Shawn Tuma
Partner
Cyber | Data | Artificial Intelligence | Emerging Technology Practice Group Leader / Plano Office Managing Partner
Overview
Shawn Tuma helps businesses protect their information and protect themselves from their information. He represents a wide range of clients, from small and midsize companies to Fortune 100 companies, across the U.S. and globally in dealing with artificial intelligence (AI), cybersecurity, data privacy, data breach and incident response, regulatory compliance, computer fraud related legal issues, and cyber and AI-related litigation.
Having practiced in this area of law since 1999, Shawn is widely recognized in cybersecurity, data protection, and emerging AI law and governance. He is frequently sought out and hired by other lawyers and law firms to advise them when these issues arise in cases for their own clients. While this area of the law has evolved greatly in the decades Shawn has been practicing – most recently with the rapid development of AI technologies – he continues to evolve with it as a practitioner representing his clients, academically as an author and instructor, and as an analyst for the national media.
Shawn’s practice covers four distinct areas:
- Artificial Intelligence Strategy, Governance, and Risk Management – Advising companies on the legal, ethical, and operational governance of AI systems, including AI strategy development, risk assessment, regulatory compliance, and third-party AI vendor management. Shawn helps companies design and implement AI governance programs that align with evolving U.S. and international laws, standards, and frameworks, evaluate AI systems for transparency, accountability, and fairness, and integrate AI controls into broader cyber and data governance programs. His work includes assisting clients with AI-related contracts, policies, insurance considerations, and AI incident response preparation to ensure companies responsibly manage AI-related risks across their enterprise and supply chain.
- Cyber Risk Management – Proactively helping companies assess and understand their overall cyber risk and then developing, implementing, and maturing a strategic cyber risk management program that prioritizes their efforts to help minimize their cyber risk and meet regulatory compliance requirements.
- Cyber Incident Response – Leading companies through the cyber incident response and data breach response process (as a breach guide or breach quarterback), crisis management, and regulatory compliance investigations and enforcement actions (e.g., by regulators such as various states’ Attorneys General, Department of Health and Human Services / Office of Civil Rights (HHS / OCR), Federal Trade Commission (FTC), and Securities and Exchange Commission (SEC). Shawn serves as a breach guide for insurance companies’ panel of approved counsel.
- Cybersecurity, Hacking, and Data Breach Litigation – Representing clients in litigation involving cyber-related claims like computer and data misuse, computer hacking, data loss, data theft, and business-to-business disputes concerning responsibility for cyber incidents.
Shawn’s ideal role is to serve as a member of a company’s risk management team as outside cyber and AI counsel to help the company proactively prepare for and minimize its risks of doing business in today’s digital and AI-driven business world. Then, if a problem does arise, he is there to guide the company through resolving those issues as well.
Credentials
Education
- Regent University School of Law, 1999 (J.D.), magna cum laude
- Northwestern State University, 1994 (B.A.), with honors
Court Admissions
- U.S. Court of Appeals for the Fifth Circuit
- U.S. Court of Appeals for the Federal Circuit
- U.S. District Court for the Middle District of North Carolina
- U.S. District Court for the Eastern District of Pennsylvania
- U.S. District Court for the Northern District of Texas
- U.S. District Court for the Eastern District of Texas
- U.S. District Court for the Southern District of Texas
- U.S. District Court for the Western District of Texas
- Advised Texas political subdivision on developing AI strategy and governance program, legal and regulatory compliance, and developing procurement process integrating third-party AI vendor management.
- Assisted numerous organizations with developing AI strategy, implementing foundational governance principles, and development of AI-related policies and procedures.
- Assisted numerous clients with negotiating and drafting agreements regarding AI-related services and vendor risk management processes related to third-party services
- Assisted numerous national and international companies with assessing their cyber risk and developing, implementing, and maturing cyber risk management programs.
- Assisted numerous national and international companies with evaluating and procuring appropriate cyber risk insurance coverage.
- Served as subject matter consulting expert to multiple law firms on cases involving claims under the federal Computer Fraud and Abuse Act, Texas Harmful Access to Computers Act, Texas Breach of Computer Security Act, and federal and state Wiretap and Stored Communications Acts.
- Served as incident response guide and lead crisis manager for numerous companies and health care organizations for hundreds of ransomware attacks, successfully obtaining decryption and restoration of networks and data and assisting clients in obtaining evidence needed for risk assessments finding incidents as non-reportable events.
- Served as breach guide for multiple national and international companies responding to a data breaches spanning multiple countries and all U.S. jurisdictions that were timely and effective, resulting in no fines or penalties by regulators and no claims by data subjects.
- Served as litigation counsel for multiple companies following data breach reporting and notification and successfully resolving claims by data subjects without payment or media attention.
- Served as incident response guide and lead crisis manager for numerous companies and health care organizations leading internal investigations and obtaining evidence needed for risk assessments finding incidents as non-reportable events.
- Served as counsel for numerous companies and health care organizations responding to investigations by federal and state regulators resulting in no fines or penalties and no payments to data subjects.
