Photo of Kristin Bryan

Kristin Bryan is a data privacy and cybersecurity litigator experienced in the resolution of complex disputes.

Kristin has deep expertise defending clients in federal class action and multidistrict litigations concerning allegations that their practices violated federal and state privacy laws. This includes in the context of data breach and incident response litigation. As a natural extension of her experience litigating data privacy disputes, Kristin also provides practical, business-oriented privacy advice to a wide range of clients and has represented them in government investigations regarding their privacy practices.

Kristin is CIPP/US certified and routinely publishes and speaks on cutting-edge developments in data privacy and cybersecurity litigation. Kristin is currently the co-chair of the International Association of Privacy Professional (IAPP)’s KnowledgeNet Chapter for Cleveland and on the IAPP’s Privacy Bar Advisory Board. She is a 2020-21 Vice Chair of the ABA TIPS Cybersecurity and Data Privacy Committee and managing editor of Squire Patton Boggs’ data privacy blog Consumer Privacy World.

Prior to joining the firm, Kristin worked at an international law firm in New York, specializing in Data Strategy & Security.

View full website bio.

In case you missed their presentation this week to the Association of Corporate Counsel, the webinar given by CPW’s Alan Friel, Kyle Fath and Kristin Bryan was recorded and is now available here.  In it they cover an update on new US privacy laws, including for California, Colorado and Virginia (among others), as well

As Ann LaFrance, Alan Friel, Elliot Golding, Kyle Fath, Glenn Brown, Kyle Dull, Niloufar Massachi, Amber Mulcare, and Gicel Tomimbang explain in a comprehensive expert analysis, recent changes in US consumer privacy laws that will require most US businesses to make material changes to their privacy compliance and information governance programs by January 1,

Since this summer CPW has declared session replay software litigation predicated on violation of state wiretap statutes as dead in the water.  Judges apparently agree.  Earlier this month yet another court kicked to the curb a session replay software dispute that asserted violations of Florida’s wiretap law, the Florida Security of Communications Act (“FSCA”). 

Early in the summer, owners of the Colonial Pipeline were hit with a putative class action that was filed in federal court in Georgia.  Dickerson v. CDCP Colonial Partners, L.P., Case No. 1:21-cv-02098 (N.D. Ga.).  As a short recap, a ransomware attack carried out by cybercriminals crippled the Colonial Pipeline’s functionality.  The Pipeline

Currently pending before the Seventh Circuit Court of Appeals is the important question of when a claim under the Illinois Biometric Information Privacy Act (“BIPA”) accruesCothron v. White Castle, No. 20-3202 (7th Cir.)  In another litigation CPW previously identified, a panel for the Illinois Court of Appeals recently addressed whether BIPA

Last month, T-Mobile disclosed that it had been targeted in a cyberattack that resulted in the compromise of some current, former and prospective customers’ SSN, name, address, date of birth and driver’s license/ID information.  According to T-Mobile, “the breach did not expose any customer financial information, credit card information, debit or other payment information.”  However,

In case you missed it, below is a summary of recent posts from CPW.  Please feel free to reach out if you are interested in additional information on any of the developments covered.

Cothron v. White Castle: A Closer Look at One of the Most Important Data Privacy Litigations of 2021 | Consumer Privacy World

As  David Goh and Beibei Xu explain in a detailed analysis here “On August 16, 2021, China’s first regulation on automotive data security, Provisions on the Security Management for Automotive Data (Trial Implementation) (hereinafter referred to as the “Provisions”), was unveiled and goes into effect on October 1, 2021. The Provisions establish a preliminary compliance

In June, we discussed a putative class action filed in the Eastern District of Pennsylvania concerning a data breach involving COVID-contact tracing data.  Following the Plaintiff’s filing of an amended complaint, the remaining Defendant has now moved to dismiss on both standing and substantive grounds.  Read on below.

To recap the alleged facts underlying this

Since it was enacted just over a year ago, companies have had to deal with the uncertainties surrounding how to interpret the California Consumer Privacy Act (“CCPA”) and the circumstances that might subject them to penalties and fines for violating the CCPA.  As CPW readers are already aware, in an effort to inform the marketplace