Kirk J. Nahra


  • Co-Chair, Artificial Intelligence Practice
  • Co-Chair, Cybersecurity and Privacy Practice

Kirk Nahra has been a leading authority on privacy and cybersecurity matters for more than two decades. He co-chairs the firm’s Cybersecurity and Privacy Practice as well as the Artificial Intelligence Practice. In recognition of his professional work in these areas, he was named the winner of the 2021 Vanguard Award from the International Association of Privacy Professionals (IAPP)—one of the most prestigious in the privacy field—which recognizes one IAPP member each year who demonstrates exceptional leadership, knowledge and creativity in privacy and data protection. 

Mr. Nahra counsels clients across industries, from Fortune 500 companies to startups, on implementing the requirements of privacy and data security laws across the country and internationally, and he advocates for clients experiencing privacy and security breaches. Mr. Nahra also represents clients in contract and transactional matters, enforcement actions, litigation and investigations related to a wide range of issues before the Federal Trade Commission (FTC), the US Department of Health and Human Services (HHS) Office for Civil Rights, and other state and federal privacy and security regulators. He also represents a wide range of companies across industries on the growing array of complicated legal issues involved in artificial intelligence, including issues involving governance, data rights, data integrity and a wide range of investigation and compliance issues.  

Mr. Nahra is best known for his work with health insurers, hospitals, service providers, pharmaceutical manufacturers and other healthcare industry participants. He has a deep understanding of the privacy and security issues healthcare companies face relating to HIPAA rules, state and federal legislation, enforcement activities, internal investigations, international principles, due diligence in transactions, data breach risk assessments, and the key lines between regulated and unregulated data, including the new categories of laws at the state and federal level regulating particular kinds of health data or “health-like” data. He advises companies across the healthcare industry on artificial intelligence and algorithmic discrimination issues, including assessments of how data can be used and analyzed to improve the overall operation of the healthcare system.  

In recent years, Mr. Nahra has represented technology companies, advertising service providers, financial services companies, hospital systems, health insurers, healthcare technology companies, consumer products companies and others in front of the FTC, the HHS Office for Civil Rights, State Attorneys General and other privacy and security regulatory agencies. He advises clients on avoiding privacy and security investigations, navigating situations where investigations are likely, and then handling both the actual investigation and related issues involving consumers, customers, legislators, regulators and others. These projects involve not only the growing variety of privacy and security laws but also the increasing legislative and regulatory focus on the development of appropriate rules for artificial intelligence amid concerns about how this new technology will impact consumers and others.  

Mr. Nahra has substantial experience working with clients in the financial services and insurance industries on privacy and data security matters relating to the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, data aggregation and sharing practices, and privacy and data security compliance under a wide range of state and federal laws. He also has a breadth of experience drafting and evaluating data security practices and policies across varying industry standards, has investigated and litigated potential fraud against insurers, and has assisted with the development and oversight of corporate compliance programs. 

Additionally, Mr. Nahra is well versed in a variety of other privacy and consumer protection issues, including marketing laws pertaining to email, phone and online communications; the Children’s Online Privacy Protection Act; and the Family Educational Rights and Privacy Act of 1974.

State Comprehensive Privacy Law Series

Read about the latest state privacy law activity in our Privacy and Cybersecurity Law blog post series. LEARN MORE

Big Data and Artificial Intelligence Blog Posts

Read about the latest developments on Big Data and AI law on our Privacy and Cybersecurity Law blog. LEARN MORE
  • Inside Privacy Law: The Regulation of Personal Data

    In the eighth episode of WilmerHale’s podcast, In the Public Interest, co-host and Partner John Walsh welcomes Partner Kirk Nahra and guest Stacey Gray, two national leaders in privacy law. Nahra and Gray talk with Walsh about the challenges of having states with different privacy laws, consumer consent, and the complexities of regulating the collection and sharing of personal data.

    June 15, 2021
    Read More
  • Global Investigations Review: The Guide to Cyber Investigations—2nd Edition

    In The Guide to Cyber Investigations, Kirk Nahra co-authored “FTC Investigations and Multistate AG Investigations.”

    June 28, 2021
    Read More


  • Award Text

    Vanguard Award

    International Association of Privacy Professionals


  • Award Text

    Leading Lawyer for Privacy and Data Security

    Chambers Global


  • Award Text

    Leader in Healthcare Privacy and Data Security

    Chambers USA


  • Named a Thomson Reuters Stand-out Lawyer – independently rated and selected by clients.
  • Winner of the 2021 Vanguard Award from the International Association of Privacy Professionals (IAPP), which recognizes one IAPP member each year who demonstrates exceptional leadership, knowledge and creativity in privacy and data protection.
  • Recognized in the 20192024 editions of Chambers Global as a "Leading Global Lawyer for Business" for his privacy and data security practice.
  • Recognized as a national leader in healthcare privacy and data security in the 20192023 editions of Chambers USA Guide.
  • Named among the Best Lawyers in America for his healthcare law practice (2020–2024) and privacy and data security law practice (2023 and 2024) and named the 2022 Washington DC healthcare law Lawyer of the Year.
  • Listed as a 2020 Washington DC leader in healthcare law by Super Lawyers.
  • Named one of Washington DC’s best cybersecurity lawyers by Washingtonian in 2018.

Insights & News


  • Education

    • JD, Harvard Law School, 1987

      cum laude Articles Editor, Harvard Journal on Legislation
    • BA, Georgetown University, 1984

      magna cum laude Phi Beta Kappa
  • Admissions

    • District of Columbia



Unless you are an existing client, before communicating with WilmerHale by e-mail (or otherwise), please read the Disclaimer referenced by this link.(The Disclaimer is also accessible from the opening of this website). As noted therein, until you have received from us a written statement that we represent you in a particular manner (an "engagement letter") you should not send to us any confidential information about any such matter. After we have undertaken representation of you concerning a matter, you will be our client, and we may thereafter exchange confidential information freely.

Thank you for your interest in WilmerHale.