- Obtained complete dismissal of Computer Fraud and Abuse Act, Wiretap Act, and Stored Communications Act lawsuit against celebrity client within three months from filing of lawsuit.
- Obtained seven-figure judgment for client on Computer Fraud and Abuse Act claim on successful motion for summary judgment.
- Hired by law firm to prepare response to motion seeking dismissal of its client’s Computer Fraud and Abuse Act claim that resulted in court’s denial of motion against client.
- Hired by law firm to prepare Computer Fraud and Abuse Act claim in parallel proceeding, ultimately resulting in a favorable settlement for law firm’s client.
- Successfully obtained injunctive relief under Computer Fraud and Abuse Act against employee who had taken employer’s data for use in a competing business.
- Within six hours of being hired, obtained complete capitulation by defendant who had misused computer access to misappropriate highly confidential and proprietary trade secrets source code for internationally recognizable technology company’s service and threatened public disclosure.
- Within three days of being hired, obtained complete capitulation by defendant who had misused computer access to misappropriate company’s confidential data to use in a competing business.
- Obtained complete dismissal of seven-figure trade secrets lawsuit against client for $0.
- Successfully defended against injunctive actions in eight-figure trade secrets, patent, copyright, and trademark litigation against clients.
- Successfully obtained favorable confidential settlement for client of patent inventorship lawsuit.
- Successfully defended clients against claims for damages and injunctive relief for misappropriation of trade secrets resulting in confidential settlement requiring no payment by clients.
- Obtained confidential settlement of client’s copyright claims that resulted in payment that more than doubled client’s actual damages.
- Best Lawyers in America, 2026
-
- Artificial Intelligence Law
- Corporate Compliance Law
- National Law Journal, Cybersecurity & Data Privacy Law Trailblazers, 2016
- Texas Super Lawyers, 2015-2026
- Texas Super Lawyers, Top 100 Lawyers in Dallas, 2016
- D Magazine, Best Lawyers in Dallas, Digital Information Law, 2014-2026
- State Bar of Texas, The Computer & Technology Law Section, Chair’s Recognition Award
- SecureWorld, National Advisory Council Member of the Year, 2019
- State Bar of Texas, Computer & Technology Section, Past Chair; Privacy, Data Security, and e-Commerce Committee
- American Arbitration Association’s Roster of Arbitrators (AAA)
- Dallas Baptist University, AI Advisory Council
- UT Dallas, Cyber Advisory Council
- Northwestern State University, Advisory Board
- SecureWorld, Advisory Counsel
- Security Advisors Alliance
- Bloomberg BNA, Texas Privacy & Data Security Law, Former Practitioner Editor
- National Technology Security Coalition, Former Policy Council
- Intelligent Transportation Society of America, Former Cybersecurity Task Force Member
- Cyber Future Foundation, Board of Directors, Former General Counsel
- Southern Methodist University, Former Cyber Advisory Board Member
- University of North Texas Cyber Forensics Lab, Former Advisory Board Member
- Los Angeles City College, CSIS Department, Former Advisory Committee Member
- North Texas Crime Commission, Cybercrime Committee
- Collin County Bench Bar Conference, Board Member
- Collin County Bar Association, Civil Litigation & Appellate Law Section, Past Chair
- North Texas Crime Commission, Cybercrime Committee
- InfraGard (FBI)
- Information Systems Security Association (ISSA)
- International Association of Privacy Professionals (IAPP)
- For a current list of Shawn’s most recent events, please see www.shawnetuma.com/presentations/
- The GC + CISO Connection: Uniting the Cyber Risk Defenders, 2024
- The GC+CISO Connection Show, Podcast Host
- “Data Breach Incident Response – Recovering from a Cyber Attack, Texas Bar CLE Cybersecurity Law Workshop, Houston
- “Artificial Intelligence in the Legal and Regulatory Realm – Practical Cybersecurity Risk Management Strategies,” New Jersey State Bar Association (NJSBA), Cybersecurity Institute
- “The Legal Case for Cybersecurity,” Lunch Keynote, SecureWorld, Denver
- “Legal Issues Associated with Third-Party Cyber Risk,” ISACA CSX North America, Washington D.C., 2017
- “Privileges: Understanding the Applicability in Cybersecurity Cases,” Texas Bar Journal, October 2018
- “Texas Privacy & Data Security Law,” Bloomberg BNA, Practitioner Editor
- “Why You Need a Cyber Attorney,” Ethical Boardroom, Spring 2018
- “Cybersecurity & Data Privacy Update, Texas Bar Journal, January 2018
- “Why Did Uber Hide the Theft of 57 Million Users’ Data?” RTVI (Russian TV)
- CGTN America interviews Shawn Tuma about the Equifax data breach
- CGTN America interviews Shawn Tuma about global #WannaCry ransomware attacks
- CW 33 Eye Opener Morning Show Guest Shawn Tuma Discusses Adult Friend Finder Data Breach
- Shawn is a blogger and manager of the Business Cyber Risk Blog