James Koenig

Co-Chair, Privacy & Cybersecurity

Partner, Privacy & Cybersecurity  

New York 212.430.2666


Jim Koenig is the Co-Chair of our Privacy & Cybersecurity Practice. His practice focuses on advising emerging startups to Fortune 100 companies on a range of issues, including global privacy compliance, security/cybersecurity and breach response, data use policies and regulatory investigations and enforcement actions or class-action litigations relating to privacy and cybersecurity practices. Jim also has extensive experience helping companies with new and emerging technologies, including analytics, machine learning, social media, mobile, location-based services, internet of things, behavioral advertising, autonomous vehicles/connected cars, smart homes/cities, biotech/medical devices, genetics, blockchain security and others.

Key highlights from Jim’s practice include:

  • Over the last ten years, he has represented global clients in the financial services, retail, pharmaceutical/healthcare, cable, telecommunications, car rental, airline, social media, technology, and manufacturing industries, including 35% of the companies currently in the Fortune 100.
  • Represented an array of global clients on privacy and data security projects involving more than 125 countries.
  • Co-founded the International Association of Privacy Professionals (IAPP).
  • Recognized on the National Law Journal’s inaugural list of Cybersecurity Trailblazers.

Drawing on his experience and reputation with regulators, Jim also regularly advises companies on compliance practices and through regulatory investigations. His work has included serving as the lead subject matter expert designing security, privacy and business solutions in a number of the recent high-profile U.S. Federal Trade Commission (FTC) and U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) enforcement proceedings involving social media, mobile, and healthcare companies, including:

  • The first two FTC privacy consent decrees
  • The first FTC “Comprehensive Information Security Program” case
  • The first four FTC “Comprehensive Privacy Program” cases
  • The first FTC mobile security case
  • The two largest OCR HIPAA enforcements

Jim recently served as an expert to the OCR in connection with the agency’s efforts to modify the HIPAA compliance protocols and enforcement procedures, and served as an expert to the Consumer Financial Protection Bureau (CFPB) regarding data analytics and de-identification of sensitive information. Jim also acted as an expert on behalf of the FTC in several landmark cases relating to email privacy and security enforcements.

Prior to joining Fenwick & West, Jim worked in the Privacy and Cybersecurity Practice of an AmLaw 100 firm. Prior to that, Jim built and globally led the privacy practice and co-led the security response and data management practices at PricewaterhouseCoopers and Booz Allen- two global consulting firms. In these roles, Jim has helped some of the largest companies in the world audit, build and enhance privacy, security and cybersecurity controls and respond to high-profile cyber-attacks and regulatory investigations and audits.

Jim has also previously held senior marketing, management and legal positions at QVC, (a children’s education internet start-up), and another international law firm. He is also a named inventor or co-inventor on six patent applications relating to security and privacy-enhancing technologies.​​