Fran Faircloth is a partner and core member in Ropes & Gray’s data, privacy, and cybersecurity practice. She represents clients handling complex data, privacy, and cybersecurity matters across a wide range of industries and sectors. Recently, Fran has been advising clients across industries on issues of data protection, opportunistic cyber attacks, and contact tracing technologies in the wake of the COVID-19 outbreak.
Fran has assisted clients in privacy and cybersecurity related class action litigation and enforcement actions by the FTC, state Attorneys General, the SEC, and other government agencies. She uses her experience managing incident response and handling complex investigations to help clients get to the root of inquiries and communicate complex cyber and data privacy issues to government regulators and boards of directors.
Fran advises clients on difficult data privacy, cybersecurity, and information law questions involving data breaches, ransomware, online brand protection, social media, e-commerce, and Internet governance. She regularly counsels clients on compliance with federal, state, and foreign privacy and security requirements related to the collection, handling, and protection of data.
Fran maintains an active pro bono practice that is focused on women’s issues and election law. She previously completed a fellowship with the National Women's Law Center where she focused on education and employment matters.
Prior to joining Ropes & Gray, Fran practiced at a large international firm and served as a law clerk for the Honorable Scott M. Matheson of the U.S. Court of Appeals for the Tenth Circuit. While in law school, Fran was managing editor for the Yale Law Journal and a co-chair of Yale Law Women.
Litigation and Regulatory Enforcement
- Representing an online retailer in its response to cybersecurity incident involving the scraping of credit card information and in related class action litigation.
- Representing a health care system in data breach class action.
Crisis Management and Incident Response
- Investigated data breaches for the independent Special Cybersecurity Review Committee of the Yahoo! Board of Directors.*
- Representing retail, pharmaceutical, financial services, e-commerce, and telecommunications providers in connection with data security incidents that required analysis of breach reporting obligations under U.S. and international statutes.
Counseling and Compliance
- Developed privacy policies and incident response plans for a wide range of companies including insurance, life sciences, and telecommunications providers.
- Assisted corporations with preparation for and responses to sophisticated cybersecurity incidents.
- Directed diligence of key data, privacy, and cybersecurity issues in private equity transactions.
- Advised the Internet Cross-Community Working Groups with respect the historic transition of the Internet domain name system to private governance by the ICANN multi-stakeholder community.*
- Provided analysis, advice, and regulatory counseling regarding major U.S. and international privacy and data security laws and regulations, including GDPR, CCPA, ECPA, CFAA, COPPA, GLBA, TCPA, FERPA, the FCRA, and unfair or deceptive trade practice restrictions.
- Counseled clients on a range of privacy and cybersecurity compliance issues.
*Experience prior to joining Ropes & Gray
- Co-author, “SEC Advances Broad Theory of Required Disclosures of Security Incidents” FinTech Law Report (September/October 2021)
- Co-author, “SEC Advances Broad Theory of Required Disclosures of Security Incidents,” Harvard Law School Forum on Corporate Governance (September 9, 2021)
- Profiled, “Rising Star: Ropes & Gray’s Fran Faircloth,” Law360 (June 8, 2021)
- Profiled, “40 Under 40,” Global Data Review (April 30, 2021)
- Co-author, “Cybersecurity 2021: USA,” Chambers “Cybersecurity 2021” Global Practice Guide (March 16, 2021)
- Cybersecurity: A Practical Guide to the Law of Cyber Risk, PLI Treatise (contributor) (2018, 2019, 2020)
- Edward R. McNicholas and Frances Faircloth, “M&A Due Diligence: The Devil in Their Data,” Corporate Board Member (November 7, 2017)
- Blog editor and author of various articles, RopesDataPhiles.com
- Yale Law School Faculty & Students Speak Up About Gender (co-editor) (April 2012)
- “Freedom of Speech and Government Employees: A Reasonable Test for the Digital Age,” John Marshall Law Journal (September 2012)
- “The Future of the Voting Rights Act: Lessons from the History of School (Re-)Segregation,” Yale Law Journal (January 2012)
- Presenter, “The Biden Approach to Privacy and Cybersecurity,” NY Chapter of the Association of Corporate Counsel (May 13, 2021)
- Presenter, “U.S. Privacy Law Update: Key Developments From the Past Year and What to Expect in 2021,” NY Chapter of the Association of Corporate Counsel (December 10, 2020)
- “Privacy and Cybersecurity in M&A,” ABA Business Law Section Annual Meeting (September 25, 2020)
- “Data Protection: Privacy, Identity Theft and Cybersecurity,” National Regulatory Services (NRS) Webinar (July 15, 2020; April 9, 2020)
- “The California Consumer Privacy Act and the Future of State Privacy Laws,” ACC Northeast Chapter Meeting (November 13, 2019)
- JD, Yale Law School, 2012; Managing Editor, Yale Law Journal; Note Editor, Yale Law & Policy Review; Co-Chair, Yale Law Women
- MA (English Literature), University of Arkansas, 2005; Vance Randolph Award for Outstanding Achievement in Graduate Studies
- BA (English Literature) BS (Architectural Studies), summa cum laude, University of Arkansas, 2004; Bodenhamer Fellow; Senior Scholar; Phi Beta Kappa
Admissions / Qualifications
- District of Columbia, 2014
- Virginia, 2013
- Law360 Rising Star (2021)
- Global Data Review’s “40 Under 40” (2021)