Skip to Main Content
Professional Photo

Aldo M. Leiva


Al Leiva is a member of the Government Enforcement and Investigations Group, assisting clients with investigations, compliance, and regulatory matters relating to critical infrastructure, cybersecurity, and supply chain security.

Professional Biography

Mr. Leiva also serves on the Data Protection, Privacy and Cybersecurity Team, advising clients on compliance, transactions, and litigation involving rapidly evolving federal, state, and international cybersecurity and data privacy laws. Mr. Leiva also serves as trial counsel in complex litigation matters, including class action defense, tort, and business litigation.

Clients turn to Mr. Leiva for strategic legal counsel when facing cybersecurity incidents, data privacy issues, and compliance or litigation involving complex cybersecurity and privacy laws and regulations, including federal laws (CFIUS, TCPA, HIPAA, HITECH, GLB, COPPA, CAN-SPAM, FCRA/FACTA), state laws (data breach notification laws, FIPA, FSCA, CCPA, CPRA) and EU/Latin America data protection laws (GDPR). He has served as privacy compliance counsel, cybersecurity risk mitigation counsel, and general counsel for numerous companies. He advises clients on business practices that comply with laws governing their digital operations, including social media, digital media, mobile app and website marketing, and cloud computing.

Clients also rely upon Mr. Leiva's experience representing companies in complex litigation matters involving business disputes, consumer class action (TCPA, privacy), insurance-related litigation, eDiscovery, tort defense, professional liability, real estate, and construction disputes.

Mr. Leiva monitors and assesses cybersecurity and privacy challenges presented by emerging technologies, including cryptocurrencies, blockchain applications, autonomous vehicles, the Internet of Things, artificial intelligence, and biometrics. He has also completed extensive critical infrastructure training programs of the U.S. Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team in Cybersecurity for Industrial Control Systems and Operational Security for Control Systems, and has similarly received comprehensive training via DHS and FEMA-authorized programs in the areas of cyber incident analysis and response, disaster recovery for information systems, physical and cybersecurity for critical infrastructure, information risk management and critical asset risk management.

Mr. Leiva serves on the board of directors of the South Florida Chapter of InfraGard, a leading public-private partnership between U.S. businesses and the Federal Bureau of Investigations (FBI) that focuses on critical infrastructure protection. He has developed educational programming on cybersecurity laws and regulations for the members of InfraGard. In 2017, Mr. Leiva was recognized by the FBI for exceptional service in connection with his InfraGard service.

Mr. Leiva's interest in complex technology matters is based on his professional and technical background as a systems biologist, having served as a scientific researcher/instructor in Costa Rica, as well as a comparative legal investigator in Mexico.

Mr. Leiva's pro bono efforts have focused on advocacy for the Rule of Law in Cuba, serving as counsel for Cuban political prisoners and pro-democracy activists before the Inter-American Commission on Human Rights, resulting in a ruling against the Cuban government by an international committee for human rights violations. As a Cuba law/policy analyst, Mr. Leiva has briefed the U.S. State Department, Representatives and Senators, and Presidential candidates on Cuba law and policy. He has also analyzed Cuba trends for trade and media organizations and academic institutions, including the Foundation for Advanced Education in the Sciences, American University, University of Miami, Indiana University, and St. Thomas University. Mr. Leiva was honored to receive the 2020 Human Rights Award from the Cuban American Bar Association in recognition of his activism and advocacy for human rights in Cuba.

Mr. Leiva is fluent in Spanish.

  • Data Privacy Class Action Defense

  • Defended an automotive OEM against a $7.5+ billion class action filed in Florida challenging session replay software that allegedly tracks users' activities on websites. Shortly after we were granted an early-stage stay of discovery, plaintiff voluntarily dismissed case (no settlement).

  • Successfully defended a national online retail client against multiple Video Privacy Protection Act (VPPA) class actions filed in New York and Florida; cases were dismissed at the motion to dismiss phase before a class could be certified.

  • Defending an automotive OEM against a class action brought under the California Invasion of Privacy Act (CIPA) in state court.

  • Defending a regional health care entity in a pending class action filed in Tennessee state court alleging violation of Tennessee's State Wiretapping Act.

