Home > People > James Shreve

James Shreve


312 580 5087 312 580 5087 direct

Washington, D.C.
312 580 5087 312 580 5087 direct

Jim serves as a trusted advisor to clients facing complex cybersecurity and privacy issues — particularly those in the country's most highly regulated industries. He is the chair of Thompson Coburn's Cybersecurity group, was named a Fellow of Information Privacy and holds CIPP/US and CIPT certifications from the International Association of Privacy Professionals.

Jim advises all types of companies on the myriad legal concerns surrounding confidential information and how such information is stored and transmitted. Applying the law to rapidly changing technology and software capabilities, Jim provides clients with a profile of their potential risk, then works closely with executive leadership, legal, IT and compliance information security teams to develop a comprehensive and practical plan for risk avoidance and responding to cyber and data-related issues.

Should a company face a security breach, Jim draws on his years of experience handling thousands of incidents to counsel clients through every step of cyber and information security incidents, including notification, reporting and all associated state, federal and global regulatory requirements.

Jim helps clients develop robust and responsive security and privacy policies and governance documents, meet applicable data safeguarding requirements and implement compliance programs.

Jim has presented on a variety of in-the-news cybersecurity topics for industry organizations and associations, including the RSA Conference, the International Association of Privacy Professionals, the ABA and the Mortgage Bankers Association.

Data Breach Response

Successfully assisted clients through thousands of data security incidents, including interactions with federal, state and foreign agencies, forensic investigations, consumer notifications and remedial steps following any incident.

Regulatory Advice

Guides client responses to regulatory inquiries, investigations, and enforcement actions relating to privacy, information security, or cybersecurity issues.

Coordinates with a broad range of financial institutions, including banks, Securities and Exchange Commission (SEC)-regulated entities, mortgage lenders or servicers, or service providers to financial institutions in meeting bank-level security expectations of regulators or business partners. Jim also counsels entities working with financial institutions and who must meet the more stringent security requirements of the financial industry.

Fintech Experience

Advises new and expanding fintech companies regarding the application of privacy and security to new technologies and business models as well as related financial services requirements, such as payments standards, anti-money laundering compliance and licensing.


BIPA Update: Illinois Is One Step Closer to Amending How Damages Accrue under BIPA!

BIPA Update: Another Amendment Attempt for Illinois Privacy Law

NY Department of Financial Services Updates Regulations on Cybersecurity

FTC Issues Final Rule on New Breach Notice Requirement for Non-Bank Financial Institutions

Refresher on Cybersecurity Resources for Health Care Entities

BIPA litigation update: Cothron’s impact and employer BIPA defense affirmed

SEC releases long-awaited proposal to revise Regulation S-P

FSA issues GLBA Safeguards Rule guidance

FTC issues fine to GoodRx over information sharing

Transportation Security Administration releases security directive on railroad cybersecurity mitigation actions and testing


How Privacy Requirements Impact AI

The Value of Cyber and Privacy Diligence

Safeguarding the Data and Your Compliance Program – USED and GLBA

Countdown to CPRA

DOJ Cyber Fraud Initiative - Cyber Faces the FCA Hammer

Why Illinois Privacy and Cyber Developments Matter Nationwide

10 Ways To Avoid Cyber & Privacy Lawsuits

Complying with the Revised FTC Safeguards Rule: Lessons from the New York Experience

The Revised FTC Safeguards Rule - What It Means and Why It Is More Important Than You Might Think

California Privacy: CCPA and Beyond

Returning to Work During COVID-19: Employment and Privacy Law Considerations

CMMC and 800-171 in Government Contracting and Higher Education

Election Day Impacts for Cyber and Privacy

Protecting the Ever-Increasing Endpoints in Higher Education

In the Cyber Cross-hairs: Protecting High-Profile Targets

CCPA for Financial Institutions

Using GDPR to Prepare for CCPA, and Vice-Versa

Preparing for the California Consumer Privacy Act: Practical Ways to Mitigate Risk and Develop Litigation Defenses

Colleges Held for Ransom: Responding to a Ransomware Attack

Thompson Coburn Publications

Where do BIPA claims stand after the Illinois Supreme Court’s decision on the law’s statute of limitations?


Quoted, "U.S. Lawyers Hope for Longer-Term Solution in Wake of Transatlantic Privacy Deal",
National Law Journal, July 17, 2023

Co-author, "BIPA litigation update: Cothron’s impact and employer BIPA defense affirmed",
Labor and Employment Law Section, Illinois State Bar Association Newsletter, July, 2023