Kelly DeMarchis Bastide

Kelly Bastide

Kelly DeMarchis Bastide is co-chair of the Privacy and Data Security Group. Kelly advises and represents clients on issues related to consumer data privacy and security, e-commerce, advertising, consumer protection, and online gaming. Her priority is providing actionable, business-friendly legal guidance to clients who process personal data, and she enjoys working with clients whose operations span data protection regimes in multiple jurisdictions. She has represented dozens of clients in regulatory and government investigations and takes pride in understanding their practices to better advocate on their behalf.

In addition to deep knowledge of U.S. laws and regulations, Kelly has extensive experience with European Union data protection, including the General Data Protection Regulation (GDPR), the United Kingdom GDPR, and the ePrivacy Directive.

Kelly advises clients on privacy and security laws and regulations that include federal and state unfair and deceptive trade practices laws; the California Consumer Privacy Act (CCPA) and the California Consumer Privacy Rights Act (CPRA); the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and state privacy bills; the Children's Online Privacy Protection Act (COPPA); the Health Insurance Portability and Accountability Act (HIPAA); the Fair Credit Reporting Act (FCRA); the Family Educational Rights and Privacy Act (FERPA); the financial Privacy Provisions of the Gramm-Leach-Bliley Act (GLBA); and state breach notification and security laws. Kelly also counsels on laws regarding advertising and e-commerce.

Her experience further incorporates navigating the laws governing remote gaming and gambling and advising on disclosures in relation to endorsements and testimonials.

Kelly’s practice includes:

  • Assessing the privacy practices of multinational companies and organizations against data protection laws and standards in multiple countries
  • Developing comprehensive privacy programs and standards for companies and organizations
  • Handling regulatory investigations before various federal and state government bodies
  • Reviewing and updating privacy policies, representations, and related practices to assess for risk and impact on new and ongoing business operations
  • Advising on the privacy aspects of corporate transactions
  • Handling all facets of a notifiable data security event, from initial advice through regulatory inquiries
  • Advising on compliance with various privacy and security laws, Federal Trade Commission guidance, and industry best practices

Kelly has worked with clients in various industry sectors, including nonprofit organizations, EdTech, advertising and marketing, entertainment, and consumer products.


Representative Matters

  • Represented a major Internet retailer in an FTC investigation and litigation surrounding in-app purchases for mobile applications
  • Represented a major media company in an advertising disclosures-related issue
  • Represented a leading provider of data services in an FTC investigation of its data security practices. The matter closed with no enforcement action
  • Represented multiple data brokers in response to an FTC 6(b) inquiry




  • J.D. University of Virginia School of Law 2004
    • Business editor, Virginia Environmental Law Journal
  • A.B. Philosophy and English Duke University 2000

Bar Admissions

  • District of Columbia
  • Pennsylvania

Court Admissions

  • U.S. Court of Appeals for the Sixth Circuit
  • U.S. District Court for the Western District of Pennsylvania


  • Legal 500, Media, technology and telecoms - Cyber law (including data privacy and data protection), 2021 – 2023
  • The Best Lawyers in America, 2024