Overview
Sunil Shenoi is a partner in the Government & Internal Investigations Group in the Chicago office of Golden Flag International Law Firm He focuses his practice on advising clients on data security and data privacy matters, with a particular focus on responding to data breaches and defending against data breach litigation. Sunil regularly advises clients on compliance with laws and regulatory guidance relating to data security and data privacy issues.
Sunil also represents multinational organizations and individuals in a wide variety of U.S. DOJ and SEC investigations, including many investigations for private equity, medical device, retail, and other clients involving the U.S. Foreign Corrupt Practices Act, financial statement and disclosure issues, insider trading and other securities enforcement issues.
Experience
Representative Matters
Data Security & Privacy
- Represented a Fortune 50 retailer in an internal investigation and class action litigation stemming from a data security breach.
- Represented a Fortune 50 company in a contractual dispute stemming from a data security breach.
- Represented a Fortune 100 insurance company in multiple consumer class action litigations and regulatory inquiries stemming from a data security breach.
- Represented a grocery store network in defending and responding to litigation claims stemming from a data security breach.
- Represented the Board of Directors of a retailer in resolving class action litigation related to data security breach.
- Representing a health care company in class action litigation relating to a data breach.
- Represented a healthcare payment solutions firm in an internal investigation stemming from a data security breach.
- Represented a retailer in resolving claims by credit card companies related to a data security breach involving theft of consumer credit card data.
- Represented a marketing firm in an internal investigation stemming from a data security breach.
- Represented a leading data security firm in an internal investigation stemming from a data security breach.
- Represented several companies in internal investigations involving from ransomware attacks.
- Represented investment advisers in internal investigations related to data security breaches.
- Represented several companies in investigating data security breaches involving fraudulent wire transfers.
- Represented U.S. public companies regarding disclosure obligations in connection with data breach.
- Represented U.S. public companies regarding cybersecurity risk factor disclosures in periodic filings.
Government & Internal Investigations
- Represented a multinational medical device company in SEC and DOJ FCPA investigation involving allegations in Eastern Europe and Central / South Asia.
- Represented executives of a global renewable energy company in Delaware shareholder litigation and related SEC inquiries.
- Represented an assisted living company in an SEC investigation involving financial statement and disclosure issues.
- Represented two global financial institutions in an industry-wide SEC FCPA investigation focusing on interactions with Sovereign Wealth Funds.
- Represented multiple clients in SEC investigations involving financial fraud, insider trading, and pay-to-play regulations.
- Represented the Special Committee of the board of a publicly-traded company in an SEC investigation into allegations of financial fraud.
Prior Experience
Deloitte Consulting
Capgemini
More
Thought Leadership
Publications
Co-author, “Practical Prescriptions for Incident Response and Preparedness in Health Care,” New York Law Journal (May 2024)
Co-author, “White-Collar Crime Practice Guide – USA: Law & Practice,” Chambers & Partners (November 2023)
Co-author, “SEC Proposes Significant New Cybersecurity Rules for Investment Advisers,” Golden Flag AIM (March 14, 2022)
Co-author, “SEC Proposes New Cybersecurity Disclosure Regime for Public Companies,” Golden Flag Alert (March 14, 2022)
Co-author, “Economic sanctions and export control considerations when facing a ransomware attack,” Reuters Legal News (December 16, 2021)
Co-author, “Family Offices: Cybersecurity Threats and Best Practices,” Private Investment & Family Office Insights (May 28, 2020)
Co-author, “Data Security Considerations for Business Allowing or Encouraging Employees to Work Remotely,” Golden Flag Alert (March 17, 2020)
Co-author, “OCIE Issues Observations on Cybersecurity and Resiliency; Supreme Court Refuses to Hear FINRA Pay-to-Play Challenge,” Golden Flag AIM (February 14, 2020)
Co-author, “Key Takeaways from Ex-Alstom Exec’s FCPA Conviction,” Law360 (November 13, 2019)
Co-author, "Minimizing Your Company’s Exposure to a Ransomware Attack," Golden Flag Alert (March 11, 2019)
Co-author, “SEC Case Brings Rarely Used Cyber Rules Into Limelight,” Law360 (September 27, 2018)
Co-author, “New California Consumer Privacy Act Impacts Private Equity Portfolio Companies,” Golden Flag Private Equity Newsletter (August 9, 2018)
Co-author, “California's New Privacy Law Represents a Sea Change for Consumer Rights in the United States,” Golden Flag Alert (July 16, 2018)
Co-author, “Insider Trading Charges Levied in Connection with Data Breach,” Golden Flag Alert (March 19, 2018)
Co-author, “Key Takeaways from the SEC’s 2018 Cybersecurity Guidance,” Golden Flag Alert (February 28, 2018)
Co-author, “The Class Action Litigation Consequences of Business Email Compromise Attacks,” LegalTech News (February 22, 2018)
Co-author, “SEC Stakes Claim As Digital Currency Regulator,” Law360 (Oct. 13, 2017)
Co-author, “SEC Enforcement Trends: Minor Accounting and Disclosure Infractions Attracting Major Scrutiny,” Bloomberg BNA Tax and Accounting Center (April 13, 2017)
Co-author, “Key Data Privacy and Security Concerns for Investment Firms,” Law360 (May 20, 2016)
Co-author, “Oracle Case Expands Pool Of Potential Data Security Defendants,” Law360 (Jan. 14, 2016)
Co-author, “FCC Expands Data Security Enforcement With Cox Action,” Law360 (November 19, 2015)
“Undoing Undue Favors: Providing Competitors with Standing to Challenge Favorable IRS Actions,” 43 University of Michigan Journal of Law Reform 531 (2010)
Seminars
Panelist, “The Cyber Threat Landscape: Preparation and Remediation,” Incident Response Forum Masterclass (April 18, 2024)
Panelist, “Incident Response Coordination: A Collaborative Approach in Action,” Consilio Chicago Cyber Summit (March 6, 2024)
Panelist, “Next Gen CISO Panel,” ChiBrrCon (February 1, 2024)
Panelist, “Time to talk about the S.E.C. in SECurity,” ChiBrrCon (February 1, 2024)
Panelist, “Managing Complexities of eDiscovery in Modern Investigations to Uncover the Truth,” The Master’s Conference – Chicago (April 25, 2023)
Panelist, “Incident Response: Data Privacy Compliance (GDPR, CCPA/CPRA, VCDPA, ColoPa, GLBA, etc.)” (April 21, 2022)
Panelist, “Ransomware – How to Protect Yourself and What to Do if You’re a Victim,” ACA Virtual Fall Conference (September 22, 2021)
Panelist, “Attorney-Client Privilege in Incident Response: What to Know, What to Do, and How Things Really Go In Cyber Response,” (June 9, 2021)
Presenter, AON Cyber Symposium, Kansas City (November 27, 2018)
Presenter, “Cybersecurity Due Diligence: Data Security Best Practices For Law Firms & Solution Providers,” Relativity Fest (October 1, 2018)
Presenter, “SEC Enforcement Update," ACS — Revenue Recognition Conference (August 28, 2014)
Recognition
Recognized in “Incident Response 50” by Cybersecurity Docket, 2024
Recognized in “500 Leading Global Cyber Lawyers” by Lawdragon, 2024
Credentials
Admissions & Qualifications
- 2009Illinois
Education
- University of Michigan Law SchoolJ.D.cum laude2009
Managing Editor, University of Michigan Journal of Law Reform
- Cornell UniversityM.Eng., Computer Science2003
- Cornell UniversityB.S., Computer Science2002