Antony "Tony" Kim

Washington, D.C.
  • 555 Eleventh Street, NW
  • Suite 1000
  • Washington, D.C. 20004-1304
  • USA

Antony (Tony) Kim counsels and represents public and private companies, as well as government entities, in the full spectrum of cybersecurity, privacy, and consumer protection matters. 

Mr. Kim regularly helps companies navigate cyber-crises while avoiding critical legal, risk, and reputational landmines. He has guided company responses to hundreds of cyberattacks and data breaches, directing forensic investigations, cross-border notifications, and regulatory and private enforcement matters involving personal and proprietary data, as well as corporate trade secrets. 

Mr. Kim also defends clients in regulatory investigations and enforcement actions by the Federal Trade Commission (FTC) and state attorneys general, as well as international regulators, including those involving:

  • Cyberattacks and data breach incidents
  • Privacy implications of innovative data use-cases 
  • Consumer protection issues relating to online and offline sales & marketing and advertising practices — particularly in the retail e-commerce, and fintech/consumer finance industries

Mr. Kim draws insights from his regulatory practice to advise legal, information security / information technology, product and marketing, and C-Suite and board stakeholders on a host of governance, compliance, and risk mitigation strategies.


Recognized as a leading lawyer, Mr. Kim has been ranked in Chambers USA, The Legal 500 US, Benchmark Litigation, The Cybersecurity Docket, and Super Lawyers D.C. Rising Stars. He’s been consistently named to The Cybersecurity Docket’s “Incident Response 30” list of the top IR professionals in the United States since the inception of that recognition. Clients endorse Mr. Kim, telling Chambers “He’s fantastic,” “He takes the time to tend to companies’ needs and understands clients’ objectives.” 

Cybersecurity/Incident Response

Mr. Kim represents public and private companies, as well as governmental entities, responding to cyberattacks and data breaches involving the personal information of employees and customers (e.g., payment card data), as well as proprietary information and trade secrets. In his response capacity, Mr. Kim collaborates with key stakeholders to:

  • Direct forensic investigations
  • Support law enforcement engagement
  • Execute on multi-jurisdictional notifications
  • Manage internal and external communications
  • Defend against regulatory inquiries and investigations (including under the PCI/Card Brand regimes)
  • Plan and prepare civil litigation strategies
  • Coordinate all interactions with brokers and insurers
  • Assist in managing post-incident remediation
  • Supporting C-Suite and Board reporting

Based on this experience, Mr. Kim helps clients design and deploy proactive, resiliency strategies focused on incident preparedness (e.g., tabletop simulations), vendor management, and cyber training for directors and officers. 

Data Privacy/Sales & Marketing

Mr. Kim works with companies on critical data-use case matters relevant to privacy, as well as to state and federal “unfair” or “deceptive” trade practice laws, including:

  • Privacy policies and related disclosures
  • Privacy-by-design programs and processes
  • Evaluating new tools, technologies and vendors that leverage data (e.g., biometrics)
  • Advertising program management (e.g., claims substantiation through data analytics)
  • Sales and marketing compliance (e.g., telemarketing, SMS/text marketing, email and direct mail)
Regulatory Enforcement 

Mr. Kim has defended clients in federal and state regulatory investigations across an array of cybersecurity, data privacy, and consumer protection matters. Highlights include representing a:

  • Events e-commerce platform in connection with FTC and 14 state AG investigations involving COVID-19 sales practices*
  • Delivery industry e-commerce platform in connection with state AG investigations into credential stuffing and account takeovers*
  • National ticketing and events company in FTC and 25 state AG investigations in the aftermath of a major cybersecurity incident*
  • Consumer financing company in an FTC investigation related to marketing of unique consumer financing product*
  • Bank marketing subsidiary in an FTC investigation alleging violations of a prior consent decree requiring privacy disclosures and cyber assessments in relation to digital marketing tools*
  • Fintech lender in an FTC investigation involving claims-substantiation in the B2C advertising context*
  • Online retailer in FTC investigation involving “negative option,” recurring subscription/auto-renewal membership programs*
  • Loan modification entity in an FTC investigation and litigation involving credit repair services*
  • National mortgage provider in an FTC investigation relating to a major cybersecurity incident and data breach*
  • Consumer lender in an FTC investigation involving Gramm Leach Act and Fair Credit Reporting Act claims*
  • National mobility device maker in FTC and four state AG investigations involving Telemarketing Sales Rules, Do-Not-Call Rules, and state analogs*
  • Professional networking service in an FTC investigation into collection, sharing, and use of personal information*
  • Social gaming network in an FTC investigation involving cyber incident and data breach, implicating Children’s Online Privacy Protection Act*
  • Online background check service in an FTC investigation related to collection, sharing and use of personal information*
  • Global retailer in one of the FTC’s first data privacy investigations regarding online behaviorally targeted advertising*
Consumer Litigation

