Kirk J. Nahra


  • Co-Chair, Big Data Practice
  • Co-Chair, Cybersecurity and Privacy Practice

Kirk Nahra has been a leading authority on privacy and cybersecurity matters for more than two decades. Indeed, he is one of the few lawyers in the world ranked in Band 1 by Chambers in privacy and data security. He is also the winner of the 2021 Vanguard Award from the International Association of Privacy Professionals (IAPP)—one of the most prestigious in the privacy field—which recognizes one IAPP member each year who demonstrates exceptional leadership, knowledge and creativity in privacy and data protection. Mr. Nahra counsels clients across industries, from Fortune 500 companies to startups, on implementing the requirements of privacy and data security laws across the country and internationally, and he advocates for clients experiencing privacy and security breaches. Mr. Nahra also represents clients in contract and deal matters, enforcement actions, litigation and investigations related to a wide range of issues before the Federal Trade Commission (FTC), the US Department of Health and Human Services (HHS) Office for Civil Rights, and other state and federal privacy and security regulators. 

Mr. Nahra is best known for his work with health insurers, hospitals, service providers, pharmaceutical manufacturers and other health care industry participants. He has a deep understanding of the privacy and security issues healthcare companies face relating to HIPAA rules, state and federal legislation, enforcement activities, internal investigations, international principles, due diligence in transactions, data breach risk assessments, and the key lines between regulated and unregulated data. During his decades of experience, Mr. Nahra has developed compliance programs, drafted privacy and information security policies, negotiated agreements involving health data, responded to health incidents and defended clients against government investigations. 

In recent years, Mr. Nahra has represented technology companies, advertising service providers, financial services companies, hospital systems, health insurers, healthcare technology companies, consumer products companies and others in front of the FTC, the HHS Office for Civil Rights, and other privacy and security regulatory agencies. He advises clients on avoiding privacy and security investigations, navigating situations where investigations are likely, and then handling both the actual investigation and related issues involving consumers, customers, legislators, regulators and others.

Mr. Nahra also has substantial experience working with clients in the financial services and insurance industries on privacy and data security matters relating to the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, data aggregation and sharing practices, and privacy and data security compliance under a wide range of state and federal laws. He also has a breadth of experience drafting and evaluating data security practices and policies across varying industry standards, has investigated and litigated potential fraud against insurers, and has assisted with the development and oversight of corporate compliance programs. 

Additionally, Mr. Nahra is well versed in a variety of other privacy and consumer protection issues, including marketing laws pertaining to email, phone and online communications; the Children's Online Privacy Protection Act; and the Family Educational Rights and Privacy Act of 1974. 

Professional Activities

A leader in the privacy bar, Mr. Nahra has been involved in developing the privacy legal field for 20 years. As a founding member and longtime board member of the International Association of Privacy Professionals, he helped establish the organization’s Privacy Bar Section and their first and most popular certification for Certified Information Privacy Professionals. He is a member of the Center for Cybersecurity and Privacy Protection National Advisory Board. He has taught privacy issues at several law schools, including serving as an adjunct professor at the Washington College of Law at American University and at Case Western Reserve University. In addition, he currently serves as a fellow with the Cordell Institute for Policy in Medicine & Law at Washington University in St. Louis and as a fellow with the Institute for Critical Infrastructure Technology. He actively shares his privacy insights through numerous speeches and articles, and on social media.


Mr. Nahra is an active author and lecturer in the health care, compliance, privacy, information security and anti-fraud areas. His recent publications are visible under Insights & News below. Before joining WilmerHale, he published the following articles:

