Kristen Mathews

Kristen is at the forefront of complex privacy and cybersecurity issues, advising clients on compliance with data privacy laws at the state, federal and international levels. Her skills and knowledge are sought by companies across industries to address a broad range of legal and advisory needs covering regulatory compliance, contracts, cybersecurity preparedness and incident response.

Kristen’s industry knowledge is vast, with more than 20 years of experience advising clients in the sectors of technology, financial, retail, consumer products, healthcare, insurance, media, education, auto, utilities, sports and hospitality.

Her privacy and cybersecurity experience includes guiding clients on compliance with data privacy laws, such as laws that regulate the collection, use and sharing of personal and experiential information about individuals, financial privacy, data monetization, adtech, neurotech, kid and teen tech, biometrics, genetic privacy, direct marketing, artificial intelligence (AI), ethical tech, and environmental, social and governance (ESG). She also addresses data issues in critical transactional matters – such as M&A deals and important commercial services agreements – and helps clients prevent, prepare for and respond to cybersecurity breaches.

Kristen has built a reputation as a thought leader on privacy issues with the development and use of AI, establishing herself as one of the top lawyers in her field. She advises leaders on cutting-edge projects involving licensing data to train AI, collecting consumer consents for the use of their data to train AI and to make decisions that affect their lives using AI, and compliance with emerging laws regarding AI. Additionally, she serves on the board of a nonprofit organization whose mission is to promulgate ethical guidelines for the use of AI by companies.

Chambers has ranked Kristen since 2010, and The Legal 500 US has recognized Kristen for her singular work, naming her in its Hall of Fame for Cyber Law since 2017. In the words of her clients, “[Kristen is] by far the most knowledgeable data privacy and data protection lawyer one can work with,” and they note her for demonstrating “leading ‘expertise’ in the full spectrum of privacy, data protection, and cybersecurity law” (The Legal 500 US, 2022). Clients also praise her global reach and high caliber work, saying, “[Kristen] helps clients to adapt their policies to different jurisdictions with widely varying data protection laws.” In addition, clients regard her for “offering tailored solutions based on client needs” (The Legal 500 US, 2022), and conclude, “Kristen Mathews stands out as one of the most skilled and competent lawyers we have ever worked with. She is unmatched among any cyber law lawyer and collaborates deftly across teams” (The Legal 500 US, 2023). Chambers has consistently ranked Kristen for her outstanding client service and extensive knowledge of the data privacy and cybersecurity space. She is accredited by the International Association of Privacy Professionals (IAPP) and has been a certified information privacy professional (CIPP) since 2005.

Kristen’s favorite kind of client is the quintessential Cooley client: tech-forward, innovative, practical and producing novel technologies to fill society’s unmet needs.

Kristen’s recent work examples include:

• Assisted a global business-to-consumer (B2C) company in investigating, responding to and defending claims brought in relation to a cybersecurity data breach that affected a large volume of consumers and other businesses
• Assisted a big tech company to determine youth protection enhancements for its product offerings
• Assisted dozens of consumer businesses in determining and implementing practical plans of action to comply with myriad state consumer privacy laws
• Advised an AI startup company regarding the collection of consent from individuals to collect their personal information to train an AI product, and regarding its licensing of training data and AI models to other businesses
• Alongside her busy practice, Kristen uses her privacy knowledge to provide pro bono services; she has worked with nonprofits that help individuals and families improve their economic and social well-being and has advised charities on incident response following cyber and ransomware attacks

Kristen continues to be at the forefront of developments in privacy and cybersecurity as ever-changing issues affect businesses around the world.