John Gray, CIPP/US, Lewis Roca Photo

John C. Gray, CIPP/US

Of Counsel
  • Print PDF
  • vCard

John Gray is Of Counsel in Lewis Roca’s Litigation Practice Group and leads the firm’s Data Privacy and Cybersecurity Group.  He is also a member of the firm’s AI Task Force.

As a litigator, John has more than a decade of experience in Arizona, California, and other forums across the nation. He has handled a wide range of cases and litigated hundreds of matters to final resolution, including numerous class actions, various complex commercial cases, bet-the-company disputes, and appeals. As detailed below, John’s primary area of focus is data privacy and cybersecurity, but he also represents clients in other types of disputes and in a number of industry sectors, including non-profit, financial services, tech, retail, manufacturing, real estate, construction, tourism, entertainment, fitness, healthcare, education, and government.

Data Privacy and Cybersecurity

As the chair of Lewis Roca’s Data Privacy and Cybersecurity Group, John represents clients in various regulatory investigations and litigation matters relating to privacy or data-protection issues, including data-breach class actions. He also advises clients on compliance with the California Consumer Privacy Act (CCPA), the EU’s General Data Protection Regulation (GDPR), and various other laws and regulations pertaining to data privacy and protection.

Before joining the firm, John worked in the Consumer Protection and Advocacy Section of the Arizona Attorney General’s Office, where he served as senior litigation counsel, fintech sandbox counsel, and data privacy team leader. As data privacy team leader, John was responsible for dozens of data privacy investigations and litigation matters, many of which involved millions of data subjects and tens or hundreds of millions of dollars at issue. He also drafted significant portions of Arizona’s updated data breach notification law and new virtual coin offering law in 2018, and he led a group of more than 80 lawyers from more than 25 states and territories in the training and certification process to become Certified Information Privacy Professionals with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional and a member of the Sedona Conference Working Group on Data Security and Privacy Liability, John has spoken and written extensively about privacy and security issues. In 2019, he also served as co-chair of the Technology Futures Subgroup of the Arizona Cybersecurity Team, where he worked with commercial, academic, government, and community leaders to assess cybersecurity threats and opportunities associated with new and emerging technologies.


John has represented clients in appellate matters throughout the country.  In those matters, John has briefed appeals before the Ninth Circuit Court of Appeals, the California Court of Appeal, the Nevada Supreme Court, and the New York Supreme Court, Appellate Division.  He has also briefed and argued several cases before the Arizona Supreme Court and Arizona Court of Appeals.  While in law school, John honed his appellate writing and advocacy skills serving as a Legal Research, Writing, and Advocacy Fellow and studying under former Ninth Circuit Judge Paul J. Watford. 

Government Investigations

As former senior litigation counsel with the Arizona Attorney General’s Office, John has significant experience in government investigations relating to alleged consumer fraud or unfair, deceptive, and abusive acts and practices (UDAP) claims. At the Arizona Attorney General’s Office, John led one of the largest multistate consumer fraud investigations in recent years, and he served on several other executive committees for multistate investigations involving hundreds of millions or billions of dollars at issue. He is therefore well-positioned to defend clients who may be under investigation by state or federal authorities, and he has a keen understanding of both the procedural and substantive issues involved in such matters.

Financial Services and Insurance Disputes

John represents financial institutions, insurance companies, and related parties in a variety of litigation and arbitration matters. In particular, he has extensive experience defending broker-dealers and investment advisors in arbitrations before the Financial Industry Regulatory Authority (FINRA), and he has successfully moved to compel such arbitration in multiple matters originally filed in state or federal courts. In addition, John has represented financial services and insurance clients in securities class actions, bankruptcy matters, probate and garnishment actions, actions to enforce judgments, and cases alleging fraudulent lending practices and/or wrongful foreclosure.

Labor and Employment Disputes

John represents employers in various industries and has defended clients against claims relating to the federal Fair Labor Standards Act (FLSA), overtime, meal breaks, rest breaks, wage statements, waiting time penalties, discrimination, retaliation, harassment, eavesdropping, wrongful termination, off-the-clock work, rounding, alternative workweeks, and the California Private Attorney General Act (PAGA). In particular, John has extensive experience litigating employment matters in California state and federal courts, including both putative class actions and individual matters.  John has also advised clients regarding employee handbooks, potential terminations, and severance agreements; he has litigated trade-secret, confidentiality, and non-compete claims involving former employees and contractors; and he has handled internal investigations under Title VII and the California Fair Employment and Housing Act. 

