Brenda Sharton is the Managing Partner of the Boston office and is the global Chair of Dechert’s, top-ranked Cybersecurity & Privacy Practice. A first chair trial lawyer, she is a top cybersecurity, privacy and commercial litigator. Ms. Sharton is Chambers ranked and was the recipient of Law360 MVP award in Cybersecurity & Privacy for 2022. In turn, Dechert’s practice was named Law360 Practice Group of the Year in Cybersecurity & Privacy for 2022. For many years, Ms. Sharton has been ranked as a “Leading Lawyer” by The Legal 500 for Cyber Law and Data Protection/Breach Response. Ms. Sharton represents public and private corporations and their boards in complex commercial litigation, class action defense, ADR proceedings, investigations and civil government/regulatory and enforcement matters.

Ms. Sharton is a nationally recognized expert, pioneer and thought leader in privacy and cybersecurity law. She has handled over 1,200 data breach investigations and cyber-attacks of every type and size for companies in every industry ranging from start-ups to global, multi-billion-dollar public companies. She has defended companies in hundreds of privacy and cybersecurity government investigations and enforcement actions brought by U.S. and global regulators, including states attorneys general, the FTC, HHS/OCR (HIPAA breaches), the SEC Cybersecurity Division, and European regulators, among others. She has defended public and private companies in landmark and high-profile consumer class actions related to privacy and cybersecurity, artificial intelligence (AI) and machine learning (ML). She has litigated these cases in state and federal courts throughout the United States, as well as countries around the globe, including Canada, Israel and Portugal, among others.

Ms. Sharton’s experience is second-to-none in handling cyberattacks. Since the late 1990s, she has quarterbacked over 1,200 data breaches, including numerous high-profile, front-page news breaches. Ms. Sharton has counseled numerous companies on enhanced cyber and physical security related to the exponential increase in cyberattacks since COVID-19, including companies engaged in COVID-19 research. She counsels companies on pre-breach cybersecurity counseling as well as handles all aspects of data breach investigations (crisis management, working with law enforcement and forensic firms, managing PR firms, as well as board, auditor, customer, media and investor communications, advice on global notification obligations, and analysis of cyber insurance). She has litigated high-profile landmark cases in this space, including one of the first bank online hacking cases to have been litigated to an appeals court. She provides counseling on cyber and physical security programs, in particular for companies that are high-value targets for nation states and organized crime.

Ms. Sharton has over 33 years of experience in all manner of complex commercial litigation, internal investigations, arbitration and civil government regulatory matters, involving contract claims, trade secret, post-closing disputes, non-compete, false advertising, business torts, fiduciary duties, banking and trust claims, fraud, minority shareholder and partnership disputes, and claims of all types involving data, among others. Having spent years litigating in the private equity and financial services industries, she is experienced with virtually every type of civil claim brought against financial services institutions, banks, asset managers, and has a deep expertise in the financial services industry (including fintech and digital currency), as well as in the technology, life sciences, healthcare industries as well as with privacy claims related to, artificial intelligence and machine learning. Ms. Sharton has successfully tried cases to conclusion in federal and state courts throughout the country and has represented clients in the full range of ADR procedures (both mediation and arbitration). In addition to trial work, she has defended government enforcement actions brought by an alphabet soup of federal and state regulators, including the SEC, FDIC, FTC, FINRA, DOL, FDA, HUD, OCC, HHS/OCR and the CFPB, among others.

Ms. Sharton is recognized by Chambers USA as a leader in Privacy and Data Security. She received Law360's MVP award in Cybersecurity and Privacy for 2022, an honor given to only five lawyers worldwide. Ms. Sharton is named to Cybersecurity Docket’s Incident Response 40 list, the best data breach response lawyers in the business. Ms. Sharton has been recommended by The Legal 500 United States consecutively for over a decade for commercial litigation, financial services litigation, and privacy and cybersecurity/breach response work. She has been listed in U.S. News-Best Lawyers in the practice areas of Commercial Litigation, Litigation - Banking and Finance and Mass Tort Litigation/Class Action - Defendants. A recognized thought leader, Ms. Sharton frequently writes on cybersecurity and privacy matters. She has published and/or been quoted in publications such as the Harvard Business Review, Wall Street Journal, Thomson Reuters, BloombergLaw360, Risk Management and Practical Law, among others. She has also lectured at the Federal Reserve Bank, numerous state bank associations, the MIT Sloan School of Management and the Harvard Law School executive leadership program. 

