Skip to main content

Profile hero

Profile details

About Peter Jaffe

Peter advises clients on complex privacy, cybersecurity, and intellectual property matters.

He guides his clients through privacy compliance efforts, negotiates corporate transactions in data-heavy tech companies, and leads clients through the response to cybersecurity incidents. His experience spans the full range of US private-sector privacy and security laws (e.g., Gramm-Leach-Bliley, HIPAA, COPPA, FTC Act Sec. 5, ECPA, NY SHIELD, emerging state privacy laws) and also advises private companies on the impact to their businesses of public-sector privacy laws (e.g., the SCA/CLOUD Act).  Where needed, he works with his colleagues across the Freshfields network to provide coordinated global advice on compliance with key laws like GDPR and the e-Commerce Directive.  He also advises on a variety of US laws bearing on internet businesses and e-commerce such as CDA Sec. 230, e-SIGN Act, UCC Art. 4A, and the EFTA.  His clients include leading tech companies, hotels and travel agents, carmakers, financial institutions, investors, and multinational companies.

Clients rely not only on Peter's application of law to technology, but also on his application of technology to law. For example, Peter develops custom databases or writes code to solve complex litigation problems, such as tracking a company's remedial efforts mandated by US law, analyzing data on tens of thousands of securities and dozens of litigants in mortgage-backed securities litigation, and mapping payment flows across thousands of transactions in a money-laundering investigation.

Peter writes frequently on privacy and cybersecurity matters, and in particular on the allocation of cybersecurity risk in wire transfer transactions, and is quoted frequently in the media on prominent US litigation arising from hacks involving wire transfers.  He has spoken at the SWIFT forum in New York on cybersecurity and before the International Monetary Fund on cybersecurity risks to the world financial system, and is the author of Global Investigation Review’s 2020 chapter on complying with US privacy laws when conducting investigations.

Recent work



  • Representing Royal Caribbean in the privacy and IP aspects of its carve-out sale of the high-end cruise business Azamara to Sycamore Partners;
  • Representing AstraZeneca in the privacy and security aspects of its purchase of Alexion Pharmaceuticals.
  • Representing Hewlett Packard Enterprise on the data protection aspects of its purchase of Silver Peak, the leading software-defined wide area networks company, for $925 million;
  • Representing Google in the privacy and security aspects of its $4.5 billion transaction with Jio Platforms;
  • Representing private equity sponsor Goldfinch Partners in the privacy and security aspects of its investment in Vesta, a fintech pioneer in fully guaranteed payment and fraud protection technologies;
  • Acting for Catalent, the NYSE-listed global provider of advanced delivery technologies and development solutions for drugs, biologics and consumer health products, on the transfer of personal data in connection with its acquisition of a pharmaceutical manufacturing facility in Anagni, Italy, from Bristol-Myers Squibb;
  • Counselling a travel services company in the restructuring of its technology platform supply chain and managing potential disputes with one of its suppliers; and
  • Representing tech companies and investors in the privacy and security aspects of sales and acquisitions of personal-data-based businesses in the payments and medical research spaces.

Privacy Advice and Counselling

  • Counselling a foreign bank on compliance with US privacy laws including Gramm-Leach-Bliley and emerging US state privacy laws;
  • Advising payment platforms on US privacy implications of new surveillance laws coming into force in Hong Kong;
  • Advising a social media company on the development of tools to comply with emerging US state privacy laws;
  • Developing PSIRT/CSIRT policies (mechanisms for customers to report security vulnerabilities) for a multinational manufacturer;
  • Advising a concert promoter on the use of surveillance technologies to maintain safety at concerts;
  • Advising makers of online learning tools on compliance with COPPA;
  • Counselling multiple foreign investment funds on compliance with US privacy laws;
  • Advising a multinational electronics manufacturer on compliance with emerging US state privacy laws;
  • Counselling multiple European corporates on the implications of US public-sector privacy laws (such as the SCA/CLOUD Act) for their obligations under GDPR; and
  • Advising a carmaker in cybersecurity and data privacy aspects of AI and autonomous vehicles, connected cars, and vehicle-component databases.

Incident Response & Investigations

  • Advising Marriott in international regulatory investigations, across over 30 jurisdictions outside the US, following the Starwood data breach, as well as providing ongoing privacy advice;
  • Advising an international consumer brands company after the compromise of almost 100 email accounts containing unstructured personal and corporate information, including notifications to individuals and engagement with US and European authorities;
  • Conducting an internal investigation and leading the incident response for an international organization after a hack and resulting wire fraud, including cooperation with the FBI and Japanese law enforcement;
  • Advising that same organization after a hack on one of its service providers involving data on over 4 million data subjects, including on individual notifications and reporting to state attorneys general and authorities other key jurisdictions.
  • Leading the incident response for an airline services company after data breaches involving employee data;
  • Representing a major US bank in a British regulatory investigation into the international structure of the bank’s transaction databases;
  • Advising a multinational cybersecurity company after an attack on its business data;
  • Advising a global travel company on securities disclosure obligations after a data incident;
  • Representing a real-time interpretation technology company in non-compete litigation with a former reseller;
  • Representing the mobile news platform of a major European media company in intellectual property litigation;
  • Representing the British subsidiary of a major US bank in a cross-border investigation by French and Belgian regulators;
  • A private European bank against claims in the Lehman Brothers bankruptcy proceedings in the United States; and
  • Advising clients on how to respond to law enforcement and litigation requests consistent with privacy laws such as GDPR, Gramm-Leach-Bliley, and HIPAA.




  • JD, magna cum laude, Georgetown University Law Center.
  • BA, history, Stanford University.