Home > People > James Shreve

James Shreve


312 580 5087 312 580 5087 direct

Jim serves as a trusted advisor to clients facing complex cybersecurity and privacy issues — particularly those in the country's most highly regulated industries. He is the chair of Thompson Coburn's Cybersecurity group, was named a Fellow of Information Privacy and holds CIPP/US and CIPT certifications from the International Association of Privacy Professionals.

Jim advises all types of companies on the myriad legal concerns surrounding confidential information and how such information is stored and transmitted. Applying the law to rapidly changing technology and software capabilities, Jim provides clients with a profile of their potential risk, then works closely with executive leadership, legal, IT and compliance information security teams to develop a comprehensive and practical plan for risk avoidance and responding to cyber and data-related issues.

Should a company face a security breach, Jim draws on his years of experience handling thousands of incidents to counsel clients through every step of cyber and information security incidents, including notification, reporting and all associated state, federal and global regulatory requirements.

Jim helps clients develop robust and responsive security and privacy policies and governance documents, meet applicable data safeguarding requirements and implement compliance programs.

Jim has presented on a variety of in-the-news cybersecurity topics for industry organizations and associations, including the RSA Conference, the International Association of Privacy Professionals, the ABA and the Mortgage Bankers Association.

Data Breach Response

Successfully assisted clients through thousands of data security incidents, including interactions with federal, state and foreign agencies, forensic investigations, consumer notifications and remedial steps following any incident.

Regulatory Advice

Guides client responses to regulatory inquiries, investigations, and enforcement actions relating to privacy, information security, or cybersecurity issues.

Coordinates with a broad range of financial institutions, including banks, Securities and Exchange Commission (SEC)-regulated entities, mortgage lenders or servicers, or service providers to financial institutions in meeting bank-level security expectations of regulators or business partners. Jim also counsels entities working with financial institutions and who must meet the more stringent security requirements of the financial industry.

Fintech Experience

Advises new and expanding fintech companies regarding the application of privacy and security to new technologies and business models as well as related financial services requirements, such as payments standards, anti-money laundering compliance and licensing.


Countdown to CPRA

DOJ Cyber Fraud Initiative - Cyber Faces the FCA Hammer

Why Illinois Privacy and Cyber Developments Matter Nationwide

10 Ways To Avoid Cyber & Privacy Lawsuits

Complying with the Revised FTC Safeguards Rule: Lessons from the New York Experience

The Revised FTC Safeguards Rule - What It Means and Why It Is More Important Than You Might Think

California Privacy: CCPA and Beyond

Returning to Work During COVID-19: Employment and Privacy Law Considerations

CMMC and 800-171 in Government Contracting and Higher Education

Election Day Impacts for Cyber and Privacy

Protecting the Ever-Increasing Endpoints in Higher Education

In the Cyber Cross-hairs: Protecting High-Profile Targets

CCPA for Financial Institutions

Using GDPR to Prepare for CCPA, and Vice-Versa

Preparing for the California Consumer Privacy Act: Practical Ways to Mitigate Risk and Develop Litigation Defenses

Colleges Held for Ransom: Responding to a Ransomware Attack


Transportation Security Administration releases security directive on railroad cybersecurity mitigation actions and testing

California issues first fine under CCPA

FTC solicits feedback on advance notice of proposed rulemaking related to commercial surveillance and data security practices

Utah and Connecticut enact comprehensive data privacy laws

SEC proposes new cybersecurity requirements for public companies

Numerous privacy bills introduced in California legislature

Texas sues Meta for alleged violations of Texas biometric law

SEC announces proposed rule related to cybersecurity risk management for investment advisers

Federal Trade Commission publishes final updated Safeguards Rule

Computer-security incident notification requirement takes effect April 1, 2022