Photo of Kristin Bryan

Kristin Bryan is a data privacy and cybersecurity litigator experienced in the resolution of complex disputes.

Kristin has deep expertise defending clients in federal class action and multidistrict litigations concerning allegations that their practices violated federal and state privacy laws. This includes in the context of data breach and incident response litigation. As a natural extension of her experience litigating data privacy disputes, Kristin also provides practical, business-oriented privacy advice to a wide range of clients and has represented them in government investigations regarding their privacy practices.

Kristin is CIPP/US certified and routinely publishes and speaks on cutting-edge developments in data privacy and cybersecurity litigation. Kristin is currently the co-chair of the International Association of Privacy Professional (IAPP)’s KnowledgeNet Chapter for Cleveland and on the IAPP’s Privacy Bar Advisory Board. She is a 2020-21 Vice Chair of the ABA TIPS Cybersecurity and Data Privacy Committee and managing editor of Squire Patton Boggs’ data privacy blog Consumer Privacy World.

Prior to joining the firm, Kristin worked at an international law firm in New York, specializing in Data Strategy & Security.

View full website bio.

CPW covered the Colonial Pipeline cyberattack earlier this year, in which a ransomware attack carried out by cybercriminals crippled the Colonial Pipeline’s functionality.  The Pipeline was taken offline as a remedial measure, causing significant gasoline shortages across the Eastern United States (as a reminder, the Colonial Pipeline supplies the east coast of the United States

In the wake of Virginia and Colorado passing comprehensive privacy legislation this year, the Ohio legislature is similarly considering a privacy bill, albeit one that would impose fewer restrictions on businesses and does not include a private right of action.  The Ohio Personal Privacy Act (“OPPA”), was introduced yesterday by Republican state Reps. Carfagna,

In case you missed it, below is a summary of recent posts from CPW.  Please feel free to reach out if you are interested in additional information on any of the developments covered.

How the Colorado Privacy Act Compares to the California, Virginia and European Union Laws That Inspired It | Consumer Privacy World


As Alan Friel, Glenn Brown, Ann LaFrance, Kyle Fath, Elliot Golding, Niloufar Massachi and Kyle Dull explain in a comprehensive, 16-page analysis here, on June 8, 2021, the Colorado legislature passed SB 21-190, known as the Colorado Privacy Act (CPA or CO Act), which the governor signed into law on July 7, 2021.  The CO

This week new privacy legislation was signed by the Colorado governor–The Colorado Privacy Act, which will effect on July 31, 2023.  It requires businesses to give consumers the ability to access, correct, delete and opt out of the sale of their personal information or processing of this data for targeted advertising and profiling purposes.  However,

In a recent litigation and appeal involving claims under the Fair Credit Reporting Act (“FCRA”), the Ninth Circuit affirmed the district court’s grant of summary judgment to the defendant, in a win for CRAs named in similar litigation.  Leoni v. Experian Info. Solutions, 2021 U.S. App. LEXIS 17687 (9th Cir. June 14. 2021).  

As covered on Law360, “State legislatures and the U.S. Supreme Court left their marks on the privacy landscape in the first half of 2021, with Virginia and Colorado adding to the growing state privacy law patchwork and the nation’s high court delivering a pair of rulings that are expected to limit statutory privacy claims.”  Alan

CPW has previously covered In re Blackbaud, a data privacy multi-district litigation (“MDL”) created in December 2020 that is currently pending in the District of South Carolina.  The MDL was created to manage the claims of individuals and putative class representatives against Blackbaud, a cloud software company that was targeted in several ransomware attacks