Brandon Reilly
Brandon Reilly is the leader of Manatt’s Privacy and Data Security practice and is recognized nationally for his work in privacy and cyber law and as a “Top 40 Under 40,” “Top Cyber” and “Top Artificial Intelligence” lawyer in California. Clients in these rankings have noted that he is “an exceptional privacy attorney” with an “encyclopedic knowledge of various privacy laws and can advise on a wide range of data privacy issues in a reasoned, risk‑based manner.”
A trusted go-to advisor on privacy, data strategy, data security and artificial intelligence (AI) issues for a sophisticated client base, Brandon is skilled at developing business-focused privacy and security frameworks aimed at maximizing data asset value and mitigating future enforcement and litigation risk. His practice spans legal and consulting disciplines, including strategic advice, regulatory compliance, transactions, government policy, security compliance and procedures, data breach responses, litigation, and government investigations and enforcement actions.
Brandon has experience advising and representing Fortune 500 and emerging companies, multinational corporations and nonprofits across all industries. In particular, his work with health care and digital health companies has been recognized globally by Chambers. His practice incorporates deep experience with emerging technologies such as AI and machine learning, data science, privacy-enhancing technologies (PETs), biometrics, telematics, the Internet of things (IoT), blockchain, cryptocurrencies, social media and Web3. He has also leveraged his depth of experience in data protection and government investigations to represent clients in matters involving national security, foreign sanctions compliance and cross-border data transfers.
Also, a civil litigator with broad experience in federal and state courts, Brandon has significant experience defending a wide range of businesses in privacy, data breach, and consumer protection cases as well as class actions. His defense work includes claims regarding cybersecurity laws, wiretapping and eavesdropping laws such as the California Invasion of Privacy Act (CIPA) and Federal Wiretap Act, health privacy laws, consumer financial services laws and data broker laws.
In the compliance area, Brandon advises clients on proactively orienting their operations to all manner of federal, state and international laws and regulations, including:
- State comprehensive privacy laws, such as the California Consumer Privacy Act (CCPA) and similar laws passed in over eighteen states.
- Health privacy laws, such as the Health Insurance Portability and Accountability Act (HIPAA), California’s Confidential Medical Information Act (CMIA) and Washington’s My Health, My Data Act (MHMD).
- Financial privacy laws, such as the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA) and the New York Department of Financial Services (NYDFS) Cybersecurity Regulation.
- Children’s privacy laws such as the Children’s Online Privacy Protection Act (COPPA) and Maryland Age-Appropriate Design Code Act (Maryland AADC).
- Artificial intelligence laws such as the Colorado Artificial Intelligence Act, California’s Artificial Decision Making Technologies Regulation, and various other state laws involving generative AI, chatbots, and decisional AI.
- International privacy laws such as the European Union’s General Data Protection Regulation (GDPR), the United Kingdom’s General Data Protection Regulation (U.K. GDPR), Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the European Union AI Act.
- Self-regulatory frameworks such as the Payment Card Industry Data Security Standard (PCI DSS) and National Institute of Standards and Technology (NIST) Frameworks for Cybersecurity, Privacy and AI Risk Management.
In the incident response area, Brandon assists clients with security incident investigation, containment and mitigation as well as management of data breach responses. He also assists impacted entities before and during litigation, regulatory inquiry and government enforcement. He has counseled clients on incidents involving ransomware and other malware, botnet and other automated attacks, social engineering attacks, business email compromises (BEC), insider threats, independent security researchers and black and gray hat hackers and other fraud and identity theft schemes.
A thought leader and frequent speaker in the privacy and data security space, Brandon is a Certified Information Privacy Professional for the U.S. Private Sector (CIPP/US) and an active member of the International Association of Privacy Professionals (IAPP) and co-founder of its local Orange County chapter. Brandon has also spoken at national industry organizations, including IAPP, the Association of Corporate Counsel (ACC), the Health Care Compliance Association (HCCA), the Institute for Internal Auditors (IIA), ISACA (the Information Systems Audit and Control Association) and the Information Systems Security Association (ISSA). He has been quoted by Bloomberg Law, Daily Journal, VentureBeat and Cybersecurity Law Report.
Brandon also regularly provides pro bono representation in the area of veterans’ benefits and discharge upgrades, as well as advising small businesses and underserved communities regarding data governance and privacy compliance.
