Founder, Cybersecurity & AI Lawyer *Licensed in California (FIP, CIPP/US/E/M, GCFA)

About Your Cybersecurity Attorney
Lily Li

Lily Li is a data privacy, AI, and cybersecurity lawyer and founder of  Metaverse Law. She is admitted to practice in California and before the Federal Circuit and holds the CIPP/US, CIPP/E, and CIPM certifications from the International Association of Privacy Professionals.

Lily assists clients from startups to multinationals comply with their privacy, cybersecurity, and data breach notification obligations under CCPA, GDPR, NYDFS, COPPA, HIPAA, GLBA, SOX and a variety of other laws and regulations. In addition, Lily holds the GIAC Certified Forensic Analyst (GCFA) certification for advanced incident response and digital forensics and assists clients through the incident response and breach notification process.

Lily launched the firm in 2018, after recognizing the growing market need for legal services focused exclusively on data privacy and protection. Metaverse Law builds upon Lily’s multidisciplinary legal and consulting background in complex commercial claims, intellectual property matters, and employment disputes. Lily is a regular speaker and author on data privacy and cybersecurity matters.

Prior to founding Metaverse Law, Lily was a commercial and intellectual property litigator at Brown Wegner LLP, advising companies in the high-tech, biotech, e-commerce, and retail sectors on privacy policies and website terms, and intellectual property, trade secret, commercial, and employment claims.

Before joining Brown Wegner and after finishing her law degree at Duke Law School, Lily Li served as an intellectual property consultant and director of marketing and business development at IP Checkups, a patent analytics and valuation firm in Berkeley, California. She advised manufacturers, researchers, and entrepreneurs in the LED, cleantech, and biotech industries. During her time at IP Checkups, Lily co-authored numerous articles and conducted interviews with American Lawyer, Bloomberg, and other media to foster transparency in the patent marketplace.


Privacy Notices | Data Protection Policies & Risk Assessments | HIPAA Privacy Policies | Workplace Privacy | Breach Response & Notification | GDPR and DPO Services |


  • Duke University School of Law, JD 2011
    + Chair, Asian Law Students Association
    + Member, Duke Journal for Comparative and International Law
  • Williams College, BA Political Economy, magna cum laude 2008
    + Teaching Assistant, Econometrics and Economic Methods
  • International Association of Privacy Professionals
    + CIPP/US
    + CIPP/E
    + CIPP/M
  • GIAC
    + GIAC Certified Forensic Analyst (GCFA)

Memberships & Honors

  • International Association of Privacy Professionals
    + Orange County Chapter Chair 2020-2021
  • Orange County Bar Association, Member
    + Young Lawyer's Division (Community Outreach Chair - 2016)
  • Children's Bureau
    + YPOC President 2016-2017
    + YPOC Community Chair 2016-2017
    + OneOC Spirit of Volunteering Award 2017

Articles & Publications

Niche Areas of Law Practice: Privacy and Cybersecurity Law, March/April 2024, GPSOLO, American Bar Association (Vol. 41, No. 2).

AI Generated Deepfakes: Potential Liability and Remedies, January 2024, Orange County Lawyer Magazine (Vol. 66, No. 1).

AI vendor management – human programming for machine learning, October 2023, DataGuidance.

International Insights Article: Privacy Implications for Organizations Using Generative AI, June 2023, DataGuidance.

The California Age-Appropriate Design Code Act, November 2022, DataGuidance.

Third Country Assessment Guidance Note for California, February 2022, DataGuidance.

Will the Courts Treat Foreign Data Privacy Laws as Fact or Farce in U.S. contracts? Whose Law Will Prevail in Privacy Disputes?, May 2021, Orange County Lawyer Magazine (Vol. 63, No. 5).

Facebook, Patents, and Privacy: Social Media Innovations to Mine Personal Data, September/October 2020, GPSOLO, American Bar Association (Vol. 37, No. 5).

Should Bar Associations Vet Technology Service Providers for Attorneys?, November/December 2019, GPSOLO, American Bar Association (Vol. 36, No. 6).

Privacy Rights in Class Action Lawsuits – Should Putative Class Members Opt-In Before Their Personal Information Is Disclosed in California Consumer Privacy Act Litigation?, May 2019, Orange County Lawyer Magazine (Vol. 61, No. 5).

American Privacy Laws in a Global Context: Predictions for 2018, May 2018, Orange County Lawyer Magazine (Vol. 60, No. 5) [adapted and reprinted as US Privacy Laws in a Global Context: Predictions for the Next Year, September 2018, The Computer and Internet Lawyer (Vol. 35, No. 9)].

Chatbot Contracts: Enforcing TOS Agreements in Computer-Generated Conversations, March 2017, Association of Business Trial Lawyers – Orange County (Spring 2017 ABTL Report).

Help! What Are My (Immediate) Defenses to a Federal Trade Secret Claim?, September 2016, Orange County Lawyer Magazine (Vol. 59, No. 9).

