Sulina Gabale

Senior Associate

Washington, D.C.

Read full biography at

Sulina Gabale is a Senior Associate and founding member of the Cyber, Privacy & Data Innovation practice, named Privacy & Data Security Law Firm of the Year by Chambers USA in 2019.

As innovation pushes the limits of technology, those ideas challenge the boundaries of what is considered “personally identifiable information.” Sulina answers the question - how can we create tomorrow’s technology with yesterday’s privacy and consumer protection laws? Sulina works closely with innovators at all levels of a business – executives, engineers, marketing and product, HR and customer service teams – to gain a true understanding of their goals and the data they’re collecting, using and sharing. She places herself in her client’s shoes as well as in consumers’ mindset to devise creative privacy-by-design solutions, ensuring her client’s business and data innovation strategies withstand multi-national rules, government regulations, industry standards and consumer scrutiny.

With experience in both data privacy and consumer protection, Sulina utilizes a comprehensive approach to counsel clients on a myriad of issues affecting consumers and businesses.

  • She routinely guides companies of all sizes through the existing patchwork of laws, self-regulatory standards and industry practice impacting data privacy and security. She advises clients subject to regulatory investigations and litigation involving a spectrum of federal and state laws, including Section 5 of the Federal Trade Commission Act (FTC Act), the California Consumer Privacy Act (CCPA) and proposed state privacy legislation, Children’s Online Privacy Protection Act (COPPA), biometric privacy laws such as the Illinois Biometric Information Privacy Act (BIPA), the Fair Credit Reporting Act (FCRA), Gramm-Leach-Bliley Act (GLBA), the Family Educational Rights and Privacy Act (FERPA) and related state student data privacy laws, the California Online Privacy Protection Act (CalOPPA) and others.
  • Sulina advises companies of all sizes on the development and deployment of cutting-edge technologies and services, including ad-tech, AI and machine learning, biometric tools, social media, robotics and IoT devices, marketing and promotions and more.
  • Sulina began her legal career focusing on consumer protection. She continues to counsel clients on marketing and promotional issues, including interest-based ads; sweepstakes and promotions; automatic renewal and subscriptions; advertising substantiation; influencer programs and social media; SMS text messaging and telemarketing (including matters involving the Telemarketing Sales Rule (TSR), the Telephone Consumer Protection Act (TCPA)); and other state and federal consumer protection laws. 

Sulina’s practice is industry-agnostic. She has represented clients ranging from start-ups to Fortune 500s, non-profits, academic institutions and city governments across a range of industries from fashion and ecommerce, financial services, retail, food and beverage and technology services.  

Prior to law school, Sulina worked in the highly interactive fields of journalism, entertainment and digital media. This well-rounded background helps her connect with clients on a personal level, and ensure her advice integrates legal solutions with business practicality.

Before joining Orrick, Sulina was a member of the Privacy & Data Security Group; Entertainment & Media Group; and IP, Information & Innovation Group at Reed Smith, LLP in New York and Washington, D.C.

Posts by: Sulina Gabale

FTC Rings in New Year with ‘Major Changes’ to Cybersecurity Orders and Throwback Reference to WISPs

Earlier this month, Andrew Smith, the FTC’s Director of the Bureau of Consumer Protection, announced that the Commission had made “three major changes” to its data security orders.[1] Citing recent hearings at the FTC, as well as the Commission’s defeat in the closely watched LabMD case,[2] Director Smith highlighted three key takeaways from seven consent orders announced against “an array of diverse companies.”[3]


Orrick Webinar: Spotlight on EdTech – How the New California and Nevada Privacy Laws Will Impact Data in EdTech

Webinar | August 27, 2019

Download Powerpoint Presentation

Please join Emily Tabatabai and Sulina Gabale for the Cyber, Privacy & Data Innovation practice’s webinar “Spotlight on EdTech – How the New California and Nevada Privacy Laws Will Impact Data in EdTech.”

State Legislators Joining the Consumer Privacy Protection Party: Introduced CCPA-Like Bills

In 2018, the California legislature made headlines with its game-changing data protection law: the California Consumer Privacy Act of 2018. Other state legislators across the country appear to be hot on its heels as a flurry of CCPA-like bills have been introduced across the United States. While it is too early to predict which of these bills, if any, will be enacted, this increased focus on privacy in the state legislatures is clearly a sign that the privacy landscape—and consequent compliance challenges for companies—is going to get more complicated. READ MORE