Joseph Santiesteban


  • JD, University of California, Berkeley, School of Law, 2014; Jamison Prize for Scholarship and Advocacy; Chancellor’s Award for Public Service; American Jurisprudence Award for Appellate Advocacy and Computer Law; editor-in-chief, Berkeley Business Law Journal
  • BA (Political Economy), High Honors, University of California, Berkeley, 2011


  • Massachusetts, 2018
  • California, 2014

Court Admissions

  • U.S. District Court for the Southern District of California
  • U.S. District Court for the Central District of California
  • U.S. District Court for the Northern District of California
  • U.S. Court of Appeals for the Ninth Circuit

Joseph Santiesteban


Joseph joined Ropes & Gray as an associate in 2014. Joseph focuses on a wide variety of privacy and data security matters. Joseph regularly assists companies respond to the various legal issues that can result from potential data security incidents, including coordinating forensic investigations, the notification process, and defending against claims by credit card companies, financial institutions, consumers, and regulators. He also has experience advising major international companies on their privacy and data security governance programs, including on matters relating to the FTC Act, FCRA, TCPA, CAN-SPAM, GLBA, VPPA, COPPA, DOPPA, breach notification laws, state data security laws, and self-regulatory frameworks. Joseph frequently coordinates teams of talented local counsel around the world to deliver global advice for clients operating across jurisdictional lines. 

Joseph maintains an active pro bono practice focused on housing matters. He has experience defending unlawful detainer actions, representing individuals before rent boards, and he has represented a group of tenants in an associational suit regarding the habitability, accessibility, and affordability of a 100-unit apartment complex in San Francisco. 

Prior to law school, Joseph worked at Genentech, Inc. negotiating early-stage research contracts. During law school, Joseph was the Editor-in-Chief of the Berkeley Business Law Journal. He also was heavily involved in the Board of Advocates, winning both the Mcbaine Honors Moot Court Competition and the Halloum Negotiation Competition. Joseph also defended unlawful detainer lawsuits as part of the Eviction Defense Clinic at the East Bay Community Law Center.


  • LabMD. Represents LabMD in its petition to the U.S. Court of Appeals for review of the first ever FTC decision holding a company liable for allegedly having unreasonable data security practices in violation of Section 5 of the FTC Act.
  • Represents a Fortune 50 company regarding potential card brand claims stemming from a data security incident properties around the world. We are also advising the company in litigation against the former payment card processor for the company in connection with a commercial dispute relating to the data security incident.
  • Arby’s Restaurant Group. Represents Arby’s in defending against third-party claims arising from a payment card incident announced in February 2017.
  • Target. Represented Target in responding to card brand inquiries and defending card issuer class action litigation stemming from the data security breach that Target announced in 2013.
  • Represents national grocery chain in defending consumer class actions arising from unauthorized network intrusions suffered by the client.
  • Genesco. Represented Genesco in lawsuit the retailer brought against Visa in United States District Court for the Middle District of Tennessee arising out of fines and assessments imposed by Visa following data security breach.
  • Regularly conducts and coordinates data security incident investigations for companies across a variety of industries.
  • Regularly counsels companies regarding data security compliance programs. 
  • Regularly advises companies on their data privacy and collection practices.
  • Counseled global apparel and technology company on development of its international privacy and marketing programs.
  • Developed a global privacy program for a major food products company operating in more than 40 countries. 
  • Assessed and revamped privacy program for international media company as part of multibillion-dollar transaction. 
  • Advised international medical device company on its global informatics program. 


Cookie Settings