Cybersecurity Lawyer California | Cybersecurity Attorney Lily Li

Lily Li

Founder, Cybersecurity & AI Lawyer *Licensed in California (FIP, CIPP/US/E/M, GCFA)

About Your Cybersecurity and AI Attorney
Lily Li

Lily founded Metaverse Law in 2018 after recognizing the growing market need for legal services focused exclusively on artificial intelligence, data privacy and protection. She serves clients in the following industries:
— B2B cloud and SAAS software solutions
— Chatbots, generative AI and agentic AI
— Healthcare IT, telemedicine and wearables
— Fintech and insurtech
— AR/VR in gaming, aerospace, drones and peripherals

She advises clients on a broad range of artificial intelligence, privacy and data protection matters, such as the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), the EU AI Act, the National Institute of Standards and Policy (NIST) AI Framework, and healthcare and workplace privacy laws. She hold multiple certifications in information privacy and security and computer forensics such as FIP, CIPP/US/E/M and GCFA.

In addition to handling client matters, Lily is a regular speaker, and has presented at nearly 30 conferences, webinars and podcasts. She is a frequent author on AI, data privacy and cybersecurity issues, publishing nearly a dozen articles in prestigious legal and business publications such as the Wall Street Journal Cybersecurity Forum, PrivSec Global, Bloomberg Law and Law360, and local and state bar associations.

Lily is also a regular legal analyst for numerous media outlets concerning the U.S. government’s approach to AI, data privacy, and export controls on data.

In her spare time, she loves spending time in nature with her two daughters and reading science fiction (Ray Bradbury, Ursula Le Guin, Neal Stephenson).

Expertise

Education

Duke University School of Law, JD 2011
+ Chair, Asian Law Students Association
+ Member, Duke Journal for Comparative and International Law
Williams College, BA Political Economy, magna cum laude 2008
+ Teaching Assistant, Econometrics and Economic Methods
International Association of Privacy Professionals
+ CIPP/US
+ CIPP/E
+ CIPP/M
GIAC
+ GIAC Certified Forensic Analyst (GCFA)

Memberships & Honors

International Association of Privacy Professionals
+ Orange County Chapter Chair 2020-2021
Orange County Bar Association, Member
+ Young Lawyer's Division (Community Outreach Chair - 2016)
Children's Bureau
+ YPOC President 2016-2017
+ YPOC Community Chair 2016-2017
+ OneOC Spirit of Volunteering Award 2017

Articles & Publications

23andMe Ch. 11 Sale Sparks DNA Privacy Oversight Battle, April 2025, Law360 Bankruptcy Authority.

Maryland Eyes Limits on Car Insurance Rates Based on Driver Data, March 2025, Bloomberg Government.

Calif. Privacy Action Drives Home Need To Look Under Hood, March 2025, Law 360.

Be Ready for a Global Surge in Children’s Data Privacy Lawsuits as Regulation Tightens, Says Cybersecurity Expert, March 2025, The Recorder.

Hollywood’s Clash Over AI Spurs New California Transparency Bill, February 2025, Bloomberg Government.

Feds Fine Eyeglass Retailer $1.5M for HIPAA Lapses in Hacks, February 2025, Healthcare Info Security.

DeepSeek’s Rapid Rise Adds Fuel To AI Policy Push, February 2025, Law360.

The outlook for AI safety regulation in the US, February 2025, IAPP.

Donald Trump Rolls Back Biden-Era AI Regulation, Sets Stage for Battles With US States, February 2025, CCN.

Trump plays dealmaker as questions surround TikTok, January 2025, The Hill.

Trump Signs Executive Order to Block TikTok Ban, January 2025, TheWrap.

Trump, GOP China hawks at odds over TikTok ban, January 2025, The Hill.

TikTok in Limbo: What Happens to Creators – and Can Trump Save Them?, January 2025, TheWrap.

‘TikTok refugees’ migrate to Chinese app RedNote in an ‘ironic’ protest of looming ban, January 2025, Yahoo.

AI and Machine Learning in Drug Development and Clinical Trials, January 2025, Orange County Lawyer Magazine (Vol. 67, No. 1).

California – Third Country Assessment, November 2024, DataGuidance.

AI in the Workplace: Legal Considerations for Leadership Teams, November 2024, Directors & Boards.

