Brandon Reilly

Privacy and Cybersecurity

Email Phone

Flexibility and creativity are paramount to finding solutions in the dynamic new world of data risk and regulation. When developing my approach to a new client or project, I always start with a fresh set of eyes on the unique issues at hand.

Professional Background

I counsel clients on a wide array of consumer protection and privacy matters, including data privacy and security compliance and procedure and data breach response. Working with startup companies, I advise clients on proactively orienting their operations in accordance with all manner of federal, state and international laws and regulations, including the CCPA, the GDPR, the Gramm-Leach-Bliley Act (GLBA) and industry-specific standards such as the Payment Card Industry Data Security Standard (PCI DSS). When compliance programs go awry, I assist clients with security incident or data breach investigation, containment, mitigation and notification, and I support impacted entities before and during litigation, regulatory inquiry and government enforcement.

I work in industries including e-commerce and retail, advertising and marketing, banking and fintech, energy and manufacturing. I particularly value advising high-growth emerging financial services companies on regulatory compliance, government enforcement actions and monitoring.

A member of the International Association of Privacy Professionals (IAPP), I frequently speak on privacy and cybersecurity issues at industry conferences around California and across the country. I also chair IAPP’s local chapter in Orange County. 


Representative Experience With Emerging Companies

  • An online financing platform that offers business owners access to capital in reviewing its potential exposure under the CCPA, creating and implementing an information governance plan to address any identified risks, and providing additional legal counsel regarding privacy and data security issues as they arise.
  • A financial services company in responding to a malware intrusion incident that potentially exposed the data of a key business partner, a Fortune 100 consumer-facing company. Our work involved immediate crisis response in order to efficiently contain the incident as well as notification to the business partner.
  • A video game and esports software company in connection with general privacy and data security advice including compliance issues associated with the CCPA and GDPR. We ensure the company receives current information about requirements for compliance and strategies for risk mitigation.
  • A health startup in connection with developing a privacy policy and website terms of use. We also counseled the company on IT security issues, including issues relating to a security researcher.
  • A wearable tech company, known for developing wearable technology that enhances participant interaction at large-scale events and conferences, in connection with its compliance with the GDPR.
  • Various other emerging fintech companies in connection with CCPA and GLBA compliance, general privacy and consumer protection advisement, and data incident investigation and response.
  • Various other emerging e-commerce platforms in connection with compliance with the CCPA and privacy laws relating to children, students and digital marketing.


Area of Focus

  • Fintech
  • E-commerce and consumer products
  • Advertising and marketing

My Advice to Entrepreneurs
  1. Privacy is now a product—invest in it, use it, sell it.
  2. Think through privacy at the design stage before you need to address it at the crisis stage.