  • Other Trial and Litigation Matters

  • Received a complete defense verdict following a five-day jury trial on behalf of two insured business owners accused of negligence in the installation of a granite monument.

  • Acted as trial counsel for a leading communications infrastructure company in a jury trial in the Southern District of Florida, successfully defending breach of easement and punitive damages claims.

  • Defending a data privacy action filed by an individual against a national online retailer in California court.

  • Defended TCPA litigation matters for clients in multiple industries, including insurance and health/wellness.

  • Defended ADA website compliance matters in multiple business sectors and industries, including hospitality, fashion, and retail sector clients.

  • Successfully defended food manufacturing entity in shareholder derivative lawsuit alleging breach of fiduciary duty and breach of contract, resulting in full divestment of shareholder's interest in entity and no liability for client.

  • Successfully defended a physician in an administrative professional investigation by the Florida Department of Health, arising out of a patient complaint, resulting in case dismissal without a finding of probable cause against the physician.

  • Obtained a defense verdict for an internal medicine physician accused of professional negligence in St. Lucie County, Florida.

  • Obtained a defense verdict for a radiologist accused of professional negligence in Miami-Dade County, Florida.

  • Obtained a defense verdict for a trauma surgeon accused of professional negligence in Miami-Dade County, Florida.

  • Obtained a defense verdict for an anesthesiologist accused of professional negligence in Miami-Dade County, Florida.

  • Obtained a defense verdict for a hematologist accused of professional negligence in Miami-Dade County, Florida.

  • Obtained summary judgment and the award of attorney's fees in favor of a water treatment company.

  • Managed and litigated premises liability matters for a multinational retail company.

  • Served as defense counsel for international aerospace entity in product liability and commercial dispute matters.

  • Obtained successful resolution of social media dispute between aerospace industry client and third-party technology vendor.

  • Served as defense counsel for medical group in multi-million dollar wrongful death action.

  • Represented international health supplement company in Telephone Consumer Protection Act matter.

  • Served as products liability defense counsel for publicly traded plumbing supply and water treatment company.

  • Obtained a defense verdict for property insurer following a five-day jury trial in claim involving denial of coverage for storm damage.

  • Data Privacy/Cybersecurity, Investigations, and Critical Infrastructure

  • Conducted international internal ethics investigation for Fortune 500 transportation sector client.

  • Advised food and agriculture sector client on critical infrastructure matters, including designation of key personnel under CISA guidelines.

  • Cybersecurity and data privacy counsel for international digital media consortium, including third-party vendor contract negotiation and consultation on applicable domestic and international data protection laws.

  • Outside general counsel to aviation industry company, with special focus on data privacy and data protection issues.

  • Successfully defended a national mental health and substance abuse treatment entity in a HIPAA administrative investigation, resulting in no fines paid and the investigation closed.

  • Conducted internal ethics investigation for an academic apparel and sports equipment company.

  • Counseled a large municipality on privacy policy and conducted a vulnerability analysis of critical assets.

  • Served as an incident response and law enforcement liaison for a health care facility undergoing a ransomware attack.

  • Performed a privacy gap analysis and created a privacy program for a financial services entity.

  • Served as privacy compliance counsel for an international marketing automation platform.

  • Served as privacy and U.S. legal compliance counsel for an international emergency transport organization.

  • Served as general counsel for a federally funded community health center, focusing on its privacy and cybersecurity obligations.

  • Served as an incident response and law enforcement liaison and counsel for an energy sector company following a phishing attack.

  • Successfully negotiated a data migration contract with a national electronic medical records provider.

  • Performed an EU privacy compliance assessment for a U.S.-based international third party claims processor.

  • Successfully negotiated a technology services contract for a data hosting entity with a court-appointed receiver in a federal matter.

  • Emerging Technologies

  • Represented multiple cryptocurrency investor applying for EB-5 visa, including strategic planning and preparation of response to USCIS request for additional evidence of legal sources of digital funds (BTC/ETH).

  • Advised live music streaming client on digital marketing, privacy, and cybersecurity matters.

  • Represented crowdfunding startup in compliance with SEC and other cybersecurity/privacy laws and regulations.

