Shawn Tuma

Partner
Data Privacy and Cybersecurity Practice Group Leader / Plano Office Managing Partner
Contact
P 972.324.0317 | F 972.324.0301

Overview

Shawn Tuma helps businesses protect their information and protect themselves from their information. He represents a wide range of clients, from small to midsize companies to Fortune 100 companies, across the U.S. and globally in dealing with cybersecurity, data privacy, data breach and incident response, regulatory compliance, computer fraud related legal issues, and cyber-related litigation.

Having practiced in this area of law since 1999, Shawn is widely recognized in cybersecurity and data privacy law. He is frequently sought out and hired by other lawyers and law firms to advise them when these issues arise in cases for their own clients. While this area of the law has evolved greatly in the decades while Shawn has been practicing, he continues to evolve with it as a practitioner representing his clients, academically as an author and instructor, and as an analyst for the national media.

Shawn’s practice covers three distinct areas:

  • Cyber Risk Management – Proactively helping companies assess and understand their overall cyber risk and then developing, implementing, and maturing a strategic cyber risk management program that prioritizes their efforts to help minimize their cyber risk and meet regulatory compliance requirements.
  • Cyber Incident Response – Leading companies through the cyber incident response and data breach response process (as a breach guide or breach quarterback), crisis management, and regulatory compliance investigations and enforcement actions (e.g., by regulators such as various states’ Attorneys General, Department of Health and Human Services / Office of Civil Rights (HHS / OCR), Federal Trade Commission (FTC), and Securities and Exchange Commission (SEC). Shawn serves as a breach guide for insurance companies’ panel of approved counsel.
  • Cybersecurity, Hacking, and Data Breach Litigation – Representing clients in litigation involving cyber-related claims like computer and data misuse, computer hacking, data loss, data theft, and business-to-business disputes concerning responsibility for cyber incidents.

Shawn’s ideal role is to serve as a member of a company’s risk management team as outside cybersecurity counsel to help the company proactively prepare for and minimize its risks of doing business in today’s digital business world. Then, if a problem does arise, he is there to guide the company through resolving those issues as well.

Credentials

Education

  • Regent University School of Law, 1999 (J.D.), magna cum laude
  • Northwestern State University, 1994 (B.A.), with honors

Bar Admissions

  • Texas

Court Admissions

  • U.S. Court of Appeals for the Fifth Circuit
  • U.S. Court of Appeals for the Federal Circuit
  • U.S. District Court for the Middle District of North Carolina
  • U.S. District Court for the Eastern District of Pennsylvania
  • U.S. District Court for the Northern District of Texas
  • U.S. District Court for the Eastern District of Texas
  • U.S. District Court for the Southern District of Texas
  • U.S. District Court for the Western District of Texas

  • Assisted numerous national and international companies with assessing their cyber risk and developing, implementing, and maturing cyber risk management programs.
  • Assisted numerous national and international companies with evaluating and procuring appropriate cyber risk insurance coverage.
  • Served as subject matter consulting expert to multiple law firms on cases involving claims under the federal Computer Fraud and Abuse Act, Texas Harmful Access to Computers Act, Texas Breach of Computer Security Act, and federal and state Wiretap and Stored Communications Acts.
  • Served as incident response guide and lead crisis manager for numerous companies and health care organizations for ransomware attacks, successfully obtaining decryption and restoration of networks and data and assisting clients in obtaining evidence needed for risk assessments finding incidents as non-reportable events.
  • Served as breach guide for multiple national and international companies responding to a data breaches spanning multiple countries and all U.S. jurisdictions that were timely and effective, resulting in no fines or penalties by regulators and no claims by data subjects.
  • Served as litigation counsel for multiple companies following data breach reporting and notification and successfully resolving claims by data subjects without payment or media attention.
  • Served as incident response guide and lead crisis manager for numerous companies and health care organizations leading internal investigations and obtaining evidence needed for risk assessments finding incidents as non-reportable events.
  • Served as counsel for numerous companies and health care organizations responding to investigations by federal and state regulators resulting in no fines or penalties and no payments to data subjects.
  • Obtained complete dismissal of Computer Fraud and Abuse Act, Wiretap Act, and Stored Communications Act lawsuit against celebrity client within three months from filing of lawsuit.
  • Obtained seven-figure judgment for client on Computer Fraud and Abuse Act claim on successful motion for summary judgment.
  • Hired by law firm to prepare response to motion seeking dismissal of its client’s Computer Fraud and Abuse Act claim that resulted in court’s denial of motion against client.
  • Hired by law firm to prepare Computer Fraud and Abuse Act claim in parallel proceeding, ultimately resulting in a favorable settlement for law firm’s client.
  • Successfully obtained injunctive relief under Computer Fraud and Abuse Act against employee who had taken employer’s data for use in a competing business.
  • Within six hours of being hired, obtained complete capitulation by defendant who had misused computer access to misappropriate highly confidential and proprietary trade secrets source code for internationally recognizable technology company’s service and threatened public disclosure.
  • Within three days of being hired, obtained complete capitulation by defendant who had misused computer access to misappropriate company’s confidential data to use in a competing business.
  • Obtained complete dismissal of seven-figure trade secrets lawsuit against client for $0.
  • Successfully defended against injunctive actions in eight-figure trade secrets, patent, copyright, and trade mark litigation against clients.
  • Successfully obtained favorable confidential settlement for client of patent inventorship lawsuit.
  • Successfully defended clients against claims for damages and injunctive relief for misappropriation of trade secrets resulting in confidential settlement requiring no payment by clients.
  • Obtained confidential settlement of client’s copyright claims that resulted in payment that more than doubled client’s actual damages.

  • National Law Journal, Cybersecurity & Data Privacy Law Trailblazers, 2016
  • Texas Super Lawyers, 2015-2023
  • Texas Super Lawyers, Top 100 Lawyers in Dallas, 2016
  • D Magazine, Best Lawyers in Dallas, Digital Information Law, 2014-2023

  • Cyber Future Foundation, Board of Directors, General Counsel
  • University of North Texas Cyber Forensics Lab, Board of Advisors
  • Bloomberg BNA, Texas Privacy & Data Security Law, Practitioner Editor
  • National Technology Security Coalition, Policy Council
  • Cyber Law Consortium, Board of Advisors
  • Intelligent Transportation Society of America, Cybersecurity Task Force
  • State Bar of Texas, Computer and Technology Section, Secretary
  • State Bar of Texas, Privacy and Data Security Committee
  • North Texas Crime Commission, Cybercrime Committee
  • InfraGard (FBI)
  • Information Systems Security Association (ISSA)
  • International Association of Privacy Professionals (IAPP)