Washington, D.C.
Sarah has an active pro bono practice that includes assisting federal inmates with post-conviction relief and parole, as well as assisting residents with housing-related eviction matters in housing court.
Sarah received her J.D. from the University of Richmond (summa cum laude, Order of the Coif) in 2018. During law school she served as the Manuscripts Editor for the University of Richmond Law Review and was awarded the J. Westwood Smithers Award and the Phillip Cudlipp Medal. She received her B.A. from the University of Maryland, College Park in 2015.
Prior to joining Orrick, Sarah was an associate at Buckley LLP. Prior to joining Buckley, Ms. Meehan clerked for the Honorable Judge Roderick C. Young (then-Magistrate Judge) in the U.S. District Court for the Eastern District of Virginia.
Washington, D.C.
Whitney-Ann counsels and represents individual and corporate clients through all stages of litigation with a focus on cybersecurity and privacy issues, including data breach class actions. She has extensive experience in state and federal court and before arbitral tribunals. She can be trusted to jump into a case at any stage to help drive strategy and obtain favorable results. In addition to routinely helping clients obtain early victories through successful motions practice, she has served as a key member on multiple trial teams, including obtaining an important defense verdict after a multi-week trial for a high-profile client. She was named a Best Lawyers: Ones to Watch® in America in 2026 for her work in Commercial Litigation, Class Action Defense, and Mass Torts.
Whitney-Ann formerly taught a practical course on civil discovery in federal courts as an adjunct professor at Georgetown University Law Center.
Whitney-Ann was previously a litigation associate at Quinn Emanuel Urquhart & Sullivan, LLP. After law school, she served as the judicial law clerk to the Honorable Judge Ivan D. Davis, United States Magistrate in the Eastern District of Virginia, Alexandria division.
Whitney-Ann maintains an active pro bono practice, focusing on immigration relief for children, families fleeing violence at home, and civil rights and housing issues.
Londres
Anna has experience working with global companies on a wide variety of privacy, cybersecurity and data protection matters. She has a particular interest in emerging technologies and their intersection with ethical and social issues associated with her practice.
Anna has contributed a number of articles and thought leadership pieces on current data protection, privacy and information law issues.
Washington, D.C.
Enny provides guidance on matters relating to numerous privacy and cybersecurity laws, including the U.S. state privacy laws in California, Colorado, Connecticut, Utah, Virginia and other states. Her work also includes counseling on compliance with Europe's General Data Protection Regulation (GDPR).
Enny graduated with honors from The University of Washington School of Law. While in law school, Enny served as the Editor-in-Chief of The Washington Journal of Law, Technology and Arts, Co-President of the UW Law and Business Association, Vice President of the UW Black Law Students Association and participated in the UW Law Mediation Clinic.
New York
Carly counsels clients across several sectors, including health technology, financial services, private equity, insurance, and technology on a range of United States (U.S.) federal and state privacy laws, including, but not limited to:
She also prepares clients for regulatory inquiry and government investigation and provides assessments of privacy and security practices for companies carrying out due diligence in the context of corporate transactions. Carly also maintains an active pro bono practice, which has included helping clients in immigration and criminal justice matters.
Carly has obtained the Certified Information Privacy Professional - United States (CIPP/US) designation from the International Association of Privacy Professionals.
New York
Naomi provides clients guidance on implementing global privacy programs and advises on the U.S. state privacy laws in California, Colorado, Connecticut, Utah, Virginia and other states. She assists clients in breach investigations and cybersecurity incident response, including advising on breach notification, regulatory investigations and managing cybersecurity policies and procedures.
Naomi draws on her experience in fixed income trading technology when advising on cybersecurity and compliance risks within business operations. During law school she externed at the Center for Reproductive Rights focusing on privacy in the context of international human rights.
New York
She has partnered with start-ups and Fortune 500 companies to develop comprehensive privacy and cybersecurity policies and procedures that comply with U.S., EU and UK law and self-regulatory frameworks, including U.S. state privacy laws; the EU and UK General Data Protection Regulation (GDPR); the CAN-SPAM Act; the Telephone Consumer Protection Act (TCPA); the Federal Trade Commission Act (FTC Act); and the Health Insurance Portability and Accountability Act (HIPAA).
Bianca helps clients prepare for and respond to crisis security incidents, including by advising on personal data breach notification obligations, working closely with cyber forensics experts, engaging with law enforcement, and responding to regulatory inquiries.
She also provides clients with practical guidance in complex and multijurisdictional corporate transactions to help navigate attendant privacy and cybersecurity risks.
Washington, D.C.
Cosmas provides guidance on issues relating to numerous privacy and cybersecurity laws, including:
Cosmas graduated with honors from Harvard Law School. During law school, he participated in the Berkman Klein Center's Cyberlaw Clinic, completed a clinical placement in the Securities, Financial & Cyber Fraud Unit of the United States Attorney’s Office for the District of Massachusetts, and interned with the Special Assistant for Legal & Legislative Matters to the Secretary of the Navy. Prior to law school, Cosmas served as a submarine officer in the U.S. Navy.
Cosmas is accredited by the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional in the United States (CIPP/US).
Santa Monica
Sherry’s clients include banks, mortgage originators and servicers, mortgage brokers, commercial lenders, bank holding companies, private equity firms, investment advisors, investment managers, finance companies, fintechs, consumer reporting agencies, data brokers, debt collection companies and related service providers.
