Home > People > James Shreve

James Shreve


312 580 5087 312 580 5087 direct

Washington, D.C.
312 580 5087 direct

Jim serves as a trusted advisor to clients facing complex cybersecurity and privacy issues — particularly those in the country's most highly regulated industries. He is the chair of Thompson Coburn's Cybersecurity group, was named a Fellow of Information Privacy and holds CIPP/US and CIPT certifications from the International Association of Privacy Professionals.

Jim advises all types of companies on the myriad legal concerns surrounding confidential information and how such information is stored and transmitted. Applying the law to rapidly changing technology and software capabilities, Jim provides clients with a profile of their potential risk, then works closely with executive leadership, legal, IT and compliance information security teams to develop a comprehensive and practical plan for risk avoidance and responding to cyber and data-related issues.

Should a company face a security breach, Jim draws on his years of experience handling thousands of incidents to counsel clients through every step of cyber and information security incidents, including notification, reporting and all associated state, federal and global regulatory requirements.

Jim helps clients develop robust and responsive security and privacy policies and governance documents, meet applicable data safeguarding requirements and implement compliance programs.

Jim has presented on a variety of in-the-news cybersecurity topics for industry organizations and associations, including the RSA Conference, the International Association of Privacy Professionals, the ABA and the Mortgage Bankers Association.

Data Breach Response

Successfully assisted clients through thousands of data security incidents, including interactions with federal, state and foreign agencies, forensic investigations, consumer notifications and remedial steps following any incident.

Regulatory Advice

Guides client responses to regulatory inquiries, investigations, and enforcement actions relating to privacy, information security, or cybersecurity issues.

Coordinates with a broad range of financial institutions, including banks, Securities and Exchange Commission (SEC)-regulated entities, mortgage lenders or servicers, or service providers to financial institutions in meeting bank-level security expectations of regulators or business partners. Jim also counsels entities working with financial institutions and who must meet the more stringent security requirements of the financial industry.

Fintech Experience

Advises new and expanding fintech companies regarding the application of privacy and security to new technologies and business models as well as related financial services requirements, such as payments standards, anti-money laundering compliance and licensing.


Adrienne Harris nominated as Superintendent of the New York State Department of Financial Services

Claims under CCPA survive motion to dismiss

Connecticut enacts cybersecurity laws aimed at data breaches

Maintaining privilege over forensic data-breach reports

California Attorney General submits fourth set of CCPA modifications for review

Office of Administrative Law approves final CCPA regulations

CJEU invalidates EU-US Privacy Shield

California Privacy Rights Act qualifies for November 2020 ballot

California Attorney General submits final CCPA regulations for review

Seventh Circuit rules that federal court has jurisdiction over claims brought under BIPA


California Privacy: CCPA and Beyond

Returning to Work During COVID-19: Employment and Privacy Law Considerations

CMMC and 800-171 in Government Contracting and Higher Education

Election Day Impacts for Cyber and Privacy

Protecting the Ever-Increasing Endpoints in Higher Education

In the Cyber Cross-hairs: Protecting High-Profile Targets

CCPA for Financial Institutions

Using GDPR to Prepare for CCPA, and Vice-Versa

Preparing for the California Consumer Privacy Act: Practical Ways to Mitigate Risk and Develop Litigation Defenses

Colleges Held for Ransom: Responding to a Ransomware Attack