A Look At The Hefty Demands In Calif. Employer AI Draft Regs, November 2024, Law360.

California AI Data Disclosure Law Heightens Developer Legal Risk, October 2024, Bloomberg Law.

Comparing EU and US AI legislation: déjà vu to 2020, October 2024, Reuters Westlaw Today.

California: The AI Transparency Act – what you need to know, October 2024, DataGuidance.

Quantum-Computing Threats Spur Steps Toward Stronger Encryption, October 2024, Bloomberg Law.

Niche Areas of Law Practice: Privacy and Cybersecurity Law, March/April 2024, GPSOLO, American Bar Association (Vol. 41, No. 2).

AI Generated Deepfakes: Potential Liability and Remedies, January 2024, Orange County Lawyer Magazine (Vol. 66, No. 1).

AI vendor management – human programming for machine learning, October 2023, DataGuidance.

International Insights Article: Privacy Implications for Organizations Using Generative AI, June 2023, DataGuidance.

The California Age-Appropriate Design Code Act, November 2022, DataGuidance.

Third Country Assessment Guidance Note for California, February 2022, DataGuidance.

Will the Courts Treat Foreign Data Privacy Laws as Fact or Farce in U.S. contracts? Whose Law Will Prevail in Privacy Disputes?, May 2021, Orange County Lawyer Magazine (Vol. 63, No. 5).

Facebook, Patents, and Privacy: Social Media Innovations to Mine Personal Data, September/October 2020, GPSOLO, American Bar Association (Vol. 37, No. 5).

Should Bar Associations Vet Technology Service Providers for Attorneys?, November/December 2019, GPSOLO, American Bar Association (Vol. 36, No. 6).

Privacy Rights in Class Action Lawsuits – Should Putative Class Members Opt-In Before Their Personal Information Is Disclosed in California Consumer Privacy Act Litigation?, May 2019, Orange County Lawyer Magazine (Vol. 61, No. 5).

American Privacy Laws in a Global Context: Predictions for 2018, May 2018, Orange County Lawyer Magazine (Vol. 60, No. 5) [adapted and reprinted as US Privacy Laws in a Global Context: Predictions for the Next Year, September 2018, The Computer and Internet Lawyer (Vol. 35, No. 9)].

Chatbot Contracts: Enforcing TOS Agreements in Computer-Generated Conversations, March 2017, Association of Business Trial Lawyers – Orange County (Spring 2017 ABTL Report).

Help! What Are My (Immediate) Defenses to a Federal Trade Secret Claim?, September 2016, Orange County Lawyer Magazine (Vol. 59, No. 9).

RFAs: The Underutilized Strategy for Recovering Attorney’s Fees, December 2015, Orange County Lawyer Magazine (Vol. 57, No. 1).

Robot Price Wars: Minimum Advertised Pricing (“MAP”) Policies and the Colgate Doctrine in the Era of Smart Web Crawlers, Fall 2015, Federal Bar Association/ Orange County Chapter Newsletter.

Co-author, How Hidden IP Assets Hurt The Entire Patent Community. November 2012, IP360.COM.

Patents compete for priority in the remote-phosphor LED technology space. July/Aug 2012 Issue, LEDS MAGAZINE.

Quoted in Biotech’s wellspring: a survey of the health of the private sector. May 2012, NATURE BIOTECHNOLOGY (online edition).

IP Strategy and Considerations for Start-ups: Q&A with IP Checkups IPfolio.com blog.

Speaking Engagements

The basics of a CCPA-compliant AI risk management program, Planet Cyber Sec Conference, February 26, 2025, Los Angeles, CA.

The EU AI Act: How Will It Affect Your Business?, DataCamp, December, 12, 2024, Webinar.

Legal Considerations for the Use of AI in the Enterprise, AI Fest, September 26, 2024, Virtual Conference.

The Role of Technology in Modern Governance, Risk and Compliance, #Risk Digital UK/EU, September 18, 2024, Virtual Conference.

A New Era of AI Governance, #Risk Digital UK/EU, September 18, 2024, Virtual Conference.

Securing Your Office Against Deepfakes, OCBA AI Symposium, June 29, 2024, Irvine, CA.

