Antony (Tony) Kim is a partner in Orrick's internationally recognized Cyber, Privacy & Data Innovation practice, which pursues "an aggressive yet practical approach" to data protection and innovation that "meets the needs of both in-house counsel and tech-savvy business clients."
When faced with a cyber crisis, companies call on Tony to help navigate critical legal, risk and reputational landmines. Tony has helped clients respond to hundreds of cyberattacks and data breaches. He has directed forensic investigations, cross-border notifications, and regulatory and private enforcement matters, in connection with incidents involving personal data of employees and customers, including PCI/payment card data, as well as proprietary data and corporate trade secrets, on behalf of private and public companies as well as governmental entities.
Tony has also defended over fifty clients in regulatory investigations and enforcement actions by the Federal Trade Commission (FTC) and State Attorneys General. These matters have involved (i) cyberattacks and data breach incidents, (ii) privacy implications of innovative data use-cases, and (iii) consumer protection issues relating to online and offline sales & marketing and advertising practices -- particularly in the retail e-commerce and fintech/consumer finance industries. Tony draws insights from his regulatory practice to inform his counseling work, where he regularly advises Legal, InfoSec/IT, Product/Marketing, and C-Suite/Board stakeholders on a host of governance, compliance, and risk mitigation strategies.
Recognized as a leading lawyer, Tony has been ranked in Chambers USA, The Legal 500 US, Benchmark Litigation, The Cybersecurity Docket and Super Lawyers D.C. Rising Stars. He’s been consistently named to The Cybersecurity Docket’s “Incident Response 30” list of the top IR professionals in the U.S. Clients endorse Tony, telling Chambers “He's fantastic,” “He takes the time to tend to companies’ needs and understands clients’ objectives.” The National Law Journal named Tony to its 2014 list of D.C. Rising Stars, a 40-under-40 group of “game changing” private, government and public interest attorneys. Based on surveys of senior in-house counsel, Tony was awarded the Client Choice Award by the International Law Office (ILO)/Lexology in 2015, and was named an Acritas Star Lawyer in 2016 and 2017. In 2016, Law360 named Orrick’s Cyber, Privacy & Data Innovation practice “Practice Group of the Year” in the data privacy category. Chambers repeatedly ranks Orrick’s Cyber and Privacy practice in Band 1 and in 2019 named Orrick the “Privacy/Data Security Law Firm of the Year.”
Tony serves on the firm's Executive Management Committee.
A representative selection of Tony's cybersecurity, data privacy, and consumer protection experience, includes the following:
Cybersecurity/Incident Response. Tony has represented public and private companies, as well as governmental entities, in responding to hundreds of cyberattacks and data breaches involving the personal information of employees and customers (e.g., payment card data) as well as proprietary information and trade secrets. In his response capacity, Tony collaborates with key stakeholders to:
Based on this experience, Tony helps clients design and deploy proactive governance, compliance, and risk mitigation strategies focused on incident preparedness (e.g., tabletop simulations), vendor management, and cyber training for Directors and Officers.
Data Privacy/Sales & Marketing. Tony works with companies on critical internal and external data-use-cases relevant to privacy, as well as to state and federal "unfair" or "deceptive" trade practices law, including:
In connection with this work, Tony regularly advises clients on a host of data-related rules and regulations, including but not limited to Section 5 of the Federal Trade Commission Act, the Telemarketing Sales Rule, the Telephone Consumer Protection Act, the CAN-SPAM Act, the Gramm Leach Bliley Act, and the Fair Credit Reporting Act, as well as relevant state law, including the California Consumer Privacy Act (CCPA), state "UDAP" statutes and specialty rules such as those concerning social security numbers, data brokers and biometric privacy.
Regulatory Investigations. Tony has defended clients in federal and state regulatory investigations, across an array of cybersecurity, data privacy and consumer protection matters. Highlights of his work include representations on behalf of the following clients:
Consumer Litigation. Tony has led or co-led the defense in consumer class action matters, including for the following clients:
Tony also has extensive experience in all facets of antitrust and competition law, including:
Mergers & Acquisitions. Tony has led or co-led the defense in merger, acquisition and joint venture investigations before the U.S. Department of Justice’s Antitrust Division and U.S. Federal Trade Commission, on behalf of clients such as:
Cartel Investigations. Tony has experience conducting internal investigations and defending companies in criminal proceedings before the U.S. Department of Justice’s Antitrust Division, including investigations involving the following industries:
Antitrust Litigation. Tony has served on litigation/trial teams serving plaintiffs and defendants in state and federal courts, including for the following clients: