Fran Faircloth

Practice Areas

Fran Faircloth is a partner and core member in Ropes & Gray’s data, privacy, and cybersecurity practice. She represents clients handling complex data, privacy, and cybersecurity matters across a wide range of industries and sectors. Recently, Fran has been advising clients across industries on issues of data protection, opportunistic cyber attacks, and contact tracing technologies in the wake of the COVID-19 outbreak.

Fran has assisted clients in privacy and cybersecurity related class action litigation and enforcement actions by the FTC, state Attorneys General, the SEC, and other government agencies. She uses her experience managing incident response and handling complex investigations to help clients get to the root of inquiries and communicate complex cyber and data privacy issues to government regulators and boards of directors.

Recognized as part of the "Incident Response Elite" and ranked by Chambers Global and Chambers USA for Privacy & Data Security Litigation, Fran Faircloth is a partner in Ropes & Gray's data, privacy, and cybersecurity practice. She has navigated clients through dozens of complex cyber incidents and advises leading organizations—including financial institutions, technology companies, education providers, healthcare systems, data brokers, and e-commerce retailers—on the full spectrum of data privacy, cybersecurity, AI governance, and information governance challenges.

Fran serves as lead incident response counsel in high-stakes ransomware attacks, insider threats, and data breaches, helping clients contain risk, assess exposure, engage with forensic investigators, and communicate effectively with executive stakeholders and government agencies. She also helps clients prepare before crisis strikes through bespoke tabletop exercises tailored to her clients' operational needs and advises executives and boards on cybersecurity governance programs that incorporate frameworks such as the NIST Cybersecurity Framework, NIST AI Risk Management Framework, and ISO standards.

Fran counsels clients on compliance with federal, state, and global privacy and security laws, including

The California Consumer Privacy Act (CCPA) and the growing collection of emerging state privacy, AI, and biometric data laws

The Health Insurance Portability and Accountability Act (HIPAA)

The Gramm-Leach-Bliley Act (GLBA)

The SEC’s cybersecurity disclosure rules

The Children's Online Privacy Protection Act (COPPA)

The Family Educational Rights and Privacy Act (FERPA)

The Electronic Communications Privacy Act (ECPA)

The Computer Fraud and Abuse Act (CFAA)

The Fair Credit Reporting Act (FCRA)

The Video Privacy Protection Act (VPPA)

The Telephone Consumer Protection Act (TCPA)

She regularly represents clients in investigations and enforcement actions involving the FTC, SEC, state Attorneys General, the New York Department of Financial Services (NYDFS), and international regulators, and has defended clients in class action privacy, cybersecurity, and data breach litigation.

Fran advises companies on AI-related legal and regulatory questions, including compliance with the Colorado AI Act and other emerging state laws regulating AI. She counsels on generative AI use policies, automated decision-making compliance, and AI vendor due diligence, including issues at the intersection of AI, privacy, and cybersecurity. Her practical, risk-based approach helps clients balance innovation with regulatory compliance in an era of rapid technological change.

In addition to her data practice, Fran maintains an active pro bono practice focused on women's rights and election law. Fran is also a Professorial Lecturer in Law at George Washington University Law School, where she teaches Cybersecurity Law, and is a contributor and co-lead editor of the PLI treatise Cybersecurity: A Practical Guide to the Law of Cyber Risk (Second Edition 2024, 2025).

Before joining Ropes & Gray, Fran completed a fellowship with the National Women's Law Center and practiced at a large global law firm. Fran earned her J.D. from Yale Law School, where she served as Managing Editor of the Yale Law Journal and co-chaired Yale Law Women. She clerked for the Honorable Scott M. Matheson of the U.S. Court of Appeals for the Tenth Circuit.