Rebecca Harlow


San Francisco

Rebecca is a class action litigator who focuses on the collection, handling, and loss of data, including cybersecurity and privacy litigation.

Rebecca’s practice includes all aspects of class action and other civil litigation in areas including privacy and data security breach litigation and arbitration and insurance litigation. She has represented multiple companies in class action litigation involving claims by consumers, employees, and institutions relating to security, privacy, and other issues. She also advises clients facing insurance coverage disputes and arbitration of contractual disputes. She has defended litigation arising out of data breaches involving claims by consumers and financial institutions and class actions bringing wiretapping and other claims against companies relating to the use of online technologies and tools like cookies, pixels, and session replay software.

Rebecca has assisted multiple clients across several industries in seeking, obtaining, and disputing the denial of insurance coverage. Throughout the COVID-19 pandemic, she has advised clients on insurance, contracting, and other unique issues that have arisen. Recently, Rebecca served as the senior associate in a fraud trial that was tried in-person during the height of the Omicron variant and settled after a week of trial. Rebecca’s pro bono practice focuses on immigration and civil rights issues.

Prior to joining Orrick, Rebecca was a litigation associate in the San Francisco office of another international law firm. She previously served as a pro bono fellow at Greater Boston Legal Services representing low-income clients in disputes over state cash and food assistance benefits.

  • Data Breach Class Action Defense

    • MOVEit Breaches. Defending Johns Hopkins University, TIAA, and Performance Health Technology Ltd. in class action litigation arising from hackers’ attack on the MOVEit file transfer platform.
    • See Tickets. Representing See Tickets in class actions arising out of two data security incidents on the event ticketing platform.
    • University of Minnesota. Defending class action litigation relating to alleged theft of personal information from University databases.
    • Zoosk. Defended Zoosk and its parent company against consumer class action in federal court in California following announcement in June 2020 of a data security incident.
    • Arby’s. Advised Arby’s regarding defense against all third-party claims arising from a payment card incident announced in February 2017.
    • Target. Advised Target Corporation in defending card issuer class action litigation stemming from the data security breach that Target announced in 2013.

    Privacy Class Action Defense

    • Carnival. Representing Carnival in litigating state wiretapping claims arising out of the use of session replay technology on the company’s website.
    •  Jornaya. Defending Jornaya in three class action lawsuits involving wiretapping claims regarding Jornaya’s TCPA Guardian and LeadiD products.
    • Caesars. Defending Caesars in a class action brought under the Video Privacy Protection Act involving online games on Caesars New Jersey gaming website.
    • Pampered Chef. Represented Pampered Chef in resolution of VPPA claims.

    Other Litigation Experience

    • global semiconductor manufacturing company. Senior associate in a fraud trial on behalf of global semiconductor manufacturing company. The matter was tried in-person during the height of the Omicron variant in early 2022, and settled after a week of trial.
    • Getaround.  Lead associate in a professional negligence and breach of contract lawsuit against its former third-party auto insurance administrator.