Mr. Kim has led or co-led the defense in consumer class action matters, including for a:

  • Gaming company in a Telephone Consumer Protection Act claim related to text message marketing (Northern District of Illinois)*
  • National ticketing and events company in a cybersecurity and data breach incident (Northern District of California)*
  • Social network company in a TCPA claim related to SMS-based services (Southern District of Florida)*
  • Boutique fashion retailer in a Fair & Accurate Credit Transactions Act  claim related to disclosures on POS receipts (Southern District of Florida)*
  • Online dating network in an unfair and deceptive trade practices claims (Maryland state court)*
  • Catalog-based shopping club in  Fair Credit Reporting Act claims related to “firm offers” of credit and the Credit Repair Organizations Act  (Northern District of Illinois)*
  • Merchant card provider in state telemarketing and deceptive trade practices claims (Alabama state court)*

Mr. Kim also has prior experience in the antitrust & competition space, including M&A and conducting investigations before the Department of Justice’s Antitrust Division and Federal Trade Commission’s Bureau of Competition, class action and IP-related antitrust litigation, and criminal cartel investigations. 

*Matter handled prior to joining Latham

Thought Leadership
  • Co-Author with A. Nolan (Grainger) and J. Smolanoff (Kroll Cyber), “Tips from the Trenches to Make Your Company Less Attractive to Cyber Enforcement,” PLI Current: The Journal of PLI Press, Vol. 3, No. 2, Spring 2019.
  • Co-Author with Prof. Jay Lorsch (Harvard Business School) and John Howard (GC of W.W. Grainger, Inc.), “Shaping Your Board for Cybersecurity,” The Corporate Board, January/February 2019 Edition.
  • "Understanding Calif.'s Game-Changing Data Protection Law:  The California Consumer Privacy Act of 2018," Corporate Counsel, July 10, 2018.
  • "FTC Makes Clear that NIST Cyber Framework is Not a Cure-All," Law360, Sept. 14, 2016.
  • "Seventh Circuit Revives P.F. Chang's Data Breach Class Action Suit," Pratt's Privacy & Cybersecurity Law Report, July/August 2016.
  • “German DPAs Add Further Pressure to E.U.-U.S. Data Transfers,” Intellectual Property & Technology Law Journal, January 2016.
  • "Cybercrime and Cyberespionage: Understanding and Countering the Threat," Japan Corporate Journal, November 11, 2015.
  • “The Cybersecurity Playbook: Building Effective Attack & Breach Preparedness.” Inside the Minds: Understanding Developments in Cyberspace Law, Thomson Reuters/Aspatore, 2015
  • "Inside the 2 Main Findings of the European Union Privacy Ruling (on Safe Harbor)," LegalTech News, Oct. 9, 2015
  • "Navigating the Digital Age: The Risks to Boards of Directors and Board Member Obligation," NYSE and Palo Alto Networks, October 2015
  • "Third Circuit to Wyndham: It's 'Fair' that FTC Did Not Articulate Specific Cybersecurity Standards," Bloomberg BNA, Sept. 4, 2015
  • “Going for Brokerages: FINRA and SEC Take Aim at Deficient Cyber Policies and Practices,” Bloomberg BNA Privacy & Security Law Report, April 6, 2015.
Notice: We appreciate your interest in Latham & Watkins. If your inquiry relates to a legal matter and you are not already a current client of the firm, please do not transmit any confidential information to us. Before taking on a representation, we must determine whether we are in a position to assist you and agree on the terms and conditions of engagement with you. Until we have completed such steps, we will not be deemed to have a lawyer-client relationship with you, and will have no duty to keep confidential the information we receive from you. Thank you for your understanding.