LiisaM.

Thomas

• Selected to serve on multiple IAPP advisory boards, including the education advisory board, helping to develop training content for privacy professionals.
• Serve as a faculty trainer for IAPP, conducting privacy compliance training for global audiences.
• Supported hundreds of clients, including Fortune 100 and 500 firms, launch privacy and data security compliance programs that navigate the complex legal patchwork.
• Develop compliance approach for consumer-facing companies to address the ongoing and developing patchwork of US “comprehensive” laws, including financial incentives assessments, addressing loyalty program requirements, and provision of consumer rights of access, correction and deletion.
• Assisted financial services firm with global privacy and data security assessment, including implementation of remediation plans.
• Provided guidance to education platform regarding compliance with children's privacy law issues, including compliance with COPPA, FERPA and state laws.
• Advised client contracting with schools on methods to address federal and state student privacy laws.
• Served as lead counsel in massive ransomware incident, guiding client through forensic investigation to notification.
• Developed cross-border data transfer programs for multiple Fortune 100 and Fortune 500 companies.
• Helped a U.S.-based multinational corporation create binding corporate rules.
• Created data breach assessment and notification programs (both post-breach and pro-active pre-breach plans) for Fortune 100 companies.
• Provide data incident response coaching for clients for a wide variety of incidents, including phishing, ransomware, malware, and insider threat.
• Assist clients in developing e-mail marketing campaigns, text message campaigns, pre-recorded call campaigns and online information collection programs in compliance with a wide variety of privacy and advertising laws.
• Develop internal policies for safeguarding personally identifiable information gathered online and from employees.
• Develop privacy compliance policies, procedures, monitoring programs and reporting plans.
• Conduct internal trainings for business teams on privacy and advertising law requirements.

Privacy and Data Security Recognitions

• Illinois Super Lawyer, Super Lawyers, 2026
• Lawyer of the Year, Privacy and Data Security Law (Chicago) 2022, 2026 and Best Lawyers in America, Best Lawyers, 2020-2026
• Leading Lawyer, Chambers Global, Privacy & Data Security, 2015-2026; Leading Lawyer, Chambers USA, Nationwide Privacy & Data Security, 2014-2025; Leading Lawyer, Chambers Illinois, Media & Entertainment: Transactional, 2013-2018
• Leading Lawyer, Leading Lawyers, 2016-2022, 2025
• Hall of Fame (2020-2025), Leading Partner (2016-2021), Recommended Lawyer (2022-2025) - Cyber Law, Legal 500
• Top Intellectual Property, Media & Advertising Lawyer, Super Lawyers, 2006, 2018-2025
• Leading Global Cyber Lawyers list, Lawdragon, 2024-2025
• Who's Who Legal: Data, 2024-2025
• Notable Women in Law, Crain’s Chicago Business, 2018, 2020, 2022, 2024
• Named to Cybersecurity Docket's "Incident Response 50" (2023-2024), "Incident Response 40" (2021-2022) and "Incident Response 30" (2016, 2018), honoring the best and brightest data breach response lawyers in the business
• Notable Minorities in Accounting, Consulting & Law, Crain’s Chicago Business, 2020
• Leading Woman Lawyer, Chicago Lawyer Magazine’s Diversity Issue, 2018
• "Data Protection Lawyer of the Year – USA," Global 100, 2017
• "U.S. Data Protection Lawyer of the Year," Finance Monthly, 2017
• "Best in Data Security Law Services," Corporate LiveWire’s Global Awards, 2017
• Recipient, National Law Journal's Cybersecurity Trailblazer Award, 2016
• Recipient, Lexology/ILO's Client Choice Award for IT and the Internet, 2016

Thought Leadership Recognitions

• Thought Leading Co-Author, Data Protection - U.S., Mondaq, Spring 2025
• Top Author, JD Supra Readers' Choice Awards, 2023-2026
• Leading Author - Data Privacy and Protection and Technology, Media and Telecommunications, Lexology Legal Influencers, Q4 2024
• Thought Leading Author, Data Protection - UK, Mondaq, Spring 2024
• Thought Leader on Cybersecurity, National Law Review, 2019

Other Recognitions

• Sheppard Mullin's Diversity and Inclusion Award, 2022
• Legacy Award, Illinois Legal Aid Online, 2020

• Co-Chair, National Association of Women Lawyers
• 2026 Cybersecurity & Privacy Editorial Advisory Board, Law360
• Training Advisory Board, International Association of Privacy Professionals (IAPP)
• Member of the Board of Trustees, Chicago Symphony Orchestra (CSO)
• Board member, FGLI (First-Generation, Lower-Income) Consortium
• Subcommittee Chair, INTA Building Bridges Committee, International Trademark Association
• Member, International Association of Privacy Professionals
• Member, Women’s Foodservice Forum
• Adjunct Professor, Northwestern University School of Law
• Member, Leading Lawyers Network
• Violinist, Chicago Bar Association Symphony Orchestra

• Speaker, "Which Rights for Which Data? A Legal Take on the Big Data Landscape," INTA The Business of Data Conference, March 22, 2023
• Coffee Chat with Liisa Thomas
  Northwestern Law and Technology Initiative, July 12, 2022

• Panelist, “Legal trends to watch: from influencer missteps to privacy pitfalls,” Ad Age Next: CMO Conference, December 1, 2021

• Speaker and faculty, “Technotainment” 2021: Distributing Content Across Multiple Platforms, Practising Law Institute, September 17, 2021

Liisa is a trusted authority and frequent thought leader on privacy, data security, and corporate compliance topics. She regularly advises C-Suite executives and in-house legal teams at Fortune 500 companies on these issues, as well as speaking at leading industry organizations and writing extensively for respected legal and business publications. She has authored two treatises with Westlaw (a division of Thomson Reuters), Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification and Thomas on Big Data: A Practical Guide to Global Privacy Laws, both recognized as no-nonsense roadmaps for in-house and legal practitioners. As the editor of the firm’s Eye on Privacy blog, Liisa works with her team to provide timely updates and practical guidance on global privacy, cybersecurity, digital advertising, compliance and regulatory developments. Examples of some of her publications and speeches, which provide overviews of innovative approaches for addressing privacy and security compliance, critical issues for enterprise privacy programs, and more, are listed below:

• “ 3 Change Management Tools to Boost Compliance Efforts,” Law360, April 2025
• “7 Steps to Sell Corporate Leadership on Privacy Compliance,” Law360, January 2025
• “Change Management Can Help Leaders Get On Board With Compliance,” Bloomberg Law, March 2025
• “Firms Must Rethink How They Train New Lawyers In AI Age,” Law360, June 2024
• “State Privacy Laws: Not As Comprehensive As You May Think,” Law360, September 2023
• “ Dark Patterns  -- How Brands Can Avoid Deceptive User Interfaces in Ad Campaigns,” AdAge, March 2023
• "Identifying and Preparing for Privacy and Cyber Security Risks," Risk & Compliance Magazine, July-Sept 2021 issue
• "How to Take a Holistic Approach to Privacy Compliance in an Ever-Changing Legal Landscape," Global Data Review, January 14, 2021
• "Dealing with US Biometric Laws and Litigation," Data Protection Leader, May 2018
• " USA - Behavioural Advertising," Data Guidance, May 8, 2017