RFAs: The Underutilized Strategy for Recovering Attorney’s Fees, December 2015, Orange County Lawyer Magazine (Vol. 57, No. 1).

Robot Price Wars: Minimum Advertised Pricing (“MAP”) Policies and the Colgate Doctrine in the Era of Smart Web Crawlers, Fall 2015, Federal Bar Association/ Orange County Chapter Newsletter.

Co-author, How Hidden IP Assets Hurt The Entire Patent Community. November 2012, IP360.COM.

Patents compete for priority in the remote-phosphor LED technology space. July/Aug 2012 Issue, LEDS MAGAZINE.

Quoted in Biotech’s wellspring: a survey of the health of the private sector. May 2012, NATURE BIOTECHNOLOGY (online edition).

IP Strategy and Considerations for Start-ups: Q&A with IP Checkups blog.

Speaking Engagements

Healthcare Data, Trackers, & Artificial Intelligence: Are You Giving Away Sensitive Healthcare Information?, OCBA Health Care Law Section Meeting, March 14, 2024, Newport Beach, CA.

Privacy Harms & Solutions in an AI World, Western State College of Law, February 29, 2024, Irvine, CA.

Global trends shaping the AI landscape: What to expect, DataGuidance, February 13, 2024, Virtual.

Will AI Take My Law Job: Tips for Success in this Brave New World, OCAABA, January 24, 2024, Irvine, CA.

Social Media Scams: A New Social Engineering Battleground, PrivSec Global, November 30, 2023, Virtual Conference.

California Privacy Rights Act: What Do Financial Institutions Need to Know?, OCBA Banking & Lending Section Meeting, April 18, 2023, Virtual.

AI Chatbot Wars: The Good, The Bad, and The Ugly, BrightTalk Originals: Threat Watch, March 30, 2023, Virtual.

Does The Updated FTC Safeguards Rule Affect Your Business?, Greenlight IS/Metaverse Law/Duo Security, November 9, 2022, Virtual.

Legal Data Privacy Deep Dive: Federal, State, and Local Updates, PrivacyOC, August 11, 2022, Irvine, CA.

Prepare for Schrems III? Unpacking the Trans-Atlantic Data Privacy Framework, PrivSec Global, June 29, 2022, Virtual Conference.

Privacy Law Remix: Looking Ahead to 2023, ISSA-OC Chapter Meeting, June 9, 2022, Virtual.

What To Do In a Data Breach, IAPP KnowledgeNet, March 2, 2022, Virtual Conference.

Why Most CCPA Cases Will Fail: Five Hurdles Plaintiffs Must Clear, PrivSec Global, September 23, 2021, Virtual Conference.

Americas Focus: USA and the Developing Nature of Privacy Law, PrivSec Global, June 22, 2021, Virtual Conference.

California Privacy Rights Act (CPRA), ISSA-LA Virtual Chapter Meeting, December 16, 2020, Los Angeles, CA.

Women in Cybersecurity and Privacy – Leading Through Uncertainty, UCI Cybersecurity Policy & Research Institute, July 30, 2020, Irvine, CA.

Wall Street Journal Cybersecurity Symposium: Which Regulations Apply?, Loews Coronado Bay Resort, January 11, 2020, San Diego, CA.

AI, Cybersecurity + Privacy, Cedars-Sinai Accelerator in West Hollywood, November 21, 2019, West Hollywood, CA.

Lock it or Lose it Data Protection & Cyber Security, Postal Customer Council Lunch and Learn, November 14, 2019, Anaheim, CA.

How to Prepare for the California Consumer Privacy Act and Other Important Considerations Regarding Privacy and Cybersecurity Laws, Orange County Bar Association’s IP & Technology section and Business and Corporate Section, OCBA Headquarters, August 19, 2019, Newport Beach, CA.

Weathering the Cyber Storm: How To Avoid the Most Common Data Protection Mistakes, Webinar, National Association of Women Lawyers, June 11, 2019, Irvine, CA.

Hot Topics in Data Privacy: A Panel Discussion on Privacy, Security, and Risk Management, Orange County Bar Association’s IP & Technology section and Mommy Esquire Committee, OCBA Headquarters, July 16, 2018, Newport Beach, CA.

Keeping Up with Privacy Laws for Your Services and Website, The Gen Why Lawyer Podcast, July 2, 2018, Irvine, CA.

GDPR and State Privacy Laws, KUCI 88.9 FM, Privacy Piracy Radio, June 25, 2018, Irvine, CA.

FLSA Wage Claims are on the Rise! How to Prevent and Defend Against Unpaid Wage Claims, Orange County Paralegal Association, 30th Annual Education Conference, September 17, 2016, Hilton, Costa Mesa, CA.

Patents and the Consultant/ Entrepreneur, IEEE Orange County Consultants Network, June 22, 2013, California State University, Fullerton, CA.