  • Listed in The Best Lawyers in America® for Privacy and Data Security Law (2023, 2024)
  • Recipient – Baker Donelson's Fort Lauderdale Office Pro Bono Award (2022)
  • Recipient – Cuban American Bar Association Human Rights Member of the Year (2020)
  • Recipient – Exceptional Service in the Public Interest, FBI/InfraGard (2017)
  • Recipient – "Most Effective Lawyer," Daily Business Review (2015)
  • Board Member – InfraGard, South Florida Chapter Board of Director (2017 – present)
  • Board Member – University of Miami, Amigos of the Cuban Heritage Collection Board of Directors (2007 – present), Past Chairman of the Board
  • Member – Baker Donelson Diversity Committee (2018 – present)
  • Member – CISO Executive Network, South Florida Chapter (2019 – present)
  • Member – U.S. Secret Service, Miami Economic Crimes Task Force (2014 – present)
  • Member – International Association of Privacy Professionals (IAPP)
  • Member – American Bar Association, International Law Section
    • Vice Chair, Privacy, Cybersecurity, & Digital Rights Committee (2023 – 2024)
  • Member – The Florida Bar Association
  • Member – Cuban American Bar Association (CABA), CABA on Cuba Committee (2004 – present)
  • Advisor – Cybersecurity for Executives Program, University of South Florida (2018 – present)
  • Panelist – "International Human Rights & Legal Advocacy: The Cuba Case," Cuban American Bar Association's 2023 CABA on Cuba Conference (October 2023)
  • "Data Security Compliance and Risks: A Business Attorney's Guide," National Business Institute (February 2023)
  • Panelist – "Breakfast with Compliance Champs," SECNAP Network Security Educational Breakfast Series (October 2018)
  • "Data Breach Preparedness in the Healthcare Sector: Best Practices and Legal Considerations," InfraGard South Florida, Healthcare Sector Presentation (May 2018)
  • "What the Hack! Cybersecurity in 2018," Greater Boca Raton Estate Planning Council (April 2018)
  • "Professional and Medical Ethics," Emerald Coast Medical Association, 2018 CME Beach Retreat (January 2018)
  • "Florida Laws and Rules for Healthcare Providers," Emerald Coast Medical Association, 2018 CME Beach Retreat (January 2018)
  • "Cybersecurity Laws and Regulations Impacting Critical Infrastructure Sectors," InfraGard South Florida (September 2017)
  • "Cuba: What's Next?," Miami Association of Realtors (October 2016)
  • "2015 Update on the Florida Office Surgery Rules: What Every MD and DO Should Know," ACOG District XII, 2015 Annual District Meeting (August 2015)
  • "Developing Policies Across Latin America," Q1 Life Science Data Privacy Conference, Philadelphia, Pennsylvania (July 27 – 28, 2015)
  • "Derecho de Datos Personales y Seguridad: Temas de consideración por Dentistas en 2015," [Spanish language presentation on HIPAA and Florida Information Protection Act for Dental Professional Organization], COLA-HELO (Organización Profesional de Dentistas), Miami, Florida (March 2015)
  • "US-Cuba Policy Changes: Outlook for 2015," The Salt Institute, Miami Beach, Florida (March 2015)
  • "HIPAA/HITECH Update: What OBGYNS Must Know About Patient Privacy and Data Security in 2014," American Congress of Obstetrics and Gynecology, ACOG District XII Annual District Meeting, Recent Advances and Current Trends in OB/GYN, Orlando, Florida (August 2014)
  • "HIPAA/HITECH and Chiropractors: What You Must Know About Patient Privacy and Data Security in 2014," Dade County Chiropractic Society (August 2014)
  • "HIPAA/HITECH Update: Practical Effects and Enforcement Trends," American Health Law Association (January 2014)



  • The University of Arizona James E. Rogers College of Law, J.D., 1997
  • University of Massachusetts at Boston, M.S., 1994
  • State University of New York – Binghamton, B.S., 1989


  • Florida, 1997
  • U.S. District Court for the Southern District of Florida, 2002
  • U.S. District Court for the Northern District of Florida, 2002


  • Spanish

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept