Michelle Visser


San Francisco


Michelle Visser has extensive experience in defending companies that face the regulatory investigations, class action litigation, and payment card brand claims that frequently follow the announcement of cybersecurity incidents. In addition to litigating privacy and cybersecurity matters, Michelle has navigated numerous companies through their cybersecurity response, including by overseeing technical forensic investigations, advising on notification obligations and coordinating communication strategies.

When faced with an incident, companies call Michelle for crisis response with an eye toward potential litigation. Clients also look to Michelle for privacy and cybersecurity advice before a crisis is at hand. Michelle regularly takes the lessons learned from litigating privacy and cybersecurity matters to provide clients with proactive advice on how to structure their privacy and cybersecurity programs and incident response plans in ways designed to reduce legal exposure. Michelle is ranked as Up and Coming by Chambers USA Privacy and Data Security in 2020 for being equally capable in both compliance and enforcement elements of privacy regulation.

For her role in representing companies that have faced some of the most high-profile cybersecurity incidents and litigation to date, Michelle has been named an Up and Coming lawyer by Chambers USA since 2020, a Next Generation Lawyer by The Legal 500 in 2019, one of the “40 Under 40” in 2018 by the Global Data Review and a “Rising Star” by Law360 in 2015. She was also recognized as one of the “Women Leaders in Technology Law” by The San Francisco Recorder in 2015. Michelle is ranked by Chambers as Band 3 for USA Privacy & Data Security: Litigation and as Up and Coming for USA Privacy and Data Security: General for being equally capable in both compliance and enforcement elements of privacy regulation.

Michelle is also regularly turned to for defense against other types of class actions and complex litigation with experience in defending companies against securities, antitrust, and other commercial claims.

  • Privacy & Cybersecurity

    • Arby's. Representing Arby's in its defense of card issuer class action litigation stemming from a payment card incident announced in February 2017.
    • Acuant. Representing Acuant in defending a privacy class action alleging that Acuant violated the Illinois Biometric Information Privacy Act in connection with Acuant’s development and licensing of identity verification technologies.
    • Chegg. Representing Chegg in defending consumer class action litigation stemming from cybersecurity incident announced in September 2018.
    • Nordstrom. Represented Nordstrom in successfully compelling individual arbitration after a former employee filed a putative class action relating to a data mishandling incident announced in 2018.
    • LabMD. Represented LabMD in its successful petition to the U.S. Court of Appeals resulting in the first-ever court decision overturning an FTC cybersecurity action.
    • Ascension Data & Analytics. Represented Ascension in defending two consumer class actions stemming from a data security incident suffered by our client’s third-party vendor, where the named plaintiffs each ultimately filed a notice of voluntary dismissal of their claims.
    • Supervalu Inc. Represented Supervalu in responding to regulatory inquiries stemming from the data security breach that Supervalu announced in 2014.
    • Target. Represented Target in successfully resolving card brand claims and card issuer class action litigation stemming from the data security breach that Target announced in 2013.
    • Sony. Represented Sony and its various entities in investigating the data security breaches announced in 2011 and in responding to regulatory and card brand inquiries stemming from those security breaches.
    • Heartland Payment Systems. Represented Heartland in the FTC investigation stemming from the data security breach announced by Heartland in 2009, which the FTC closed without taking any action against the company.
    • The TJX Companies Inc. Represented TJX in securing a favorable settlement to terminate the investigation of a multi-state working group of 40 Attorneys General into the data security breach announced by TJX in 2007.

    Other Complex Commercial Litigation

    • PIMCO, BlackRock and TIAA. Represented the investment managers in defending third-party contribution actions relating to residential mortgage-backed securities trusts.
    • First Guarantee Mortgage Corporation. Defended FGMC in an indemnification action involving the sale of mortgage loans brought by the Rescap Liquidating Trust.
    • Hitachi-LG Data Storage. Represented the Korean-Japanese joint venture in defending civil class actions, opt-out actions, and a state action alleging price-fixing in the optical disk drive industry.
    • American Dental Partners Inc. Represented ADPI in securities fraud and derivative litigation stemming from ADPI’s announcement of a prior litigation loss. Secured dismissal of the derivative action and settlements within insurance policy limits to terminate the securities actions.