Antony (Tony) Kim is a Partner in Orrick's internationally recognized Cyber, Privacy & Data Innovation practice, which pursues "an aggressive yet practical approach" to data protection and innovation that "meets the needs of both in-house counsel and tech-savvy business clients."

When faced with a cybersecurity crisis, companies call on Tony to help navigate critical legal, risk and reputational landmines. Tony has helped clients respond to hundreds of cyberattacks and data breaches. He has directed forensic investigations, cross-border notifications, and defended enforcement actions and civil litigation, in connection with incidents involving the personal information of employees and customers, including PCI/payment card data, as well as proprietary data and corporate trade secrets, on behalf of private and public companies as well as governmental entities. 

Tony has also defended over fifty clients in regulatory investigations and enforcement actions by the Federal Trade Commission (FTC) and State Attorneys General.  These investigations and enforcement matters have involved (i) cybersecurity and data breach incidents, (ii) privacy implications of innovative data use-cases, and (iii) consumer protection claims relating to online and offline sales & marketing and advertising practices -- particularly in the retail e-commerce and fintech/consumer finance industries.  Tony draws insights from his regulatory enforcement practice to inform his counseling work, where he regularly advises Legal, InfoSec, IT/IS, Product/Marketing, Engineering, as well as C-Suite/Board stakeholders on a host of governance, compliance, and risk mitigation strategies.

For his work on behalf of clients, the National Law Journal named Tony to its 2014 list of D.C. Rising Stars, a 40-under-40 group of "game changing" private, government and public interest attorneys. Based on surveys of general counsel and senior in-house lawyers, Tony was awarded the Client Choice Award by the International Law Office (ILO)/Lexology in 2015, and was named an Acritas Star Lawyer in 2016 and 2017.  He is recognized in multiple legal guides and directories, including Chambers-U.S.A., The Legal 500-USA, Benchmark Litigation, Super Lawyers-D.C. Rising Stars, and The Cybersecurity Docket -- which twice named Tony to its "Incident Response 30" list of the top professionals to call when facing a major cyberattack.  In 2016, Law360 named Orrick's Cyber, Privacy & Data Innovation practice "Practice Group of the Year" in the data privacy category.

  • In addition to his Cyber, Privacy & Data Innovation practice, Tony has extensive experience in the full gamut of antitrust and competition matters, including the defense of mergers and acquisitions before the federal antitrust agencies, defense of criminal cartel proceedings, and civil litigation.  Tony is a past Global Co-Chair of the Cyber, Privacy & Data Innovation practice group.

    Before joining Orrick, Tony was a member of the antitrust litigation practice group at White & Case LLP in Washington D.C.  Prior to law school, he worked in Philadelphia as an investment consultant for corporate defined benefit and defined contribution plans. 

  • A representative selection of Tony's cybersecurity, data privacy, and consumer protection experience, includes the following:

    Cybersecurity/Incident Response. Tony works with in-house Legal, IT, InfoSec teams, as well as C-Suites and Boards of Directors, on proactive cybersecurity preparedness programs and risk mitigation strategies.  He is regularly before these stakeholders in relation to critical cybersecurity and privacy training and compliance matters.  In his incident response practice, Tony has worked closely with Legal and IT/InfoSec teams to direct forensic investigations, cross-border notifications, regulatory interactions, and civil defense strategies, in relation to hundreds of cyberattacks and data breaches involving the personal information of employees and customers (e.g., payment card data), as well as proprietary data and trade secrets, and on behalf of private and public companies as well as governmental entities.

    Data Privacy/Sales & Marketing. Tony has worked with brick-and-mortar and online companies across industries to design and develop effective privacy disclosures, privacy-by-design processes, compliance programs, online and offline marketing strategies, and a host of other data-handling compliance mechanisms and policies.

    Regulatory Investigations. Tony has defended clients in federal and state regulatory investigations, across an array of cybersecurity, data privacy and consumer protection matters.  Highlights of his work include representations on behalf of the following clients: 

    • National ticketing and events company (FTC and AG investigations by 25 States in the aftermath of a major cybersecurity and data breach incident)
    • Bank marketing subsidiary (FTC investigation alleging violations of a prior consent decree requiring privacy disclosures and security assessments in relation to digital marketing and e-commerce platforms)
    • Fintech lender (FTC investigation involving claims substantiation in the advertising context)
    • Online retailer (FTC investigation involving "negative option," recurring subscription/auto-renewal membership programs)
    • Loan modification entity (FTC investigation and litigation involving alleged unfair and deceptive marketing )
    • National mortgage provider (FTC investigation relating to a cybersecurity and data breach incident)
    • Consumer lender (FTC investigation involving alleged non-compliance with the Gramm Leach Act (GLBA) and Fair Credit Reporting Act (FCRA))
    • National mobility device maker (FTC and four state AG investigations involving the Telemarketing Sales Rules (TSR), the Do-Not-Call Rules (DNC), and state analogs)
    • Professional networking service (FTC investigation into alleged unfair and deceptive practice in relation to use of personal information)
    • Social gaming network (FTC investigation involving cybersecurity and data breach incident, which also implicated the Children's Online Privacy Protection Act (COPPA))
    • Online background and ID-verification service (FTC investigation related to data security, data privacy, and sales & marketing issues)
    • Global retailer (Among FTC's first data privacy investigations regarding "online behaviorally targeted advertising")

    Consumer Litigation. Tony has led or co-led the defense in consumer class action matters, including for the following clients:

    • Gaming company (claims under the Telephone Consumer Protection Act (TCPA) for text message marketing; Northern District of Illinois)
    • National ticketing and events company (claims related to cybersecurity and data breach incident)
    • Social network (claims under TCPA related to SMS-based services; Southern District of Florida)
    • Boutique fashion retailer (claims under the Fair & Accurate Credit Transactions Act (FACTA); Southern District of Florida)
    • Online dating network (claims under general unfair and deceptive trade practices statutes; Maryland state court)
    • Catalog-based shopping club (claims under the Fair Credit Reporting Act (FCRA) provisions on “firm offers” of credit and the Credit Repair Organizations Act (CROA); Northern District of Illinois)
    • Merchant card provider (claims under state telemarketing and deceptive trade practices statutes; Alabama state court)

    Tony also has extensive experience in all facets of antitrust and competition law, including: 

    Mergers & Acquisitions.  Tony has led or co-led the defense in merger, acquisition and joint venture investigations before the U.S. Department of Justice’s Antitrust Division and U.S. Federal Trade Commission, on behalf of clients such as:

    • IronPlanet (online auctions and related disposition formats)
    • Blackfriars (polymer products distribution)
    • Elance (online freelancer platforms)
    • Crane Co. (unattended payment systems)
    • Instagram (mobile photo-sharing app)
    • BASF (specialty chemicals)
    • INEOS Group (styrenics plastics)
    • NOVA Chemicals (styrenics plastics)
    • Exxaro Resources (mineral sands)
    • CoorsTek (alumina wear tiles)
    • New Times Media (alternative newsweeklies)

    Cartel Investigations Tony has experience conducting internal investigations and defending companies in criminal proceedings before the U.S. Department of Justice’s Antitrust Division, including investigations involving the following industries:

    • Parcel Tankers
    • DRAM
    • Auto lighting
    • Auto electronics
    • Auto hoses

    Antitrust Litigation.  Tony has served on litigation/trial teams serving plaintiffs and defendants in state and federal courts, including for the following clients:

    • DHL (as “opt-out” plaintiff in relation to the Air Cargo price-fixing class actions)
    • Microsoft (as defendant in an ITC proceeding involving the “patent misuse” defense)
    • Whole Foods Market (as plaintiff in a multi-prong strategy in response to the FTC’s post-consummation challenge to the Wild Oats acquisition)
    • Halcor S.A. (as defendant in a federal price-fixing class action)
    • SF Weekly (as defendant in a California state predatory-pricing action)
    • Foundry Networks (as antitrust counter-claimant in a case involving alleged abuses in the standard-setting context)