Tony Kim represents clients across the full spectrum of advisory and enforcement matters implicating cybersecurity, data privacy, and consumer protection issues.

Mr. Kim helps companies navigate crises to avoid legal, risk, and reputational landmines. He also defends clients in regulatory investigations and enforcement actions by the Federal Trade Commission (FTC), State Attorney General Offices (AGOs), the Securities & Exchange Commission (SEC), and various sector regulators, as well as in litigation matters, involving the following areas:

  • Cybersecurity resiliency and incident response
  • Privacy implications of innovative data use-cases
  • Consumer protection issues, including in sales and marketing and advertising contexts with a particular focus on global e-commerce, fintech, and platform businesses

In each of these areas, Mr. Kim partners with stakeholders in legal, IT/infoSec, product, growth, engineering, marketing, investor relations, communications, the c-suite, and the board/audit committee across governance, compliance, and crisis management contexts.


Recognized as a leading lawyer, Mr. Kim has been ranked in Chambers USA, The Legal 500 US, Benchmark Litigation, The Cybersecurity Docket, and Super Lawyers D.C. Rising Stars. He’s been consistently named to The Cybersecurity Docket’s “Incident Response 30” list of the top IR professionals in the United States since the inception of that recognition. Clients endorse Mr. Kim, telling Chambers “He’s fantastic,” “He takes the time to tend to companies’ needs and understands clients’ objectives.” 

Cyber / Incident Response

In the cybersecurity space, Mr. Kim has deep experience handling both preparedness efforts and incident response involving:

  • APT (Advanced Persistent Threat) attackers emanating from nation state-sponsored actors
  • Ransomware variants and threat actor groups, and other cyber extortion and disruptive attacks
  • Business Email Compromises (BEC) and “spoofing” conduct
  • Malicious insider threats
  • Supply chain and service provider vulnerabilities and cyberattacks
  • Un-exploited vulnerabilities in software and on-prem/cloud infrastructure
  • B2B and B2C product and service vulnerabilities and exploits
  • “Bug bounty” program and “security researcher” (white/grey hat) interactions

In live incidents, Mr. Kim collaborates with client teams to coordinate outside advisors and mission-critical workflows, such as:

  • Directing forensic investigations (including ransom negotiations) and engaging with law enforcement and global regulatory agencies
  • Facilitating governance and escalation processes, such as reporting to c-suite, board/audit committee, and outside auditors and SEC disclosures counsel
  • Executing on multi-jurisdictional notifications and disclosures, and guiding IR/PR communications
  • Managing regulatory inquiries and contractual engagement (e.g., customers; PCI/card brands)
  • Coordinating with insurance brokers and carriers

Regulatory Enforcement

Mr. Kim has defended clients in federal and state regulatory investigations and enforcement actions. Highlights include representing a(n):

  • Large publicly-traded multi-nationals (across industries such as telecom, manufacturing, healthcare, energy/oil/gas, semiconductors, cloud infrastructure, and e-commerce), in cybersecurity inquiries and investigations before the SEC
  • Global security company in relation to an FTC investigation regarding allegedly unlawful data collection and use practices related to "browsing data"
  • Global independent sales organizations (ISOs) and payment processers in FTC investigations related to Section 5 and the Telemarketing Sales Rule (TSR)
  • Major global technology company in an FTC investigation involving COPPA and disclosures in the context of online apps/games
  • E-commerce platform in connection with FTC and state AG regulatory investigations involving COVID-19 time-frame sales and marketing practices*
  • Global e-commerce platform in connection with state AG investigations into credential stuffing and account takeovers*
  • National ticketing and events company in FTC and 25 state AG investigations in the aftermath of a major cybersecurity incident*
  • Consumer financing company in an FTC investigation related to marketing of unique consumer financing product*
  • Bank marketing subsidiary in an FTC investigation alleging violations of a prior consent decree requiring privacy disclosures and cyber assessments in relation to digital marketing tools*
  • Fintech lender in an FTC investigation involving claims-substantiation in the B2C advertising context*
  • Online retailer in FTC investigation involving “negative option,” recurring subscription/auto-renewal membership programs*
  • Loan modification entity in an FTC investigation and litigation involving credit repair services*
  • National mortgage provider in an FTC investigation relating to a major cybersecurity incident and data breach*
  • Consumer lender in an FTC investigation involving Gramm Leach Act and Fair Credit Reporting Act claims*
  • National mobility device maker in FTC and four state AG investigations involving Telemarketing Sales Rules, Do-Not-Call Rules, and state analogs*
  • Professional networking service in an FTC investigation into collection, sharing, and use of personal information*
  • Social gaming network in an FTC investigation involving a data breach that implicated the Children’s Online Privacy Protection Act (COPPA)*
  • Online background check service in an FTC investigation related to collection, sharing, and use of personal information*
  • Global retailer in one of the FTC’s first data privacy investigations regarding online behaviorally targeted advertising*

Consumer Litigation

Mr. Kim has litigated an array of class action matters focused on data/tech issues, including for a(n):

  • Leading sports and achievement e-commerce company in a payment card breach allegedly involving over 1.1 million individuals (Southern District of Indiana)
  • Leading global online dating platform in a data breach allegedly involving over 30 million individuals (Northern District of California)*
  • On-demand gaming platform in a Telephone Consumer Protection Act (TCPA) action related to alleged text message–based solicitations (Northern District of Illinois)*
  • National ticketing and events management platform in a payment card breach allegedly involving over 10 million individuals (Cal. Superior Court, Santa Clara)*
  • Social network company in a TCPA case related to alleged SMS-based solicitations by affiliate marketers (Southern District of Florida)*
  • Boutique fashion retailer against a Fair and Accurate Credit Transactions Act (FACTA) claim related to allegedly non-compliant point-of-sale receipts (Southern District of Florida)*
  • Online dating network against deceptive ad claims related to the company’s subscription-based services (Maryland state court)*
  • Catalog-based shopping club against Fair Credit Reporting Act claims related to “firm offers” of credit and alleged violations of the Credit Repair Organizations Act (Northern District of Illinois)*
  • Merchant card provider against allegations of abusive telemarketing and deceptive practices (Alabama state court)*

Mr. Kim also has substantial experience in the antitrust and competition space, including mergers and acquisitions and conduct investigations before the Department of Justice (DOJ), Antitrust Division and Federal Trade Commission Bureau of Competition, class action and IP-related antitrust litigation, as well as criminal cartel investigations and enforcement actions before the DOJ and international regulators.

*Matter handled prior to joining Latham

Bar Qualification

  • District of Columbia
  • New York


  • JD, Georgetown University Law Center, 2003
  • BA in Ethics, Politics & Economics, Yale University, 1998
    cum laude