Shannon Togawa Mercer advises clients on matters related to domestic and international cybersecurity, privacy, and data protection laws. She works closely with clients on incident preparedness, helping companies navigate increasingly dynamic regulatory and threat environments. Having begun her practice in London, she uses her experience across jurisdictions to rationalize and clarify international risk and regulatory obligations. Ms. Mercer’s breadth of experience directly benefits her clients who are looking to establish or improve their privacy and cybersecurity compliance programs through practical and effective strategies. 

Ms. Mercer has represented clients of all sizes and in numerous sectors through a wide range of cybersecurity incidents, including complex cyber extortion and ransomware incidents. She has extensive experience managing data breach response activities and investigations, including overseeing privileged forensic work and data breach notification efforts in the United States, the United Kingdom, and the European Union, among other jurisdictions. As part of her incident response and regulatory investigations work, Ms. Mercer represents clients in communications with law enforcement and before state and federal regulators. Ms. Mercer’s experience also includes negotiating privacy and data protection provisions in transactional documents and drafting privacy policies and other disclosures.

Ms. Mercer has written extensively on data protection, privacy, cybersecurity, and public policy. Her written work has been featured in various publications, including the American Journal of International Law Unbound, the German Yearbook of International Law,  Butterworths Journal of International Banking and Financial Law, Lawfare, and Foreign Policy. Ms. Mercer was a contributing editor to The Guide to Cyber Investigations – 3rd Edition published in 2023. 

She joined WilmerHale from the London location of a large global law firm, beginning her career with a focus on the data protection and cybersecurity aspects of international transactions. She previously worked as a national security, technology and law associate for the Hoover Institution at Stanford University. She also served as the managing editor of the prominent US national security blog, Lawfare. 

During law school, Ms. Mercer completed legal internships for the US Department of Justice, Civil Division, Appellate Staff; the United States Trade Representative, Office of the General Counsel; and the European Bank for Reconstruction and Development. Prior to attending law school, Ms. Mercer was an associate at a management consulting firm and a management associate in the research department and the department of corporate counsel at the world’s largest hedge fund.

Ms. Mercer is a member of the Asian Pacific American Bar Association of Washington DC.

State Comprehensive Privacy Law Series

Read about the latest state privacy law activity in our Privacy and Cybersecurity Law blog post series. LEARN MORE

Big Data and Artificial Intelligence Blog Posts

Read about the latest developments on Big Data and AI law on our Privacy and Cybersecurity Law blog. LEARN MORE


    • Regularly advises one of the world's largest financial institutions in investigations of cybersecurity and privacy incidents, including third-party vendor incidents and ransomware and cyber extortion events.
    • Regularly advises large technology company in both proactive cybersecurity and privacy compliance measures, and cybersecurity and data security incident response activities. Work regularly involves the supervision of privileged forensic investigations, law enforcement coordination, advising on domestic and international regulatory obligations and communication, and the navigation of complex contractual or transactional obligations. Work also includes advising on evolving threats in the industry.
    • Advised manufacturing client through large ransomware event, including the remediation of encrypted systems, navigation of national security, cybersecurity, privacy, and threat actor issues, coordination with law enforcement, extensive regulatory communications, and the management of a complex privileged forensic investigation.
    • Advised bio-technology company through cyber extortion event including the supervision of its privileged forensic investigation, data analysis, law enforcement coordination, regulatory disclosures, and breach notification process.
    • Advised human resources and benefits company through cyber extortion event, including the supervision of its privileged forensic investigation, data analysis, navigation of cybersecurity, privacy, and threat actor issues, assistance with communications, law enforcement coordination, and regulatory reporting and communications.
    • Represented a large platform technology company in an investigation by the FTC into the company’s data privacy and security practices that was closed without the agency taking formal action. 
    • Counsel in numerous cybersecurity and privacy matters involving SEC disclosure issues; domestic and international regulators, including financial regulators and supervisory authorities; state Attorneys General and state Departments of Insurance inquiries; individual data subject or consumer breach notifications; government investigations; and law enforcement coordination. Representations have included major companies in the banking, investment management, software, bio-technology, manufacturing, travel, and social media spaces.

Insights & News


  • Education

    • JD, Georgetown University Law Center, 2017

      cum laude Dean’s List, Exceptional Pro Bono Pledge Honoree, Editor in Chief, Georgetown Journal of International Law
    • AB, Politics, Princeton University, 2011

      cum laude

      Certificates in Near Eastern Studies and Arabic Language

      Near Eastern Studies Senior Thesis Prize, Bobst Center for Peace and Justice Award

  • Admissions

    • District of Columbia

    • New York



Unless you are an existing client, before communicating with WilmerHale by e-mail (or otherwise), please read the Disclaimer referenced by this link.(The Disclaimer is also accessible from the opening of this website). As noted therein, until you have received from us a written statement that we represent you in a particular manner (an "engagement letter") you should not send to us any confidential information about any such matter. After we have undertaken representation of you concerning a matter, you will be our client, and we may thereafter exchange confidential information freely.

Thank you for your interest in WilmerHale.