Prior to joining Dechert, Ms. Sharton was a senior partner, global practice group leader and member of the executive committee at another leading international law firm.

Client Feedback

  • "Brenda Sharton is a brilliant lawyer and a great client advocate. She is the lawyer you want in your corner. As a seasoned litigator and an experienced data security lawyer, she manages crises with confidence, finesse and strategy. Brenda will get into the weeds with the technical team and in the same breath turn to the legal team to interpret the significance and how it aligns with the bigger picture." - The Legal 500, 2023
  • "Brenda Sharton is knowledgeable, sharp, insightful and responsive. She is very good at negotiating. She knows when to push hard and when to play soft tunes to foster good relationships with different government agencies." - The Legal 500, 2023
  • "Brenda has provided and led strategic and meaningful insight concerning breach notification, incident response and privacy management." - Chambers USA, 2022
  • "She is an excellent attorney and business partner who provides practicable advice based on her extensive experience." - Chambers USA, 2022
  • "Brenda Sharton is an amazing senior lawyer who combines deep experience and knowledge with a calm and collected approach." - The Legal 500, 2021
  • "Brenda Sharton is a brilliant lawyer and a great client advocate. She is the lawyer you want in your corner. As a seasoned litigator and an experienced data security lawyer, she manages crises with confidence, finesse and strategy. Brenda will get into the weeds with the technical team and in the same breath turn to the legal team to interpret the significance and how it aligns with the bigger picture. Few lawyers have her depth, acumen and empathy but none have the same level of sincerity." - The Legal 500, 2021
  • "Brenda Sharton is one of the most experienced privacy lawyers in the market today, with deep experience and the ability to translate complexity in a way that is actionable and understandable. She cuts through the noise and focuses everyone on what is critical." - The Legal 500, 2021
  • Representative Data Breach Investigations

    • A global public Silicon Valley customer management software company in connection with data security breach where millions of customer credentials had been exposed.
    • A global information security company in connection with a nation state threat actor.
    • Negotiated ransom on behalf of an information security company in connection with cyberextortion by organized crime syndicate using RaaS. 
    • A health management company in data breach regarding disclosure of patient health and medical information and in HHS/OCR investigation.
    • A developer of a push-to-talk app in a data breach that compromised data of its 140 million users.
    • A global technology/social media company in connection with counseling on compliance with an FTC order and privacy program.
    • A Chinese bitcoin mining company in connection with a global data breach in which US$500 million of bitcoin was stolen.
    • A public biotech company in connection with nation state attack and cybersecurity management around sensitive drug development matters.
    • A subscription-based business information database company on data breach affecting over 100 million database records from around the globe.
    • A Silicon Valley-based healthcare company in a breach affecting millions of patient records and defense of HHS/OCR enforcement action in a case that had the highest ransom the FBI had seen to date.
    • A public technology company specializing in 3D printing in a sophisticated global ransomware attack.
    • European and Asian law enforcement in negotiating and coordinating multi-million-dollar ransom.
    • A public software company in connection with cyberattack by a nation state.
    • A public education software company regarding a cyberattack by a nation state that affected student data and state AG, FTC and SEC Cybersecurity Division actions.
    • A European health care app with over 100 million users in a data breach and defense of FTC action regarding its privacy practices.
    • A global public bioscience company based in Hong Kong regarding a cyberattack that defrauded the company of millions of dollars.
    • A cloud services and identity management company on a data breach in which an unauthorized user gained access to the company’s U.S. database, potentially accessing passwords and credentials for thousands of the company’s corporate customers. This matter remains one of the most significant recent data breaches in the tech and cloud services community. Also defended the company in an FTC enforcement action.
    • A healthcare payment platform in connection with a highly sophisticated attack on its system that resulted in the theft of over US$10 million in customer funds.
    • A global financial services provider on a Microsoft Office 365 email intrusion that led to the exposure of thousands of health insurance records, including information protected under HIPAA; as well as the defense of HHS/OCR and day-to-day counseling on privacy/cybersecurity issues.
    • A global biotech company on a breach involving the release of employee W-2 forms via a phishing scam. Also represented the company in a putative class action arising from the breach and defended the New York Attorney General’s action.
    • The One Fund Boston, a charity created to provide financial assistance to survivors and families of those killed in the Boston Marathon bombings, in creating a complete privacy program and policies for employees, volunteers and collaborating parties of the charity, which was created on a pro bono basis.

