Bryan M. Thompson


Bryan Thompson, CIPP/US, CIPP/E is a partner in the Portland office of Lewis Brisbois and a member of the Data Privacy & Cybersecurity Practice. 

Mr. Thompson focuses on data privacy and security matters, and helps clients respond to data security incidents while complying with state, federal, and foreign breach notification requirements. His work also concentrates on privacy compliance in accordance with U.S., EU, and other laws as well as industry information security standards. Mr. Thompson has extensive experience in aiding clients with privacy compliance to meet their particular business needs, including conducting privacy compliance assessments, and drafting privacy and cookie policies, Data Protection Addenda (DPAs), incident response plans, implementation procedures, and other materials needed to effect privacy compliance. Mr. Thompson routinely drafts, reviews and revises contracts, agreements, DPAs, and other materials to meet client data protection interests.

Mr. Thompson possesses the Certified Information Privacy Professional/United States (CIPP/US) credential, required to perform ISO 27002 (“Information technology -- Security techniques -- Code of practice for information security controls”) audits. He also possesses the Certified Information Privacy Professional/Europe (CIPP/E) credential.

As part of the Data Privacy and Cybersecurity Practice, Mr. Thompson tracks emerging cybersecurity risks and trends, and follows legislative developments and regulatory enforcement matters in the data privacy and security space. In addition to his work at Lewis Brisbois, Mr. Thompson is a captain in the U.S. Army Reserve, and a judge advocate in the Judge Advocate General’s (JAG) Corps.

Prior Experience

  • Judge Advocate, U.S. Army Reserve, Judge Advocate General’s (JAG) Corps, 2016-present; Rank: Captain
  • Staff Attorney, Davis Wright Tremaine, Privacy and Security practice group, 2014-2017
  • Adjunct Professor, Information Privacy Law seminar, Lewis & Clark Law School, Portland, Ore., 2015


  • "Business Associates Beware: More HHS Enforcement Ahead," Law360, 07.18.2016
  • "Reducing the Risk of Cyber Extortion For Health Care Cos.," Law360, 02.24.2016
  • "Is Your Hotel Ready for The Chip-And-PIN Liability Shift?," Law360, 09.28.2015


  • Certified Information Privacy Professional (CIPP/US)
  • Certified Information Privacy Professional/Europe (CIPP/E)

Military Service

Judge Advocate, U.S. Army Reserve, Judge Advocate General’s (JAG) Corps, 2016-present; Rank: Captain

Professional Presentations

  • Panelist, “Data Privacy and Cybersecurity: What Every Lawyer needs to Know,” a CLE- webinar sponsored by the Oregon Women Law Society, 07.25.18
  • Panelist, “Data Privacy & Cyber Security: What Every Lawyer Needs to Know,” Oregon Women Lawyers Webinar CLE, 07.26.2018
  • Panelist, “General Data Protection Regulation: A Corporate Counsel’s Guide to Advising their Clients on GDPR,” Law & Forensics Webinar, 06.08.2018
  • Panelist, “EU Privacy in 30 Minutes: What you Need To Know for the GDPR,” IAPP KnowledgeNet, 05.03.2018


  • State Bar Admissions
    • Oregon
  • United States District Courts
    • United States District Court for the District of Oregon



United States District Court for the District of Oregon


  • International Association of Privacy Professionals (IAPP)
  • Multnomah Bar Association, Young Lawyers Section, Service to the Public Committee, 2015–2017


Lewis & Clark Law School

Juris Doctor, cum laude, 2013

  • Environmental Law Review, Associate Editor
  • Jessup International Moot Court Honor Board

Portland State University

Master of Arts in Political Science, 2010

Portland State University

Bachelor of Arts in Political Science, 2004

Waseda University, Tokyo, Japan


arrow Back to Attorneys