Kamran Salour


Kamran Salour is a partner in the Orange County office of Lewis Brisbois and a member of the Data Privacy & Cybersecurity Practice. Kamran (CIPP/US and CIPT) dedicates his practice to helping clients respond to data security incidents of all kinds. For each incident, Kamran seeks to answer three main questions for his clients: (1) how did the incident occur; (2) how can we help reduce the likelihood of the incident re-occurring; and (3) are there any legal notification obligations as a result of the incident? Kamran also helps his clients assert or defend against claims in state and federal litigation resulting from data security incidents.

Kamran helps his clients respond to security incidents and data breach investigations involving malware, network intrusion, inadvertent disclosure, and ransomware. He guides his clients through the incident response process, directing forensic investigations, consulting with federal and state agencies, developing post-incident response notification plans, and responding to regulatory investigations. As part of his security incident response work, Kamran provides his clients with advice on proactive data security practices, including designing pre-incident response planning and preparedness, and post-incident remediation plans. Central in his response work, Kamran strives to minimize disruption to his clients, preserve their customer relationships, and reduce the likelihood and consequences of litigation and regulatory investigations.

Kamran’s experience also extends to compliance. Utilizing his knowledge of U.S. and international privacy laws, including the EU’s General Data Protection Regulation (GDPR), Illinois’ Biometric Information Privacy Act (BIPA), and the California Consumer Privacy Act (CCPA), Kamran educates clients about a full range of privacy issues and counsels them on complying with emerging and ever changing privacy laws.

Armed with decades-plus experience as a litigator, Kamran provides his clients with a unique perspective on data privacy and protection issues. He brings a pragmatic problem-solving approach to his incident response work, an approach that he developed and honed through years of resolving high-stakes litigation disputes on behalf of his clients. Because of his litigation experience, Kamran’s skill set includes understanding and anticipating drafting ambiguities and oversights that spawn litigation, a skill set that he uses to his clients’ benefit when counseling them on compliance.


Incident Response

  • Ransomware: Significant experience representing private companies and public entities whose operations have been stymied by a ransomware attack. Worked with clients and third parties, including forensic investigators, law enforcement officials, and ransomware negotiators to identify and contain the incident, minimize disruption to business operations, deliver effective public communications designed to preserve customer relationships, minimize likelihood and consequences of litigation and regulatory investigations, and avoid reoccurrence.
  • Network Intrusion: Significant experience representing public and private companies of all sizes across innumerable industries respond to various network interruption incidents. Helped clients minimize incident’s impact on operations, determined whether incident triggers state breach notification laws or contractual notice obligations and ensure compliance with them, minimize the likelihood and consequences of litigation and regulatory investigations, preserve customer and vendor relationships, and avoid incident reoccurrence.
  • PCI Incident: Experience representing retailers respond to attacks on their card-present and e-commerce payment systems. Worked with retailers and third parties through the incident response process, including: determining the source and scope of the attack, devising a plan to remediate the incident and avoid a future attack, complying with any resulting notice obligations, addressing card network fines and assessments, and minimizing likelihood and impact of litigation.


  • Utilizing knowledge as a Certified Information Privacy Professional (CIPP/US), Certified Privacy Information Technologist (CIPT), and frequent author and speaker on a wide array of privacy issues, assisted numerous companies develop, implement, and maintain privacy programs that comply with applicable data protection laws, including the California Consumer Protection Act (CCPA).
  • Provided counsel to nationally recognized tele-communication company on structuring of third-party vendor agreements to minimize impact of CCPA on business operations.
  •  Advised leading student data and research organization on CCPA requirements and corresponding obligations in connection with organization’s corporate restructuring.


  • Defended a prominent physician against $20 million fraud and perjury claims that threatened to bankrupt him. On second day of trial, resolved matter for less than half of plaintiff’s prior settlement demand.
  • On the eve of trial, secured walk-away for an Orange County commercial broker and his company against competitor’s defamation and unfair competition claims.
  • Turned demand letter from organization threatening to rescind client’s contract into that organization paying client a five-figure sum without having to file suit.
  • Obtained injunctive relief on behalf of the Gulf Cooperation Council preventing the Internet Corporation of Assigned Names and Numbers (ICANN) from issuing the PERSIANGULF generic top-level domain name.
  • Archived complete defense of $10 million breach of contract claim against video game developer after two-week trial.


  • Certified Information Privacy Professional, United States (CIPP/US)
  • Certified Information Privacy Technologist (CIPT)

Pro Bono & Philanthropy

  • AIMed AI Ambassador, Children’s Hospital of Orange County
  • Defends low-income tenants against unlawful eviction attempts through Inner City Law Center, helping families remain in affordable housing and avoid becoming homeless.


Professional Presentations

  • Speaker, “Anatomy of a Ransomware Attack,” Lewis Brisbois Data Privacy & Cybersecurity Webinar Series, April 29, 2021
  • Speaker, “The Data Breach Duty,” Lawyers Mutual, March 24, 2021
  • Speaker, “The Price of Privacy,” OC Legal Tech Conference, June 6, 2020
  • Speaker, Panel, IG3 West eDiscovery and Information Governance Conference, December 12, 2019
  • Speaker, “Privacy Piracy” Radio Show, August 19, 2019
  • Speaker, Panel, IG3 Mid-Atlantic Conference, June 26, 2019
  • Presenter, OC Legal Tech Conference, May 4, 2019
  • Speaker, IP Law Careers, Thomas Jefferson School of Law, February 9, 2019
  • Speaker, Lawyer’s Role in Data Privacy, Thomas Jefferson School of Law, September 7, 2018
  • Presenter, Course on the California Consumer Privacy Act, August 17, 2018
  • Presenter, Course on Deposition Preparation, June 20, 2018


  • State Bar Admissions
    • California
  • United States District Courts
    • United States District Court for the Central District of California
    • United States District Court for the Eastern District of California
    • United States District Court for the Northern District of California
    • United States District Court for the Southern District of California



US Dist Court for the Central Dist of CA

US Dist Court for the Northern Dist of CA

US Dist Court for the Eastern Dist of CA

US Dist Court for the Southern Dist of CA


  • International Association of Privacy Professionals
  • Los Angeles County Bar Association, Privacy and Cybersecurity Section
  • AIMed: AI Ambassador
  • Orange County Bar Association, Entertainment, Sports & Marketing Section

Awards & Honors

“Rising Star,” Southern California Super Lawyers, 2014-2018


Emory University School of Law

Juris Doctor, with honors, 2006

  • ABA/BNA Award for Excellence in the Study of Intellectual Property
  • National Moot Court Team

University of California, Los Angeles

Bachelor of Science, 2001

arrow Back to Attorneys