Lisa chairs the firm’s top-ranked global privacy and cybersecurity practice and is the managing partner of the firm’s New York office.
Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. Chambers USA quotes clients who call her a “market leader,” noting that she is “widely considered the best.” Another client reported that “she is a strong leader with fantastic advice. She does great work on advisory boards and her leadership in the industry has really moved it forward.” Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, which is given to only one lawyer each year for exceptional achievements, and noted that a peer enthused, “Lisa Sotto is a legend.” Clients have called Lisa “the high priestess of privacy” and “the queen of breach.” She was named among The National Law Journal’s “100 Most Influential Lawyers,” an honor bestowed on practicing attorneys who are making the biggest impact in the legal world.
A preeminent lawyer and dynamic problem solver, Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She advises clients on the California Consumer Privacy Act of 2018, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Through the firm’s privacy and security in M&A transactions team, Lisa also guides clients on risks and potential liabilities associated with inadequate privacy and data security practices in high-stakes corporate transactions. She conducts all phases of online and offline privacy assessments and information security policy audits. She also develops corporate records management programs, including policies, records retention schedules and training modules.