforts to adopt biometric privacy laws.

Envoy Air

Represented Envoy Air in a class action alleging violations of the Illinois BIPA related to the airline’s time-tracking practices. We succeeded in significantly limiting the time period of plaintiff’s claims, eliminating about four and a half years of the proposed class period and leaving plaintiff with a viable claim for only about six months.

Fidelity Management Trust Company

Won dismissal of class action under California Invasion of Privacy Act challenging Fidelity Management’s use of voice verification technology to protect customers against potential fraud, and convincing plaintiffs’ counsel to drop virtually identical cases challenging technology used by TransUnion, Vanguard and T. Rowe Price.

Hanwha Techwin America

Successfully defended the video equipment manufacturer against a proposed class action alleging that the company should be held liable for invading privacy under the Illinois Biometric Information Privacy Act by scanning shoppers’ faces even though it did not own or operate the scanning devices.


Secured a victory for Meta when the Ninth Circuit affirmed a district court ruling refusing to find Israeli spyware company NSO Group immune from litigation over an alleged hack of WhatsApp. The US Supreme Court turned away NSO’s appeal of the decision that the lawsuit could move forward, after asking the US Solicitor General to weigh in on the arguments presented.

TeamViewer US

Successfully moved to dismiss a putative consumer class action alleging that the software company’s practice of automatically renewing subscriptions violated the California Consumer Privacy Act (CCPA) and Unfair Competition Law. We convinced the court that the plaintiffs failed to allege any data breach as defined under the CCPA, a novel issue which had only briefly been addressed by one earlier court decision. The ruling was affirmed on appeal before the Ninth Circuit.


Obtained dismissal on the pleadings for Visa in a lawsuit challenging its loss-allocation process for account data compromise events, as part of decades-long representation of Visa in numerous data-security legal proceedings.

World-Leading Technology Provider

Won dismissal of class action invoking California wiretapping statute and other state-law claims challenging world-leading technology provider for allegedly failing to prevent app developer on the company’s platform from having access to information on manufacturer’s devices. Also won dismissal of class action invoking state video privacy statutes challenging the same provider’s retention of information regarding video-watch activities of consumers using the provider’s platform.