She is a Certified Information Privacy Professional (CIPP/US), and was a member of the Mortgage Bankers Association’s 2016 class of Future Leaders and the California Mortgage Bankers Association’s 2014 class of Future Leaders.
Prior to joining Orrick, Sherry was a partner at Buckley LLP. She has been an associate in private practice. She also clerked for the Honorable Jeanette J. Clark in the Superior Court of the District of Columbia.
Seattle
He brings significant experience advising companies – from one of the largest telecommunications providers to leading entertainment companies to startups on the cutting-edge of AI and more – on the full cycle of an incident. He also advises companies and executives in connection to regulatory investigations, class actions, enforcement actions, and other disputes that frequently flow from privacy and cybersecurity incidents.
Joe helps clients respond quickly and with integrity to protect their brand, build trust and mitigate legal risk. He is highly skilled at directing incident investigations, analyzing potential claims and defenses, examining potential notification obligations and advising on effective communications strategies. He draws on this experience to help companies proactively prepare for an incident through creative strategies that foster engagement and collaboration between legal, security, communications and leadership teams. This includes building and improving incident response programs through response plans, simulated incidents, threat workshops, and training. In addition, Joe assists clients in practically evaluating the legal risk of security decisions in a variety of transactions and across the product lifecycle.
He also provides strategic advice to cybersecurity companies, including those looking to push technological and defense boundaries in cyber defense, incident response, and threat intelligence. This includes helping companies maximize their security offerings by navigating the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and the Federal Wiretap Act, as well as state law analogs.
Joe serves on Orrick’s Finance and Audit and Pro Bono Committees. A leader and advocate for diversity and inclusion initiatives, Joe is the co-head of Orrick’s Latinx Inclusion Network and was selected as a 2024 Rising Star by the Minority Corporate Counsel Association (MCCA). He was also named to Lawdragon's 2024 500 X Next Generation Rising Stars List and an Rising Star by the Minority Corporate Counsel Association (MCCA). He is a member of the Washington Latino Bar Association and the Hispanic National Bar Association.
Dusseldorf
Christian helps clients consider the privacy and artificial intelligence implications of new technology, supports their compliance programs, and helps them stay ahead of enforcement trends. One particular focus of his work deals with internal data transfer agreements, external data transfers with external providers, and product launches that comply with international data protection standards, as well as privacy requirements for connected cars. Furthermore, Christian provides guidance on privacy and data protection considerations for developing, acquiring, using, licensing and selling technology, data and intellectual property, including M&A transactions and IP focused joint ventures. He supports companies on the set-up of webshops, outsourcings, license agreements, in cases of trademark or unfair and deceptive trade practice issues, as well as on hard and software license and information technology (IT) project agreements.
Christian maintains strong working relationships with German data protection authorities and EU regulatory authorities with jurisdiction over privacy and data security matters. He effectively defends companies in cybersecurity and privacy-related investigations initiated by EU regulatory authorities. He also engages with authorities on behalf of clients and helps clients avoid proceedings and possible litigation. When litigation can't be avoided, Christian vigorously defends his clients.
For companies facing global cybersecurity incidents, Christian helps with crisis mitigation, including counseling on notification requirements, coordinating media strategies, and representing clients before data protection authorities in related regulatory investigations.
Christian regularly contributes practical thought leadership to global privacy industry publications and German privacy books and journals. Christian authors the Chapter V (international data transfers) of Germany’s leading GDPR commentary Kühling/Buchner (4th ed.) and is co-author to the Corporate Privacy Handbook (Betrieblicher Datenschutz). As an active member of the Sedona Conference, Christian drives the development and understanding of cross border privacy. He also participates in, hosts and moderates speaking programs with fellow private practitioners, EU data protection authorities, and academics focused on privacy and data security. Legal 500 Germany named Christian one of the top 15 practitioners in 2023 and noted that he is "a pioneer in the legal field, a data protection guru." They also recognized Christian and Orrick as "truly global" and how that it is "vital as they require the various leaders of each region to participate and bring issues to the table as a forum".
Prior to working in private practice, Christian interned with the German Federal Data Protection Commissioner and www.epic.org.
Boston; New York
Tech and consumer-facing clients – from early-stage startups to some of the most recognizable online companies – turn to Caroline to protect their IP, brand, and reputation in litigation. Her expertise includes the fast-evolving areas of Section 230 of the Communications Decency Act and online safety, cybersecurity & data privacy litigation. In the past year, she has litigated more than 60 cases related to platform immunity and she is currently lead counsel in dozens of cases for one of the world's largest tech companies on claims challenging myriad aspects of its online services, including content moderation and product design.
A partner to her clients in crisis management, Caroline also advises them in cyber incident response, government and internal investigations and enforcement actions. Her experience at the intersection of online safety, IP and white-collar litigation gives her breadth of perspective and allows her to work with her clients to problem-solve and effectively manage enterprise risk. Clients appreciate Caroline's ability to collaborate with witnesses, company stakeholders and factfinders – both inside and outside the courtroom – to achieve meaningful results.
Caroline maintains an active pro bono practice, representing clients in Hague proceedings as well as children and refugees in asylum proceedings in conjunction with the Political Asylum / Immigration Representation (PAIR) Project. She has drafted amicus briefs in cases pending before the U.S. Supreme Court and U.S. Circuit Courts of Appeals in the areas of technology, criminal justice, and reproductive rights.