Applying Machine Learning and Artificial Intelligence for Predicting Product Profile Approvability (PoPPA), DIA Global Annual Meeting, June 19, 2024, San Diego, CA.

The Ethics of Artificial Intelligence – What a Patent Practitioner Needs to Know, California Lawyers Association, May 30, 2024, Virtual.

Healthcare Data, Trackers, & Artificial Intelligence: Are You Giving Away Sensitive Healthcare Information?, OCBA Health Care Law Section Meeting, March 14, 2024, Newport Beach, CA.

Privacy Harms & Solutions in an AI World, Western State College of Law, February 29, 2024, Irvine, CA.

Global trends shaping the AI landscape: What to expect, DataGuidance, February 13, 2024, Virtual.

Will AI Take My Law Job: Tips for Success in this Brave New World, OCAABA, January 24, 2024, Irvine, CA.

Social Media Scams: A New Social Engineering Battleground, PrivSec Global, November 30, 2023, Virtual Conference.

California Privacy Rights Act: What Do Financial Institutions Need to Know?, OCBA Banking & Lending Section Meeting, April 18, 2023, Virtual.

AI Chatbot Wars: The Good, The Bad, and The Ugly, BrightTalk Originals: Threat Watch, March 30, 2023, Virtual.

Does The Updated FTC Safeguards Rule Affect Your Business?, Greenlight IS/Metaverse Law/Duo Security, November 9, 2022, Virtual.

Legal Data Privacy Deep Dive: Federal, State, and Local Updates, PrivacyOC, August 11, 2022, Irvine, CA.

Prepare for Schrems III? Unpacking the Trans-Atlantic Data Privacy Framework, PrivSec Global, June 29, 2022, Virtual Conference.

Privacy Law Remix: Looking Ahead to 2023, ISSA-OC Chapter Meeting, June 9, 2022, Virtual.

What To Do In a Data Breach, IAPP KnowledgeNet, March 2, 2022, Virtual.

Why Most CCPA Cases Will Fail: Five Hurdles Plaintiffs Must Clear, PrivSec Global, September 23, 2021, Virtual Conference.

Americas Focus: USA and the Developing Nature of Privacy Law, PrivSec Global, June 22, 2021, Virtual Conference.

California Privacy Rights Act (CPRA), ISSA-LA Virtual Chapter Meeting, December 16, 2020, Los Angeles, CA.

Women in Cybersecurity and Privacy – Leading Through Uncertainty, UCI Cybersecurity Policy & Research Institute, July 30, 2020, Irvine, CA.

Wall Street Journal Cybersecurity Symposium: Which Regulations Apply?, Loews Coronado Bay Resort, January 11, 2020, San Diego, CA.

AI, Cybersecurity + Privacy, Cedars-Sinai Accelerator in West Hollywood, November 21, 2019, West Hollywood, CA.

Lock it or Lose it Data Protection & Cyber Security, Postal Customer Council Lunch and Learn, November 14, 2019, Anaheim, CA.

How to Prepare for the California Consumer Privacy Act and Other Important Considerations Regarding Privacy and Cybersecurity Laws, Orange County Bar Association’s IP & Technology section and Business and Corporate Section, OCBA Headquarters, August 19, 2019, Newport Beach, CA.

Weathering the Cyber Storm: How To Avoid the Most Common Data Protection Mistakes, Webinar, National Association of Women Lawyers, June 11, 2019, Irvine, CA.

Hot Topics in Data Privacy: A Panel Discussion on Privacy, Security, and Risk Management, Orange County Bar Association’s IP & Technology section and Mommy Esquire Committee, OCBA Headquarters, July 16, 2018, Newport Beach, CA.

Keeping Up with Privacy Laws for Your Services and Website, The Gen Why Lawyer Podcast, July 2, 2018, Irvine, CA.

GDPR and State Privacy Laws, KUCI 88.9 FM, Privacy Piracy Radio, June 25, 2018, Irvine, CA.

FLSA Wage Claims are on the Rise! How to Prevent and Defend Against Unpaid Wage Claims, Orange County Paralegal Association, 30th Annual Education Conference, September 17, 2016, Hilton, Costa Mesa, CA.

Patents and the Consultant/ Entrepreneur, IEEE Orange County Consultants Network, June 22, 2013, California State University, Fullerton, CA.