Fran Faircloth is a partner and core member in Ropes & Gray’s data, privacy, and cybersecurity practice. She represents clients handling complex data, privacy, and cybersecurity matters across a wide range of industries and sectors. Recently, Fran has been advising clients across industries on issues of data protection, opportunistic cyber attacks, and contact tracing technologies in the wake of the COVID-19 outbreak. 

Fran has assisted clients in privacy and cybersecurity related class action litigation and enforcement actions by the FTC, state Attorneys General, the SEC, and other government agencies. She uses her experience managing incident response and handling complex investigations to help clients get to the root of inquiries and communicate complex cyber and data privacy issues to government regulators and boards of directors.

Fran advises clients on difficult data privacy, cybersecurity, and information law questions involving data breaches, ransomware, online brand protection, social media, e-commerce, and Internet governance. She regularly counsels clients on compliance with federal, state, and foreign privacy and security requirements related to the collection, handling, and protection of data.

Fran maintains an active pro bono practice that is focused on women’s issues and election law. She previously completed a fellowship with the National Women's Law Center where she focused on education and employment matters.

Prior to joining Ropes & Gray, Fran practiced at a large international firm and served as a law clerk for the Honorable Scott M. Matheson of the U.S. Court of Appeals for the Tenth Circuit. While in law school, Fran was managing editor for the Yale Law Journal and a co-chair of Yale Law Women.


Litigation and Regulatory Enforcement

  • Representing an online retailer in its response to cybersecurity incident involving the scraping of credit card information and in related class action litigation.
  • Representing a health care system in data breach class action.

Crisis Management and Incident Response

  • Investigated data breaches for the independent Special Cybersecurity Review Committee of the Yahoo! Board of Directors.*
  • Representing retail, pharmaceutical, financial services, e-commerce, and telecommunications providers in connection with data security incidents that required analysis of breach reporting obligations under U.S. and international statutes.

Counseling and Compliance

  • Developed privacy policies and incident response plans for a wide range of companies including insurance, life sciences, and telecommunications providers.
  • Assisted corporations with preparation for and responses to sophisticated cybersecurity incidents.
  • Directed diligence of key data, privacy, and cybersecurity issues in private equity transactions.
  • Advised the Internet Cross-Community Working Groups with respect the historic transition of the Internet domain name system to private governance by the ICANN multi-stakeholder community.*
  • Provided analysis, advice, and regulatory counseling regarding major U.S. and international privacy and data security laws and regulations, including GDPR, CCPA, ECPA, CFAA, COPPA, GLBA, TCPA, FERPA, the FCRA, and unfair or deceptive trade practice restrictions.
  • Counseled clients on a range of privacy and cybersecurity compliance issues.

*Experience prior to joining Ropes & Gray



Areas of Practice