Photo of Kristin Bryan

Kristin Bryan is a data privacy and cybersecurity litigator experienced in the resolution of complex disputes.

Kristin has deep expertise defending clients in federal class action and multidistrict litigations concerning allegations that their practices violated federal and state privacy laws. This includes in the context of data breach and incident response litigation. As a natural extension of her experience litigating data privacy disputes, Kristin also provides practical, business-oriented privacy advice to a wide range of clients and has represented them in government investigations regarding their privacy practices.

Kristin is CIPP/US certified and routinely publishes and speaks on cutting-edge developments in data privacy and cybersecurity litigation. Kristin is currently the co-chair of the International Association of Privacy Professional (IAPP)’s KnowledgeNet Chapter for Cleveland and on the IAPP’s Privacy Bar Advisory Board. She is a 2020-21 Vice Chair of the ABA TIPS Cybersecurity and Data Privacy Committee and managing editor of Squire Patton Boggs’ data privacy blog Consumer Privacy World.

Prior to joining the firm, Kristin worked at an international law firm in New York, specializing in Data Strategy & Security.

View full website bio.

Data privacy litigators have their eye on the Supreme Court going into the end of the month as we wait for the Court’s opinion in Ramirez v. TransUnion.  And when the decision is issued, CPW will be there in real time to fill you in.  In the meantime, below is a refresher of the facts

A recent Illinois Supreme Court opinion found that the coverage afforded for personal or advertising injuries in business owners’ liability policies may apply to claims under the state’s Biometric Information Privacy Act (“BIPA”).  We anticipate this decision will have a significant impact in this area going forward.  West Bend Mutual Insurance Company v. Krishna Schaumburg

In case you missed it, below is a summary of recent posts from CPW.  Please feel free to reach out if you are interested in additional information on any of the developments covered.

New York Biometric Law Goes into Effect Next Month: Alan Friel and Niloufar Massachi Tell Businesses What They Need to Know |

Following up on our prior coverage (see here and here), this week a federal court denied Plaintiffs’ request for the first-ever injunction under BIPA In re: Clearview AI, Inc. Consumer Privacy Litigation, Case No. 1:21-cv-00135 (N.D. Ill).  Read on for the scoop.

Recall that Clearview collects publicly-available images on the Internet and organizes

Readers of CPW are invited to join a complimentary webinar on June 28 at 12 pm EST with CPW’s Alan Friel and Glenn Brown as part of Squire Patton Boggs (US) LLP’s next monthly Venture Law Meetup Webinar. Partner Tom Reems will moderate a discussion between partners Alan Friel and Glenn Brown entitled “Why Data

As reported in greater detail at the Security & Privacy Bytes blog by Alan Friel and Katie Sharpless, “[t]he deadline is fast approaching for businesses that buy, receive, sell, or share the personal information of 10 million or more California consumers to report their California Consumer Privacy Act (“CCPA”) rights requests metrics. On July

Last month, a federal court addressed the kind of harms that need to be included in a plaintiff’s complaint asserting claims under the Fair Credit Reporting Act (“FCRA”) and Fair Debt Collection Practices Act (“FDCPA”) to survive a motion to dismiss.  Magruder v. Capital One, Nat’l Ass’n, 2021 U.S. Dist. LEXIS 94804 (D.D.C. May

In the aftermath of the Supreme Court’s Van Buren decision this month and its resulting impact on data privacy litigation, the Supreme Court ordered the hiQ/LinkedIn data scraping saga to be remanded back to the Ninth Circuit.

Recall that in March 2020, LinkedIn filed a petition for a writ of certiorari, raising

At Security and Privacy Bytes, Alan Friel and Niloufar Massachi have a detailed, must-read analysis of two recent New York biometric laws, both of which set forth requirements when it comes to processing of biometric data that expand consumers’ rights.  As they explain “[r]egulations governing biometric data collection, use, and processing have already been