Litigation is rarely a first choice. I work to solve our clients’ problems efficiently, aggressively and strategically – whether in the marketplace, media, government agencies, legislatures, courts or all of the above.
About Travis
Travis co-chairs Cooley’s global cyber/data/privacy practice. He is a top authority on cybersecurity, data privacy, telecommunications, and the regulation of emerging and innovative technologies. Drawing on his broad experience in federal and state government, he helps clients manage regulatory and litigation risk, as well as strategically respond to data breaches, cyberattacks, nation-state attacks, dissemination of stolen data, misinformation campaigns and government enforcement efforts, including those by the Federal Trade Commission (FTC), Federal Communications Commission (FCC) and state attorneys general.
In addition to advising boards of directors and senior corporate officers on crisis management, internal investigations, information governance and national security matters, Travis counsels clients on antitrust investigations, telecommunications strategies and regulatory enforcement responses. The respect and skills Travis has earned during his career have translated into appointments across the political spectrum, including his selection by the US Department of Commerce and the European Commission to serve as an arbitrator for the EU-US Privacy Shield Framework and his unanimous US Senate confirmation to the US Privacy and Civil Liberties Oversight Board.
With his broad understanding of technology, media and telecommunications, as well as his senior government experience at the national and state levels, Travis is uniquely positioned to advise and represent clients in litigation on a range of data privacy, cybersecurity and information management issues, including data breaches, class actions and government enforcement actions. Travis has assisted clients with federal and state telecommunications needs, including FCC proceedings and regulations and merger reviews. He has worked with Congress and other regulatory agencies on behalf of clients and advocated for emerging and established technology companies before regulatory bodies. He also has worked closely with senior officials at other federal, state and international agencies, including the FTC, US Securities and Exchange Commission (SEC), Consumer Financial Protection Bureau (CFPB), Department of Justice (DOJ), all 50 state attorneys general, and data protection authorities (DPAs) across the globe. His deep understanding of the regulatory and legal landscapes helps Travis strategically respond to and favorably resolve government inquiries and legal disputes.
Travis currently serves on the US Privacy and Civil Liberties Oversight Board (PCLOB), a position he has held since 2019 after being nominated by then-President Donald Trump and confirmed by the Senate. Travis was renominated to the board by President Joseph Biden in 2022. Travis is the only former chief of the FCC’s Enforcement Bureau in private practice. As former chief of the FCC’s Enforcement Bureau during the Obama administration, Travis spearheaded hundreds of enforcement actions involving consumer issues, such as false advertising and the Telephone Consumer Protection Act (TCPA), unfair competition, regulatory compliance, and fraud, waste and abuse of government programs.
Travis previously served as a senior adviser to former California Attorney General (now Vice President) Kamala Harris and as special assistant attorney general of California, where he oversaw the state’s complex policy and litigation in areas including technology regulation, high-tech crime, cybersecurity, privacy, intellectual property, antitrust, healthcare, telecommunications and human trafficking. Before this high-profile California role, he served during the Obama administration as an attorney in the DOJ’s Office of Legal Counsel, which advises the president, attorney general and executive branch agencies on the constitutionality and legality of US government programs and activities.
Travis’s background and leadership roles, as well as his practice at leading law firms, have translated into advising clients – both nationally and globally – on responding to and finding solutions for novel local, state, federal and cross-border issues. He also has represented companies, boards, founders, CEOs, executives and other prominent individuals in a diverse array of complex and bet-the-company civil litigation, government investigations and advisory matters.
Travis’s notable representative experience includes:
FTC and state attorney general investigations
- Representing a high-profile celebrity in connection with the FTC’s compliance guidelines for social media influencers
- Representing Tapjoy in an FTC investigation of mobile advertising practices in connection with virtual rewards
- Representing an online dating application in an FTC and state attorney general investigation relating to privacy and data security
- Representing a videoconferencing service provider in FTC, state attorneys general and international regulatory investigations concerning the company’s privacy and security practices
- Representing a top on-demand mobile application company in an FTC investigation involving a data breach
- Representing a social media company in a state attorney general investigation of children’s privacy in relation to the Children’s Online Privacy Protection Act (COPPA)
- Representing a multichannel video programming distributor in connection with a multistate antitrust merger review by 20 state attorneys general
- Representing a fintech company in connection with a California attorney general investigation of data privacy and security practices
- Representing an online gaming company in connection with a California attorney general investigation of online gambling
- Defending a leading customer engagement platform against an FTC and Washington attorney general investigation into the company’s policies and practices related to Apple’s AppTracking Transparency framework and compliance with COPPA requirements
Privacy and data breach litigation
- Representing a California technology company in a privacy class action involving physical surveillance
- Defending Chegg in mass arbitration litigation arising from a 2018 data breach impacting 40 million users
- Defending FabFitFun in a class action lawsuit arising from a breach of credential and payment card information
- Securing a full dismissal for Google in a putative class action lawsuit asserting that Google’s Cloud Contact Center AI technology (CCAI) violates the California Invasion of Privacy Act (CIPA).
