May Yang joined Ropes & Gray’s data, privacy, and cybersecurity group in 2021. May specializes in complex privacy and cybersecurity issues, encompassing litigation, incident response, transactional, and counseling matters. She assists companies across various industries, such as healthcare, in complying with international, federal, and state privacy regulations, including navigating issues related to the California Consumer Privacy Act (CCPA), Computer Fraud and Abuse Act (CFAA), and the Electronic Communications Privacy Act (ECPA). Additionally, May is deeply committed to pro bono work, actively contributing to human rights and environmental justice causes.

During law school, May served as a teaching assistant to Professors Paul Ohm, Tanina Rostain, and Mary DeRosa. She was a member of the articles committee for the Georgetown Law Technology Review and an active member of the Georgetown Asian Pacific American Law Students Association (APALSA), serving as the academic chair during the 2019-2020 academic year.


  • Member of litigation teams representing corporate defendants against data misuse allegations, including CFAA and ECPA complaints.
  • Lead data breach investigations and draft notifications to State AGs and affected Parties.
  • Advises financial services companies on new and forthcoming privacy and cybersecurity regulations, including NIST and FTC requirements.
  • Conducts diligence of key data issues in transactions and assisted with privacy diligence on multiple multi-billion dollar deals.
  • Developed privacy notices and information security policies for investment advisers and healthcare companies.

Areas of Practice