    Representative Data Breach/Privacy Litigation

    • A health management company in two purported class action lawsuits regarding disclosure of patient information following a 2020 data breach.
    • Representation of Easy Healthcare/Premom App. in a favorable settlement with the FTC in July, 2023 alleging violations of section 5 of the FTC Act and the Health Breach Notification Rule (one of the first brought by the FTC).
    • Representation of Easy Healthcare and favorable settlement for Premom fertility tracking app in consumer class action in N.D. Illinois alleging violations of its privacy policies in the sharing of user data.
    • Representation of Flo Health, Inc. world’s leading women’s health app in the defense of numerous class actions pending in federal court in California, Canada (British Columbia, Quebec and Ontario), as well as in Israel and Portugal alleging that the sharing of user data with analytics companies violated privacy policy and CIMA, among other claims.
    • Representation of Prisma Labs, Inc., the maker of the Lensa AI app (No. 1 on the Apple store in December, 2022), in dismissal of consumer class action alleging violation of the Illinois Biometric Information Privacy Act (“BIPA") in N.D. CA in favor of arbitration.
    • Representation of Prisma Labs, Inc., the maker of the Lensa AI app, in connection with the defense of a purported consumer class action filed in the N.D. Illinois alleging claims under BIPA.
    • Representation of Flo Health, Inc. in connection with the successful settlement with the FTC in June 2021. 
    • Representation of Cano Health, Inc. in connection with the successful settlement of two purported class actions pending in state court in Miami-Dade county in Florida following an Office 365 cyberattack. 
    • Macy’s Inc. in federal court against purported class action claims arising out of 2019 data breach.
    • Taconic Biosciences, Inc. in a putative class action in NY state court arising theft of employee information following phishing scam.
    • People’s United Bank in a summary judgment victory in a landmark case, which involved an alleged breach of the bank’s online security system through keylogging malware. One of the first cases of its kind to be decided by an appellate court and named a “national case to watch” by the American Banker, the dispute was resolved after the First Circuit reversed in part and remanded the district court’s decision.
    • Wellpoint Inc./Anthem in an Office of Civil Rights (HHS Division) investigation involving alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). At the time, the settlement was one of only 12 OCR settlements nationwide.
    • Online video and media service providers in class action litigations filed nationwide challenging the alleged use of local shared objects, also known as “flash cookies.”
    • Numerous companies in privacy-related government investigations and enforcement actions brought by states attorneys general, the FTC, HHS and the Office of Civil Rights, among others.
    • Numerous public companies in hundreds of data security breaches, including global investigations and the handling one of the first major data breaches for a public company in 2002.
    • Numerous companies in TCPA litigation.

    Representative Artificial Intelligence/Machine Learning Matters

    • The world’s leading health application with over 300 million downloads, in eight federal class actions, an Israeli class action, a Portugal class action, three Canadian class actions, a Congressional Oversight Committee investigation and an FTC investigation—all alleging that the company’s AI product, which predicts female fertility and ovulation, violates user privacy.
    • Holistic, comprehensive advice to global provider of financial digital products and services on AI for innovative consumer products and services. The scope of work includes providing recommendations for identifying and mitigating the risk of algorithmic bias in data sets, AI/ML processes and recommendations to target audiences. Our representation includes preparing appropriate user privacy disclosures and formulating risk-based solutions and arguments in light of applicable U.S. and European laws and “gray areas.”
    • A global fintech company on implementing AI-driven biometric AI for consumer service.
    • A healthcare technology start-up that uses AI for its core products in a federal regulatory investigation, three state attorneys general actions, and an Illinois class action.
    • The most downloaded AI photo editing software company in multiple class actions concerning its alleged collection and use of biometrics.
    • A global health app on AI-driven dynamic pricing.
    • A global financial software company on ethical use of AI under U.S. and EU law and industry requirements.

    Representative Business Litigation

    • Minority shareholders of Diversified Communications, Inc. in a post-closing dispute related to the buyout of shares following the divestiture of the company’s electronic health records division.
    • Hill Holliday Connors, Inc./Erwin-Penland, Inc. in winning a summary judgment in a case involving claims of trade secret misappropriation and breach of contract/fiduciary duty, as well as the rights to a national advertising campaign utilized by a Fortune 50 company. The case, in federal district court in South Carolina and with damages claimed of nearly US$100 million, was appealed to the Fourth Circuit, which affirmed summary judgment for the client.
    • A public company in an arbitration involving trade secret and breach of acquisition agreement with another public company related to the right to do business in 21 states.
    • New Balance, Inc./Warrior Lacrosse in the successful resolution of claims pending in federal district court in Michigan, for theft of trade secrets involving the hockey line, after successfully defeating an initial injunction motion.
    • Zmags North America in a trial in federal court in Ohio after cross-examination of opposing party's CEO. Claims involved the alleged theft of the entire customer data base by a former employee.
    • Numerous companies in successful resolutions to civil claims related to the Bernard L. Madoff Securities fraud.