- Defending against numerous mass arbitration claims involving privacy and cybersecurity
- Representing Marsh McLennan in a class action lawsuit filed in the US District Court for the Southern District of New York arising out of a cyberattack
- Representing a prominent global business figure in a national security investigation and litigation arising from a nation-state cyberattack and resulting misinformation campaign
- Defending a data analytics company against a putative class action resulting from an exposure of millions of voter records by a cybersecurity researcher, successfully securing the lawsuit’s dismissal
Data privacy counseling
- Serving as general privacy and security counsel to a leading technology company that innovates in the areas of education, science, justice and opportunity
- Representing a multinational group of software companies in an investigation by the California attorney general into the group’s compliance with the California Consumer Privacy Act (CCPA)
- Advising numerous public and private companies on data privacy compliance and transactional risk
Cyber preparedness
- Advising the board and senior officers of Foot Locker on cyber preparedness
- Serving as outside counsel to the cyber risk committee of a major public company
- Representing a major global law firm as outside cybersecurity counsel
- Counseling public company clients on the SEC’s cybersecurity guidelines and proposed rules
Incident response
- Representing the State Bar of California in connection with a high-profile data breach
- Representing a multinational technology company in connection with a cyberattack, ransom negotiations and global notifications
- Representing a major defense contractor in response to a former employee who exfiltrated a large amount of financial data outside of the company
- Counseling numerous clients through data breaches, ransomware events, business email compromises and other cyberattacks
Platform enforcement
- Representing DraftKings in litigation seeking to unmask and punish parties linked to a distributed denial-of-service (DDoS) attack on its website
- Representing Facebook and WhatsApp in a lawsuit against Israeli cyber-intelligence firm NSO Group alleging that NSO exploited a vulnerability in the encrypted messaging app to infect more than 1,400 phones with malware
- Representing an online real estate technology company in litigation seeking to identify parties that unlawfully distributed the company’s confidential information
- Advising a gig economy online delivery service in an investigation of users who were cheating to secure in-demand assignments
- Representing Prodege in John Doe litigation against an anonymous individual harassing Prodege employees online
Cryptocurrency and blockchain
- Defending Coinbase in class action litigation arising from an online sweepstakes related to cryptocurrency
- Defending a high-profile celebrity in a class action involving the promotion of cryptocurrency through social media
FCC regulatory and enforcement
- Supporting several clients in responding to and defending against TCPA demands
- Representing T-Mobile before a state attorney general and public utilities commissions in its merger with Sprint
- Representing a global light-emitting diode (LED) manufacturer in an FCC enforcement investigation
- Representing a counter-unmanned aerial systems manufacturer company in an FCC regulatory investigation
- Representing a broadcasting company in a financing dispute with another broadcaster and a financial institution
Publications and presentations
- Speaker, International Association of Privacy Professionals (IAPP) Data Privacy Day and 2024 Predictions, January 22, 2024
- Speaker, The PCLOB Report Section 702, “The Lawfare Podcast,” October 17, 2023
- Speaker, The PCLOB Report Section 702, The Volokh Conspiracy’s “Cyberlaw Podcast,” October 16, 2023
- Speaker, The SEC’s Final Cybersecurity Rules Roundtable: What You Need To Do, Cooley event, September 20, 2023
- Panelist, From DPO to Data Ethics Officer, Don’t Fall Behind!, IAPP Asia Privacy Forum, July 20, 2023
- Moderator, American Law Institute 2023 Annual Meeting, May 22, 2023
- Panelist, Litigation in Privacy and Data Security, Practising Law Institute 24th Annual Institute on Privacy and Cybersecurity Law, May 8, 2023
- Panelist, Regulatory Spotlight: SEC, Incident Response Forum Masterclass, April 20, 2023
- Panelist, Cross Border Data Woes: US-EU Data Privacy Framework Update, Interactive Advertising Bureau (IAB) Public Policy & Legal Summit, April 3, 2023
- Speaker, FISA Section 702, “The Lawfare Podcast,” March 24, 2023
- Speaker, Fireside chat, State of the Net Conference, March 6, 2023
- Panelist, Ransomware Attacks Before and After: Preparation, Governance, Training and Remediation, Incident Response Forum Ransomware, January 12, 2023
- Panelist, Analyzing the EU-US Data Privacy Framework – Expert Panel, SPOKES Virtual Privacy Conference Winter, December 14, 2022
- Panelist, The CPPA: Shaping the Nation’s Privacy Laws, Cybersecurity and Data Protection, September 13, 2022
- Panelist, Closing Session and Privacy Predictions for 2023, SPOKES Privacy Technology Conference Summer 2022, June 23, 2022
