Serrin Turner

serrin.turner@lw.com

+1.212.906.1330

MVP – Cybersecurity & Privacy

Law360 2024

"Very analytical and sharp."

Chambers USA 2024

"A zealous advocate."

Chambers USA 2024

"Adept and skilled when it comes to understanding and being able to distill issues."

Chambers USA 2023

"Frequently acts for major tech-driven businesses in regulatory investigations and class actions as part of his broader data security practice."

Chambers USA 2023

Incident Response 50

Cybersecurity Docket 2024

Profile

Serrin Turner represents clients in their highest-stakes cybersecurity and privacy-related matters.

A former federal prosecutor, Serrin is an experienced trial and appellate lawyer who advises clients on a wide range of cybersecurity and privacy-related matters, including:

Class action litigation
Regulatory investigations
Commercial disputes
Incident response

Serrin has twice been named by Law360 as a Cybersecurity & Privacy MVP (in 2022 and 2024). He has repeatedly been recognized by Cybersecurity Docket as one of the top data breach response lawyers in the industry and is Chambers-ranked in both Cybersecurity and Privacy & Data Security Litigation.

Serrin joined Latham following six years as an Assistant US Attorney for the Southern District of New York, where he served as the Office’s lead cybercrime prosecutor. In that role, Serrin handled numerous cutting-edge cybercrime investigations and prosecutions, including matters involving computer hacking, data breaches, trade-secret theft, black-market websites, trafficking in stolen payment card and personal identity information, and money laundering through digital currencies. Serrin also handled high-profile litigation involving US electronic surveillance statutes, including Amnesty International v. Clapper, a constitutional challenge to a key foreign-intelligence surveillance statute, as well In re Microsoft Search Warrant, a challenge brought by a leading email provider to a search warrant for data stored overseas.

Prior to his service at the US Attorney’s Office, Serrin served in the Civil Division of the US Department of Justice. He is a two-time recipient of the Attorney General’s Award for Distinguished Service, the Justice Department’s second-highest award, and he has also received the John Marshall Award for Trial of Litigation, the Justice Department's highest award for trial litigators.

Experience

Serrin's experience includes representing:

Litigation

SolarWinds in a closely watched enforcement action brought by the SEC. Obtained a landmark decision largely dismissing the SEC’s case and rejecting legal theories key to the SEC’s cybersecurity enforcement agenda.
Meta (formerly Facebook) in consolidated consumer class action arising out of a criminal attack on Facebook’s web platform affecting approximately 29 million users globally. Defeated class certification of plaintiffs’ damages claims and successfully negotiated no-damages settlement.
Temu in multiple class actions relating to data privacy practices. Successfully moved to compel arbitration and defeated challenges to Temu’s Terms of Service.
Zynga, a leading gaming developer, in putative class action litigation related to a data breach allegedly affecting over 200 million users. Won dismissal of all claims with prejudice.
Accellion, a leading developer of secure file-transfer software, in consumer class action litigation and B2B litigation over indemnification stemming from attacks exploiting a vulnerability in a legacy Accellion offering. Obtained dismissal of nearly all claims, including all statutory damages claims.
Meta in class action litigation alleging wiretapping violations related to alleged tracking of user browsing activity in Meta’s in-app web browser. Won dismissal of entire case at the pleading stage.
Gen Digital in class action litigation alleging wiretapping violations related to the alleged collection of user browsing data through a browser extension. Won dismissal of all statutory damages claims and subsequently obtained voluntary dismissal of all remaining claims.

Government Investigations

A leading social media company in multiple privacy-related investigations brought by the FTC, state attorneys general, and data protection authorities in the EU and Asia
A leading online shopping app in privacy-related investigations by multiple state attorneys general
A leading entertainment company in data security investigations by multiple state attorneys general
A data analytics provider in an FTC investigation into collection of mobile device user information
A leading live-entertainment company in a criminal investigation into alleged computer hacking of competitor website by company employees

Incident Response

Serrin has advised a broad range of clients — including public companies with global operations and emerging companies at early stages of development — on navigating various types of data security incidents, including:

Ransomware or cyber-extortion attacks
Business email compromise (BEC) incidents
Malicious insider activity
Theft of trade secrets or confidential information
Intrusions by state-sponsored advanced persistent threat (APT) actors
Supply-chain attacks on vendors
Exploitation of zero-day software vulnerabilities
Reports from bug-bounty or "white hat" security researchers

Serrin’s incident response practice includes:

Leading forensic investigations into the facts
Developing notification and communications strategy
Liaising with law enforcement
Managing responses to regulator and customer inquiries
Coordinating with insurance brokers and carriers
Preparing companies for potential litigation and sustained regulatory investigations

Qualifications

Bar Qualification

Massachusetts
New York

Education

JD, Harvard Law School, 2000
magna cum laude
BA, Amherst College, 1995
summa cum laude, Phi Beta Kappa

Practices

Industries

April 25, 2025 Recognition

Three Partners Again Named Among the Best Data Breach Response Lawyers in the Business

Jennifer Archie, Tony Kim, and Serrin Turner once again recognized by Cybersecurity Docket’s Incident Response 50 for 2025.

February 11, 2025 Recognition

Cybersecurity & Privacy Group of the Year: Latham & Watkins

Latham was again named among Law360’s Cybersecurity & Privacy Groups of the Year, in recognition of the firm’s work on cutting-edge data privacy litigation and regulatory matters.

November 4, 2024 Recognition

MVP: Serrin Turner

Partner Serrin Turner earned Cybersecurity and Privacy MVP recognition from Law360 for representing clients on data security and privacy matters, including data privacy class-action litigation and regulatory inquiries into data security and privacy incidents.

Digital concept which shows abstract network and concept of security optimization and internet technology

December 11, 2023 Blog

New York Bolsters Cybersecurity Requirements

Covered financial institutions now face heightened expectations in relation to cybersecurity governance, risk assessment, and incident reporting.

July 12, 2023 Blog

Connecticut Passes Significant Amendments to the Connecticut Data Privacy Act

Covered companies will need to take additional steps to comply with the law in light of the new obligations relating to consumer health data and minors under 18 years old.

May 22, 2023 Blog

Irish Data Protection Commission Orders Meta Ireland to Suspend Facebook Data Transfers to the US and Imposes Record GDPR Fine of €1.2 Billion

October 10, 2022 Blog

NHTSA Updates Cybersecurity Best Practices for the Safety of New Vehicles

April 11, 2022 Blog