    Representative Financial Services Litigation

    • Cape Cod Five Cents Savings Bank in a winning summary judgment in trust litigation brought against the bank as trustee of an estate in multi-year litigation alleging breaches of fiduciary duty, breach of contract, 93A, violation of the Mass Uniform Trust Act and tort claims, among others.
    • Citizens Bank in a winning motion to dismiss in federal court and in First Circuit Court of Appeals for in the defense of a putative class action arising from their overdraft fee program in a case. This case garnered the attention of legal news outlets, including as the leading story in Law360 on two different occasions.
    • Southern Sun Asset Management in an arbitration award against claims brought by an international third-party marketing firm with claims of almost US$100 million. The arbitration award was challenged and successfully defended in federal court in Alabama.
    • A Fortune 100 public financial institution in the successful resolution of a case in federal court in New York against for breach of fiduciary and financial fraud claims following its acquisition of a financial services company and the infusion of US$2 billion into that institution.
    • A major public mutual fund company in the successful defense of in connection with SEC and FDIC investigations that resulted in no charges for the company.
    • A Fortune 50 company in the successful negotiation and resolution of a consumer financial services class action case, pending in Ohio state court for more than 10 years.
    • A Fortune 100 financial institution in a successful defense in a class action case in both state court and Ohio appeals court alleging pregnancy discrimination in mortgage lending practices. The case was settled favorably for our client.
    • Massachusetts Bankers Association and other state banking associations for over a decade relating to litigation issues affecting banks.
    • People’s United Bank in the successful dismissal of a putative class action complaint in state court in Connecticut, involving the bank’s overdraft fee program. Secured one of the few dismissals among the hundreds of overdraft cases that have been filed against banks across the country.
    • East Cambridge Savings Bank in the successful dismissal of a complaint in its entirety with prejudice in a suit filed in Middlesex Superior Court arising out of a loan default. The Massachusetts Appeals Court affirmed the judgment in our client's favor.
    • State Street Global Advisors in the successful dismissal of a complaint filed in Massachusetts Superior Court seeking recovery of losses during broad stock market decline. Successfully defended the dismissal in the Massachusetts Appeals Court.
    • State Street Global Advisors in winning a summary judgment of a complaint alleging breach of fiduciary duty and breach of contract; claims dismissed as time barred under three-year statute of limitations. Summary judgment affirmed by the Massachusetts Appeals Court.
    • Massachusetts Bankers Association and group of banks in winning a summary judgment in Massachusetts federal district court in a constitutional challenge to Massachusetts statutes that restricted how banks could sell insurance. First Circuit Court of Appeals dismissed the petition to vacate.
    • Multiple banks, including BNY Mellon and HSBC, in the dismissal of numerous claims, in federal district court in California, involving alleged violations of Los Angeles rent ordinances. Ms. Sharton successfully argued the motion to dismiss in federal court on behalf of all the bank defendants. 

    Representative Internal Investigations

    • A private company in an internal investigation related to potential fraud allegations related to FDA certifications.
    • A board of trustees for registered mutual funds in an internal investigation related to alleged misconduct by advisor personnel in connection with trading timing.
    • The Japanese subsidiary of a public company in an internal investigation involving a revenue recognition issue.
    • The Somaly Mam Foundation Board of Directors in an internal investigation regarding the background of an international sex-trafficking activist.

    Includes matters handled at Dechert or prior to joining the firm.