- Speaker, Virtual DC Fly-In fireside chat, IAB event, June 15, 2022
- Panelist, GDPR Four Years on the Road: The 10 Key Developments You Should Know, Cooley Privacy Talks series, June 7, 2022
- Speaker, 2022 Fintech Forum, June 7, 2022
- Panelist, Incident Response Panel: Ransomware Attacks, Incident Response Forum Masterclass 2022, April 21, 2022
- Speaker, Stanford Cybersecurity Law: A View From the Front Lines, Stanford Cyber Policy Center session, April 7, 2022
- Panelist, Finding Your Flow as a Global Organization: Avoiding Pitfalls and Navigating the Dynamic Environment of International Expansion, TechGC 2022 DeputyGC National Summit, March 17, 2022
- Panelist, The Colonial Pipeline Data Breach – A Case Study, American Bar Association Criminal Justice Section’s 37th National Institute on White Collar Crime, March 3, 2022
- Panelist, Privacy Best Practices and Recent Regulatory Developments, World Bank Data Privacy Day 2022 virtual event, January 27, 2022
- Panelist, Ransomware 2.0: Responding to Exfiltration/Name and Shame, Incident Response Forum Ransomware, January 13, 2022
- Panelist, Wading Through State Privacy Compliance: From CPRA and Beyond, 45th Annual IP Institute: Shifting Tides – Intellectual Property in a Changing World, California Lawyers Association, November 9, 2021
- Panelist, National Security and Privacy: Recent Developments and Emerging Challenges, SPOKES Privacy Conference Summer 2021, June 29, 2021
- Panelist, GDPR Three Years on the Road: 10 Key Developments, GDPR Turns Three – Myths and Must-Haves, Cooley virtual event, May 25, 2021
- Panelist, Incident Response – State of Play, Incident Response Forum Masterclass, April 8, 2021
- Speaker, International Data Flows Post Schrems-II: What to Expect and What to Forget, Trustarc Privacy Risk Summit, March 10, 2021
- Speaker, “CyberWire Daily” (The CyberWire Podcast), November 2, 2020
- Panelist, Systematic Bias: AI as Cause and Cure, American Bar Association Section of Science & Technology Law Artificial Intelligence and Robotics National Institute, October 7, 2020
- Panelist, National Security and Incident Response, Incident Response Forum Europe 2020, September 24, 2020
- Speaker, CCPA Enforcement: Enter the AG (summit session keynote panel), IAPP Summit 2020, July 9, 2020
- Panelist, Back to the Future of Online Data Privacy, KnowIt: Intellectual Property in a Digital World, May 11, 2020
- Speaker, Incident Response Forum, April 14, 2020
- Panelist, International Data Flows Post Schrems-II: What to Expect and What to Forget, TrustArc Privacy Risk Summit, March 10, 2020
- Speaker, Incident Response Forum West 2020, January 30, 2020
Recognitions
- Chambers USA: Privacy & Data Security
- The Legal 500 US: Dispute Resolution – General Commercial Disputes
- The Legal 500 US: Telecoms and Broadcast – Regulatory and Transactions
- Cybersecurity Docket: Incident Response 30 (list of the 30 best and brightest data breach response lawyers)
- The Daily Journal: Top Cyber Lawyer
- The Daily Journal: Top 100 Lawyers in California
- The National Law Journal: Cybersecurity & Data Privacy Trailblazer
Government service
- US Privacy and Civil Liberties Oversight Board (PCLOB), board member
- EU-US Privacy Shield Framework, arbitrator
- FCC Enforcement Bureau, chief
- California Department of Justice, special assistant attorney general
- US DOJ’s Office of Legal Counsel, attorney adviser
- US Court of Appeals for the Ninth Circuit, appellate lawyer representative
Clerkships
- Judge Stephen Reinhardt, US Court of Appeals for the Ninth Circuit
Education
Yale Law School
JD
University of Cambridge
LLM, International Law
Harvard Kennedy School
MPA, Public Administration
Princeton University
AB, Philosophy, Politics and Economics, with honors
Court admissions
US Court of Appeals for the District of Columbia Circuit
US Court of Appeals for the Second Circuit
US Court of Appeals for the Ninth Circuit
US District Court for the District of Columbia
US District Court for the Northern District of California
US District Court for the Central District of California
US District Court for the District of Maryland
Rankings and accolades
Chambers USA: Privacy & Data Security: Litigation – Nationwide (2023 – 2024)
Chambers USA: Privacy & Data Security – Nationwide (2021 – 2024)
The Legal 500 US: Next Gen Partner for Cyber Law (Including Data Privacy and Data Protection) (2023)
Daily Journal: Top Cyber Lawyer, 2019-2022
Daily Journal: Top 100 Lawyers in California, 2021-2022
The National Law Journal: Cybersecurity & Data Privacy Trailblazer
Co-chair of the American Bar Association’s National Institute on Cybersecurity Law, 2018-2022
Georgetown Cybersecurity Law Institute Advisory Board, 2018-2022
Incident Response 30 by Cybersecurity Docket, 2018-2022
Memberships and affiliations
American Bar Association (ABA)
American Law Institute
Center for Democracy and Technology, board member
Electronic Privacy Information Center EPIC Advisory Board, board member
Center for Information Technology Policy at Princeton University, advisory counsel
MLex Advisory Board, board member
American Bar Association’s National Institute on Cybersecurity Law, co-chair
Georgetown Cybersecurity Law Institute Advisory Board, board member