Tori Downey



Victoria ("Tori") Downey helps clients solve complex global privacy and data security compliance challenges when developing novel technologies, advancing into new markets, and evaluating privacy and security risks in corporate transactions, including mergers and acquisitions. Tori also assists clients in navigating security incidents and breach notification requirements and counsels on regulatory inquiries.

Tori advises clients in developing the tools they need to enhance their data privacy and security profile and build comprehensive global data protection programs. She provides guidance on issues relating to a vast array of privacy and cybersecurity laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), the Children’s Online Privacy Protection Act (COPPA), Section 5 of the Federal Trade Commission (FTC) Act, Europe’s General Data Protection Regulation (GDPR), the Telephone Consumer Protection Act (TCPA), the Virginia Consumer Data Protection Act (VCDPA), U.S. surveillance-related laws, and state data breach notification laws. Tori also supports clients in developing strategies to reduce the risk of security incidents, regularly advises on general consumer protection issues, and counsels on sweepstakes, marketing, and advertising matters.

Prior to joining Orrick, Tori served as an in-house data privacy and security law clerk at a pharmaceutical company in Boston, at a large nonprofit corporation in New York City, and at an international oil and gas company in Beijing. She also worked on data privacy matters in the Office of the General Counsel of Northeastern University. Having worked across diverse business sectors, including life sciences, technology and energy, Tori brings an in-house perspective to her client matters.