This month, we’re excited to feature Sara Porter, a Senior Litigation Associate Cooley, a leading global law firm for technology and life sciences companies, startups, emerging growth companies, and venture capital firms. Sara represents clients in high-stakes commercial litigation matters, with a focus on cybersecurity and data privacy-related disputes. In other words, she is a lawyer that helps businesses with important cybersecurity or data privacy issues. Her passion is litigating novel theories of liability for platforms, software, e-commerce and gaming companies in the rapidly evolving digital world, as well as providing proactive, business-focused advice, tailored to the unique needs of each client, to help them develop cyber and privacy programs to mitigate the risk of litigation.

Sara also serves on Cooley’s Diversity, Equity and Inclusion committee, and maintains an active pro bono practice, advocating for the rights of domestic violence victims in parole proceedings. Sara takes pride in mentoring the next generation of women cyber lawyers, both within her law firm and in the community.

‍

1. Can you explain what a cybersecurity/privacy lawyer does? What kinds of problems do you help solve for companies?

My job has three primary responsibilities: (1) assist clients in responding to data breaches and represent them in subsequent litigation; (2) represent companies in privacy-related litigation (for example, where a consumer sues them, alleging they are illegally collecting and/or sharing personal information), and (3) advise companies on the development of cybersecurity and data privacy programs to mitigate the risk of litigation in the future.

For instance, we’ve recently seen a rise in cases claiming that clients’ website cookie practices violate state and federal privacy laws. I work with clients to strategize on how to update their cookie practices to help avoid lawsuits - and I represent them in court if they do get sued.

‍

2. What first got you interested in law, and how did you end up specializing in cybersecurity and data privacy related cases?

The answers to each are very different! I first became interested in studying law in high school after seeing the power of the law in action. I had been trying to help a homeless five-year-old enroll in kindergarten but kept running into one obstacle after another. Eventually, we were connected with a nonprofit coalition of lawyers who specialized in helping homeless families. With just one mention of a federal law, the school district backed down, and the child was immediately enrolled and offered meaningful support – including daily transportation to school and free lunch. I was amazed by the immediate, life-changing impact those lawyers had on our effort, and I knew I wanted to learn more.

My path into cybersecurity was much more unexpected. I was asked to help a client respond to a data breach that happened on Christmas Eve, mainly because they needed a litigator to help prepare for the risk of possible legal action later on. Although the timing wasn’t ideal, I got a crash course in cybersecurity over the next few weeks – and I absolutely loved it. It’s one of the few times as a litigator where you’re truly in the trenches with your client, working together to solve a crisis in real time. And because cyber issues are still evolving – with new types of attacks and legal arguments emerging all the time – it’s a field where even a junior lawyer can develop deep expertise and make an invaluable impact on the team.

‍

3. Can you share an example of an interesting case you’ve worked on? How did it shape your perspective on the legal side of cybersecurity or data privacy?

One of the most memorable cases was that Christmas Eve data breach. A school was the victim of a breach, which had been targeted by a hacker who claimed they had broken into the system and accessed contact information for students and their parents. They even threatened to start reaching out to families unless a ransom was paid. That experience really opened my eyes to the human element of cybersecurity – it’s not just about systems and data, but about significant consequences that can affect real people when a hacker gains access to personal data that is sensitive and/or proprietary.

‍

4. How do data privacy laws and regulations impact the apps and platforms that teens use every day? What should teens know about cybersecurity and privacy when using these platforms?

Data privacy laws help protect the personal information that teens share with apps, platforms, and games, but it’s still important for teens and their families to stay informed and practice good cybersecurity habits. For example, some states have laws that require platforms to be clear about what data they collect and how it will be used. Other laws limit the types of data that can be collected from children under 13. In some states, teens – like all other users – also have specific rights over their data, such as the right to request that it be deleted.

Still, it’s essential for teens to be careful about what they share online. Reviewing privacy settings and permissions on apps and platforms helps users understand how their data might be shared. There are also risks with oversharing personal information like your home address, school name, vacation plans, or even daily routines – especially on public profiles. Sharing too much can lead to privacy violations, identity theft, or unwanted attention.

No matter your age, it’s always wise to remember that anything you post online can become part of your digital footprint and may be accessible long after you’ve posted it.

‍

5. For someone who might be interested in cybersecurity or data privacy law, what skills, experiences, or practical steps would help prepare them for a career like yours?

One of the most helpful skills is having a basic understanding of security and privacy-related technology. As a new lawyer entering the field, without an IT background, the steepest learning curve for me was the information systems vocabulary. You are much better positioned to help your clients once you can speak the same language as they do. 

Curiosity is also key for any lawyer. You must be skilled at asking investigatory questions – especially follow-up questions – to figure out what’s really going on and what problems need to be solved.

If you're interested in cyber and privacy law, I always recommend reaching out to practitioners in the field and learning about their paths. Everyone’s path is different, and there’s no one right way to get there!