More About John C. Gray, CIPP/US


  • J.D., University of Southern California, Gould School of Law, 2009
  • B.S., magna cum laude, Arizona State University, 2006

Bar Admissions

  • Arizona, 2011
  • California, 2009

Court Admissions

  • U.S. District Court, District of Arizona
  • U.S. District Court, Central District of California
  • U.S. District Court, Eastern District of California
  • U.S. District Court, Northern District of California
  • U.S. District Court, Southern District of California
  • U.S. Court of Appeals, Ninth Circuit


  • International Association of Privacy Professionals
  • Sedona Conference, Working Group 11

Representative Matters

  • Advising numerous clients regarding compliance with CCPA, GDPR, and various other privacy laws.
  • Representing religious institutions in various trial-court, appellate, and bankruptcy matters.
  • Serving as local counsel to multiple publicly listed entities and related financial institutions in securities class actions filed in both state and federal court.
  • Representing nationwide door-to-door sales and pest-control company in numerous litigation matters.
  • Serving as local counsel to Fortune 500 healthcare company in multiple putative class actions regarding alleged data breaches.
  • Handled several nationwide cybersecurity incident response matters in connection with ransomware events and attacks against vendors.
  • Defended state agency against constitutional claims seeking to invalidate agency’s enforcement statute.
  • Represented multiple Fortune 500 companies in confidential state attorney general investigations.
  • Obtained order vacating multimillion-dollar arbitration award fraudulently issued against national hotel organization.
  • Led 32-state consumer protection investigation against global tech company involving hundreds of millions of dollars at issue.
  • Recovered millions of dollars for State of Arizona and residents in consumer protection and data privacy investigations and litigation.
  • Drafted Arizona data breach notification law and virtual coin offering law.
  • Represented financial advisor in FINRA arbitration and related litigation brought by former NFL athlete, resulting in dismissal of all claims against client in both actions.
  • Obtained favorable settlement for Fortune 50 retailer in purported consumer fraud class action after plaintiff’s first amended complaint was dismissed.
  • Obtained favorable settlement on eve of trial for auto parts manufacturer in bet-the-company litigation brought by former private equity investors.
  • Represented mortgage trustee in series of cases alleging “wrongful foreclosure”; obtained dismissal on the pleadings in more than a dozen cases, with others settled for less than nuisance value.

Honors & Recognitions

  • At the Arizona Attorney General's Office, John was recognized as the 2019 Civil Litigation Division Emerging Star.
  • While in law school, John was selected as a first year summer fellow and as a legal research, writing, and advocacy fellow.
  • Prior to law school, John graduated from the Barrett Honors College at Arizona State University, where he was recognized as the Finance Department's Outstanding Graduating Senior and was elected the inaugural president of the Undergraduate Investment Management Fund.


  • Speaker, “Legal Update,” CISO Executive Network Virtual Roundtable, September 2021
  • Co-presenter, "The Threat Within:  Addressing and Limiting Legal Risks Posed by Internal Cybersecurity and Data Privacy Vulnerabilities,” CLE Presentation, Lewis Roca Rothgerber Christie LLP, July 2021
  • Speaker, “Legal Update,” CISO Executive Network Virtual Roundtable, May 2021
  • Co-presenter, "Responding to Ransomware:  Ethical Considerations and Implications,” CLE Presentation, Lewis Roca Rothgerber Christie LLP, April 2021
  • Co-moderator, “Cyber Legal Roundtable,” Lewis Roca Rothgerber Christie LLP, January 2021
  • Co-presenter, “The Ethics of Ransomware Payments,” CLE Presentation, Lewis Roca Rothgerber Christie LLP, December 2020
  • Speaker, “CPRA Highlights,” CISO Executive Network Virtual Roundtable, December 2020
  • Co-presenter, "2020 Ethics in Cybersecurity Virtual Event - Rule of Law," University of Colorado, Colorado Springs, November 2020
  • Speaker, “Legal Update,” CISO Executive Network Virtual Roundtable, October 2020
  • Speaker, “GDPR: Data Protection Officers,” CISO Executive Network Virtual Roundtable, April 2020
  • Speaker, "USPQ Seminar - CCPA and Privacy by Design," CLE Presentation, Lewis Roca Rothgerber Christie LLP, February 2020
  • Speaker, "CCPA and Privacy by Design," CISO Executive Network Breakfast Roundtable, December 2019
  • Panelist, “The Impact of Emerging Legislation and Regulations on Practitioners’ Security/Privacy Considerations and Operations,” 2019 Cybersecurity Lunch Forum, Arizona Technology Council, December 2019
  • Panelist, “How are regulators looking at protecting consumers in this new era?” Symantec CalPrivacyCon, March 2019
  • Panelist, "Bridging the Expertise Gap between Technologists and State AGs," 2019 AGTech Forum, Berkman Klein Center for Internet and Society at Harvard University, February 2019
  • Speaker, "HB2154, Arizona’s New Data Breach Notification Law," CLE Presentation, Office of the Arizona Attorney General, August 2018
Jump to Page

How Can We
Help You?

By using this site, you agree to our updated Privacy Policy and our Terms of Use.