About the IAPP

Edward McNicholas leads Ropes & Gray’s global data, privacy & cybersecurity practice. He represents technologically sophisticated clients facing complex data, privacy, and cybersecurity issues in litigation, investigative, and counseling matters. His clients include financial institutions, technology companies, insurance companies, branded pharma companies, healthcare providers, data brokers, and e-commerce retailers.

Ed has significant experience with investigations and class action litigation related to cybersecurity incidents, as well as enforcement actions by the FTC, state Attorneys General, the SEC, OCR, Data Protection Authorities outside of the U.S., and other government agencies. He leads internal investigation and litigation matters that frequently involve complex, multi-jurisdictional, and multi-national litigation issues, particularly federal court jurisdictional and constitutional concerns related to the First and Fourth Amendments. Ed has experience dealing with Internet and information law matters involving data breaches, ransomware, Internet governance, and national security issues.

Ed also advises clients on the full range of federal, state and foreign privacy and data security requirements including in the areas of financial privacy, health care privacy, communications privacy, ad-tech, artificial intelligence / machine learning, cybersecurity, and national security. He frequently helps companies design global data governance programs to allow for efficient data transfers across corporate entities governed by multiple privacy regimes, such as US privacy laws, including the Gramm Leach Bliley Act, FCRA, HIPAA, TCPA, and the California Consumer Privacy Act (CCPA), as well as the EU’s General Data Protection Regulation (GDPR) and the various privacy and cybersecurity regimes in China and across Asia.

Ed previously served as an Associate Counsel to President Clinton. In that capacity, he advised senior White House staff regarding various Independent Counsel, congressional and grand jury investigations. Ed has developed unique experience representing clients facing media-driven legal challenges. His crisis management skills are particularly useful in coordinating the swirl of complex litigation, congressional hearings, and federal and state investigations that can follow from major privacy and cybersecurity incidents.

Ed is a frequent commentator on privacy, data security, and information law issues and has written extensively on various information law and civil liberties topics for a variety of publications. He is the lead editor of the PLI treatise Cybersecurity: A Practical Guide to the Law of Cyber Risk, now in its second edition, as well as several other works.