A clear, but unfortunate, trend has emerged in recent years: with increasing frequency, data privacy issues lead to litigation, or at least the threat of litigation, even where actual damages are non-existent. To make matters worse, the legal landscape continues to evolve on critical issues, such as whether the mere fact of having had your personal information disclosed or obtained without authorization is sufficient to confer standing to sue in federal court. Furthermore, the legal evolution is not always in favor of the defendants. In fact, plaintffs’ counsel continue to argue that the increased risk of future injury from identity theft following a data breach is actionable even in the absence of actual damages.

At McDonald Hopkins, we have a team of over 20 data privacy attorneys located in multiple offices with the expertise, resources, and experience to help you navigate this dynamic environment. In fact, we have advised clients on over 2,400 privacy incidents and over 200 regulatory investigations nationwide. If data privacy litigation is threatened or filed, we are fully equipped to aggressively defend you anywhere in the country.

While our defense will be zealous, it will also be deliberate. A client is best served through objective counsel. Where we believe a case should be settled, we will advise you of that at the earliest opportunity and, with your support, employ a litigation strategy designed to achieve that result.

Regardless of whether your case is resolved in the courtroom or the conference room, our goal is to always obtain the best possible outcome, as defined by you, for your data privacy litigation.


We have handled data privacy litigation on behalf of a wide variety of both large and small companies in numerous industries, including, but not limited to, healthcare, financial services, transcription, and manufacturing. These cases have ranged from single-plaintiff negligence claims, to multi-count class actions involving thousands of putative class members arising from large-scale breaches and data privacy statutes, such as Illinois’ Biometric Information Privacy Act.


Our experience has taught us that although your organization may be statutorily required to provide notice of a breach, it may not be at fault for the incident itself. As part of your defense, we will investigate every possible option to minimize or eliminate altogether your potential liability, including seeking indemnification, contribution or other relief from third parties. Where third-party liability exists, we are adept and knowledgeable in prosecuting claims on your behalf to help mitigate the costs and consequences associated with data privacy litigation.


  • Obtained dismissal of a class action case on behalf of a hospital system following an alleged data breach potentially affecting thousands of patients.
  • Won dismissal of class claims on behalf of a hospital business associ­ate regarding alleged disclosures of patient PHI.
  • Obtained dismissal of a class action case on behalf of the mortgage services arm of an American international banking and financial services holding company following an alleged data breach.
  • Defended class claims under Illinois’s Biometric Information Privacy Act.
  • Successfully resolved numerous other data breach/privacy lawsuits on behalf of companies in the healthcare, technology, and construction industries.




Key Practice Contacts

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.