  • "The Top Five Health Care Privacy and Security Issues to Watch in 2019," Bloomberg BNA's Health Law Reporter, December 21, 2018
  • "The Top Five Privacy and Security Issues to Watch in 2019," Bloomberg Law Privacy and Security Law Report, December 8, 2018
  • Co-author, "Digital Health Regulatory Gaps in the United States," Compliance Elliance Journal, Fall 2018
  • "The Next Major Privacy Challenge for Corporate America—California’s New Privacy Law," Bloomberg Law Privacy and Security Law Report, July 3, 2018
  • "Takeaways from the 11th Circuit FTC vs. LabMD decision," IAPP's The Privacy Tracker, June 7, 2018
  • "The Top Ten Privacy and Data Security Developments to Watch in 2018," Bloomberg Law Privacy and Security Law Report, January 8, 2018
  • "The Past, Present and Future of Health Care Privacy," Health Law Handbook, 2017 Edition
  • "The Top Ten Health Care Privacy and Security Concerns for 2017," Bloomberg BNA’s Health Law Reporter, January 5, 2017
  • "Privacy and Security Impacts of the 21st Century Cures Legislation," IAPP's The Privacy Tracker, December 19, 2016
  • "Responding to Security Breaches," The Practical Lawyer, October 2016
  • "Impact of the EU-U.S. Privacy Shield on Health-Care Data Transfers," Bloomberg BNA’s Privacy and Security Law Report, August 1, 2016
  • "Is the Sectoral Approach to Privacy Dead in the U.S.?," Bloomberg BNA’s Privacy and Security Law Report, April 4, 2016
  • "The Top Ten Privacy and Security Issues Companies Need to Watch in 2016," Bloomberg BNA’s Privacy and Security Law Report, January 4, 2016
  • "Privacy, Research and the Evolution of Health Care in the 21st Century," Bloomberg BNA's Medical Research Law & Policy Report, March 18, 2015
  • "Obama’s drive to introduce new privacy and security laws," E-Commerce Law and Policy, February 2015
  • "Health Care Privacy and Security Developments: Top Issues to Watch in 2015," Bloomberg BNA's Health Law Reporter, January 8, 2015
  • "State Supreme Court Decision Addresses Common Law Privacy Claims Against Healthcare Providers," IAPP's The Privacy Tracker, November 12, 2014
  • "Privacy and Data Security Is for Everyone: Common Matters That All Companies Should Address," Bloomberg BNA Corporate Law & Accountability Report, July 18, 2014
  • "The Top Ten Health-Care Privacy and Security Issues to Watch in 2014," Bloomberg BNA’s Health Law Reporter, January 23, 2014
  • "The Top 10 Privacy and Security Issues to Watch in 2014," Bloomberg BNA Privacy and Security Law Report, January 13, 2014
  • "Mastering Cybersecurity by Learning Data Security," Bloomberg BNA Privacy and Security Law Report, September 9, 2013
  • "Do I Need New HIPAA Business Associate Agreements?" Bloomberg BNA's Health Law Reporter, June 27, 2013
  • "Analysing the US HIPAA Legacy and Future Changes on the Horizon," Data Protection Law and Policy, February 2013
  • "The Top Ten Privacy and Data Security Issues to Watch in 2013," Bloomberg BNA Privacy and Security Law Report, January 7, 2013
  • "Cloud Computing in Healthcare: Overview of the Main Challenges," Data Protection Law & Policy, August 2012
  • "What To Do While Waiting For The HIPAA Rules," Privacy & Consumer Protection Law360, July 17, 2012
  • "Protecting the Benefits of De-Identified Health Care Information," Legal Backgrounder, Washington Legal Foundation, June 8, 2012
  • "What To Watch For In Privacy And Security In 2012: The Top Five," The Privacy Advisor, January 20, 2012
  • "The Top Health Care Privacy Issues to Watch in 2012," BNA’s Health Law Reporter, December 15, 2011
  • "The HIPAA Accounting NPRM and the Future of Health Care Privacy," BNA Health IT Law & Industry Report, July 4, 2011
  • "Health Insurers in the Fraud Area Today: The Good, the Bad, and the Ugly," American Health Lawyers Association Payors Plans & Managed Care Newsletter, May 2011
  • "The Top Ten Privacy and Security Developments to Watch in 2011," BNA Privacy & Security Law Report, January 3, 2011

For copies of any of the articles mentioned above, please contact Mr. Nahra directly.

  • Inside Privacy Law: The Regulation of Personal Data

    In the eighth episode of WilmerHale’s podcast, In the Public Interest, co-host and Partner John Walsh welcomes Partner Kirk Nahra and guest Stacey Gray, two national leaders in privacy law. Nahra and Gray talk with Walsh about the challenges of having states with different privacy laws, consumer consent, and the complexities of regulating the collection and sharing of personal data.

    June 15, 2021
    Read More
  • Global Investigations Review: The Guide to Cyber Investigations—2nd Edition

    In The Guide to Cyber Investigations, Kirk Nahra co-authored “FTC Investigations and Multistate AG Investigations.”

    June 28, 2021
    Read More


  • Award Text

    Vanguard Award

    International Association of Privacy Professionals


  • Award Text

    Leading Lawyer for Privacy and Data Security

    Chambers Global


  • Award Text

    Leader in Healthcare Privacy and Data Security

    Chambers USA


  • Winner of the 2021 Vanguard Award from the International Association of Privacy Professionals (IAPP), which recognizes one IAPP member each year who demonstrates exceptional leadership, knowledge and creativity in privacy and data protection
  • Recognized in the 20192022 editions of Chambers Global as a "Leading Global Lawyer for Business" for his privacy and data security practice
  • Recognized as a national leader in healthcare privacy and data security in the 20192022 editions of Chambers USA: America's Leading Lawyers for Business
  • Named among the 2020–2022 Best Lawyers in America for his healthcare law practice and named the 2022 Washington DC healthcare law Lawyer of the Year
  • Listed as a 2020 Washington DC leader in healthcare law by Super Lawyers
  • Named one of Washington DC’s best cybersecurity lawyers by Washingtonian in 2018

Insights & News


  • Education

    • JD, Harvard Law School, 1987

      cum laude Articles Editor, Harvard Journal on Legislation
    • BA, Georgetown University, 1984

      magna cum laude Phi Beta Kappa
  • Admissions

    • District of Columbia