    • U.S. Regulatory Update by Dechert LLP — EFAMA, Webinar (December 12, 2022)
    • WSJ Pro Cybersecurity Forum: Aligning with New Business Strategies - Speaker (June 1, 2022)
    • The Digital Transformation of Customer Experience – Fintech Nexus USA, New York (May 25, 2022)
    • The Digital Transformation of Customer Experience - Moderator, LendIt Fintech Conference (May 2022)
    • A Discussion on Developments in Privacy and Cybersecurity Law with Experts from Both Sides of the Border - Speaker, John Hancock Global Law Conference Privacy Break-Out Session Webinar (May 2022)
    • The Intersection of Cybersecurity, Data Privacy and Cyber Risk Management in M&A Transactions - Speaker, ABA Panel (January 2022)
    • Cybersecurity and Privacy - Virtual California Investment Management Symposium, Dechert LLP, Webinar (October 27, 2021)
    • Ransoms (Part 1): What are the Threats? - Speaker, Kayo Podcast (September 2021)
    • Cybersecurity - Speaker, Dechert's Sovereign Counsel Series (April 2021)
    • Hot Topics In Cybersecurity: “Not ‘If,’ But ‘When’” - Practical Tips to Reduce Risk - Speaker, Dechert's Q2 Directors' Forum Panel (April 2021)
    • What Keeps You Up at Night?  What Every Asset Manager Needs to Know About Cybersecurity - Speaker, Dechert's Mutual Funds Virtual Conference (March 2021)
    • Not a Question of if, a Question of When: Reducing Cybersecurity Risk in Private Equity Transactions - Speaker, Kayo Podcast (March 2021)
    • Committed Capital | Managing Cybersecurity Risk in Private Equity Transactions: Investing in the Modern Age - Speaker, Dechert Podcast (February 2021)
    • Understanding the Impact of Brazil's New Data Protection Laws and Agency - Speaker, Dechert Webinar (February 2021)
    • Coffee Break Compliance Broadcast Series | Episode Ten: A Conversation With The Experts - Hot Topics in Privacy & Cybersecurity - Speaker, Dechert Podcast (January 2021)
    • Hot Topics In Cybersecurity: “Not ‘If,’ But ‘When’” - What Keeps In-House Counsel Up At Night - Speaker, Greater Philadelphia's Association of Corporate Counsel Webinar (January 2021)
    • MassChallenge Innovation Summit: Securing the Future of Work - Moderator, MassChallenge, Israel (June 2020)
    • Cybersecurity + COVID-19 - Goodwin Webinar (April 2020)
    • Advising Boards of Directors About Cyberattacks and Incident Response - Speaker, Boston Bar Association Privacy and Cybersecurity Conference (2019)
    • Unlocking the Value of Data in MedTech: Protect Your IP, Protect Your Business: Cybersecurity Deep Dive - Goodwin Webinar (2019)
    • How to Anticipate, Investigate & Litigate a Data Breach in 2019 - Moderator, Consero Financial Services Litigation Forum (2019)
    • Privacy + Cybersecurity Readiness: What every real estate company needs to know - Goodwin Webinar (2019)
    • Digital Technology and the Law: Big Data, Cybersecurity and other Hot Spots - MIT Course, Guest Lecturer (2019)
    • Cyber Liability Decoded - Massachusetts Bankers Association Webinar (2019)
    • Privacy & Cybersecurity Legal Overview and Trends - Federal Reserve Bank of Boston Cyber-Threat Interest Group Meeting (2018)
    • Challenges in Innovation – Navigating the Uncertain Terrain - Goodwin’s Annual Banking Symposium (2017)
    • Cybersecurity and Incident Response: Managing the Issues - New York Bankers Association’s Financial Services Forum (2017)
    • How Will Trump’s Administration Affect the Financial Services Industry? - Goodwin (2017)
    • Data Breach & Privacy Litigation: Mitigating Enterprise Risk - Consero Financial Services Litigation Forum (2017)
    • The Privacy Shield: What Does it Mean for Your Business? - Webinar, Moderator (2016)
    • “I’m Negotiating with K-Mart!” and Other Truisms Dealing with Ransomware Hackers - IAPP's Privacy. Security. Risk. Conference (2016)
    • Examine the Interplay of Cybersecurity and Patent Law to Strengthen Patent Innovation - The 13th Annual Patents for Financial Services Summit  (2016)
    • Hear From the Judges: Best Practices to Navigate the First Circuit Court of Appeals - Boston Bar Association (2016)
    • Ch-Ch-Ch-Changes...A 20-year Privacy Law Veteran Discusses Notable Trends and Their Implications - IAPP Global Privacy Summit (2016)
    • Seven Things You Should Know About Arbitration Clauses - Marcus Evans Chief Litigation Summit & IP Law Summit (2016)
    • Privacy and Cybersecurity Litigation: What You Need to Know - Consero Financial Services Litigation Forum (2016)
    • Cybersecurity Issues - Northeast Human Resources Association (NEHRA) FE Dinner (2016)
    • Massachusetts Supreme Judicial Court, Honorable Joseph R. Nolan