Sunil Shenoi is a partner in the Government & Internal Investigations Group in the Chicago office of Kirkland & Ellis LLP. He focuses his practice on advising clients on data security and data privacy matters, with a particular focus on responding to data breaches and defending against data breach litigation. Sunil regularly advises clients on compliance with laws and regulatory guidance relating to data security and data privacy issues.

Sunil also represents multinational organizations and individuals in a wide variety of U.S. DOJ and SEC investigations, including many investigations for private equity, medical device, retail, and other clients involving the U.S. Foreign Corrupt Practices Act, financial statement and disclosure issues, insider trading and other securities enforcement issues.


Thought Leadership


Co-author, “Practical Prescriptions for Incident Response and Preparedness in Health Care,” New York Law Journal (May 2024)

Co-author, “White-Collar Crime Practice Guide – USA: Law & Practice,” Chambers & Partners (November 2023)

Co-author, “SEC Proposes Significant New Cybersecurity Rules for Investment Advisers,” Kirkland AIM (March 14, 2022)

Co-author, “SEC Proposes New Cybersecurity Disclosure Regime for Public Companies,” Kirkland Alert (March 14, 2022)

Co-author, “Economic sanctions and export control considerations when facing a ransomware attack,” Reuters Legal News (December 16, 2021)

Co-author, “Family Offices: Cybersecurity Threats and Best Practices,” Private Investment & Family Office Insights (May 28, 2020)

Co-author, “Data Security Considerations for Business Allowing or Encouraging Employees to Work Remotely,” Kirkland Alert (March 17, 2020)

Co-author, “OCIE Issues Observations on Cybersecurity and Resiliency; Supreme Court Refuses to Hear FINRA Pay-to-Play Challenge,” Kirkland AIM (February 14, 2020)

Co-author, “Key Takeaways from Ex-Alstom Exec’s FCPA Conviction,” Law360 (November 13, 2019)

Co-author, "Minimizing Your Company’s Exposure to a Ransomware Attack," Kirkland Alert (March 11, 2019)

Co-author, “SEC Case Brings Rarely Used Cyber Rules Into Limelight,” Law360 (September 27, 2018)

Co-author, “New California Consumer Privacy Act Impacts Private Equity Portfolio Companies,” Kirkland Private Equity Newsletter (August 9, 2018)

Co-author, “California's New Privacy Law Represents a Sea Change for Consumer Rights in the United States,” Kirkland Alert (July 16, 2018)

Co-author, “Insider Trading Charges Levied in Connection with Data Breach,” Kirkland Alert (March 19, 2018)

Co-author, “Key Takeaways from the SEC’s 2018 Cybersecurity Guidance,” Kirkland Alert (February 28, 2018)

Co-author, “The Class Action Litigation Consequences of Business Email Compromise Attacks,” LegalTech News (February 22, 2018)

Co-author, “SEC Stakes Claim As Digital Currency Regulator,” Law360 (Oct. 13, 2017)

Co-author, “SEC Enforcement Trends: Minor Accounting and Disclosure Infractions Attracting Major Scrutiny,” Bloomberg BNA Tax and Accounting Center (April 13, 2017)

Co-author, “Key Data Privacy and Security Concerns for Investment Firms,” Law360 (May 20, 2016)

Co-author, “Oracle Case Expands Pool Of Potential Data Security Defendants,” Law360 (Jan. 14, 2016)

Co-author, “FCC Expands Data Security Enforcement With Cox Action,” Law360 (November 19, 2015)

“Undoing Undue Favors: Providing Competitors with Standing to Challenge Favorable IRS Actions,” 43 University of Michigan Journal of Law Reform 531 (2010)


Panelist, “The Cyber Threat Landscape: Preparation and Remediation,” Incident Response Forum Masterclass (April 18, 2024)

Panelist, “Incident Response Coordination: A Collaborative Approach in Action,” Consilio Chicago Cyber Summit (March 6, 2024)

Panelist, “Next Gen CISO Panel,” ChiBrrCon (February 1, 2024)

Panelist, “Time to talk about the S.E.C. in SECurity,” ChiBrrCon (February 1, 2024)

Panelist, “Managing Complexities of eDiscovery in Modern Investigations to Uncover the Truth,” The Master’s Conference – Chicago (April 25, 2023)

Panelist, “Incident Response: Data Privacy Compliance (GDPR, CCPA/CPRA, VCDPA, ColoPa, GLBA, etc.)” (April 21, 2022)

Panelist, “Ransomware – How to Protect Yourself and What to Do if You’re a Victim,” ACA Virtual Fall Conference (September 22, 2021)

Panelist, “Attorney-Client Privilege in Incident Response: What to Know, What to Do, and How Things Really Go In Cyber Response,” (June 9, 2021)

Presenter, AON Cyber Symposium, Kansas City (November 27, 2018)

Presenter, “Cybersecurity Due Diligence: Data Security Best Practices For Law Firms & Solution Providers,” Relativity Fest (October 1, 2018)

Presenter, “SEC Enforcement Update," ACS — Revenue Recognition Conference (August 28, 2014)


Recognized in “Incident Response 50” by Cybersecurity Docket, 2024

Recognized in “500 Leading Global Cyber Lawyers” by Lawdragon, 2024


Admissions & Qualifications

  • 2009Illinois


  • University of Michigan Law SchoolJ.D.cum laude2009

    Managing Editor, University of Michigan Journal of Law Reform

  • Cornell UniversityM.Eng., Computer Science2003
  • Cornell UniversityB.S., Computer Science2002