Skip to Main Content

Ericka Johnson

Partner

101 Constitution Avenue, NW
Suite 900
Washington, D.C., 20001
T 202.689.2970
ericka.johnson@nelsonmullins.com
Send Email to Ericka Johnson Download vCard for Ericka Johnson Download PDF

Ericka focuses her practice on cybersecurity and privacy, with significant experience leading global incident response, regulatory investigations, and litigation arising from data breaches and security incidents. As the former Global Cybersecurity Counsel for ByteDance, including TikTok and its other affiliated companies, she regularly advises clients in high-pressure moments following cybersecurity events, coordinating internal investigations, breach...

Ericka focuses her practice on cybersecurity and privacy, with significant experience leading global incident response, regulatory investigations, and litigation arising from data breaches and security incidents. As the former Global Cybersecurity Counsel for ByteDance, including TikTok and its other affiliated companies, she regularly advises clients in high-pressure moments following cybersecurity events, coordinating internal investigations, breach notifications, and multijurisdictional regulatory responses. Ericka also defends clients in enforcement actions brought by the DOJ, FTC, SEC, OCR, and state Attorneys General, particularly where privacy violations or disclosure obligations are at issue.

In addition to her response work, Ericka provides proactive counsel on cybersecurity risk management, including leading tabletop exercises, advising boards of directors, and designing privacy and incident response programs. She has led cross-border incident response efforts and overseen global regulatory engagement for large, highly regulated organizations. She has also served as outside counsel to state and local governments, advising public agencies—including in healthcare and education—on cybersecurity preparedness and breach response.

Ericka is also a reservist in the U.S. Marine Corps. During her active-duty service, she served as the principal cybersecurity legal advisor to the Marine Corps’ senior uniformed attorney at the Pentagon, helping establish the legal specialty for cybersecurity. She also served as counsel for cyber and information operations during a combat deployment to Afghanistan. Ericka continues to serve as a Reservist in the Washington, D.C. area.

notifications, and multijurisdictional regulatory responses. Ericka also defends clients in enforcement actions brought by the DOJ, FTC, SEC, OCR, and state Attorneys General, particularly where privacy violations or disclosure obligations are at issue.

In addition to her response work, Ericka provides proactive counsel on cybersecurity risk management, including leading tabletop exercises, advising boards of directors, and designing privacy and incident response programs. She has led cross-border incident response efforts and overseen global regulatory engagement for large, highly regulated organizations. She has also served as outside counsel to state and local governments, advising public agencies—including in healthcare and education—on cybersecurity preparedness and breach response.

Ericka is also a reservist in the U.S. Marine Corps. During her active-duty service, she served as the principal cybersecurity legal advisor to the Marine Corps’ senior uniformed attorney at the Pentagon, helping establish the legal specialty for cybersecurity. She also served as counsel for cyber and information operations during a combat deployment to Afghanistan. Ericka continues to serve as a Reservist in the Washington, D.C. area.

Experience

The following is a selected sampling of matters and is provided for informational purposes only. Past success does not indicate the likelihood of success in any future matter.

Previous Professional Experience 

  • Senior Privacy & Security Counsel, TikTok U.S. Data Security (2025)
  • Global Cybersecurity Counsel, ByteDance (2024)
  • Senior Associate, International Law Firm (2017–2024)
  • Active-Duty U.S. Marine Corps Judge Advocate (2011–2016)

Representative Matters 

Regulatory Investigations and Enforcement 

  • Lead counsel on U.S. regulatory investigations stemming from high-profile privacy incidents, responsible for reviewing all regulatory correspondence and advising on public-facing media statements to ensure alignment and mitigate enforcement risk. Developed a comprehensive, consistent narrative across agencies and jurisdictions to avoid unnecessary escalation.
  • Represented multinational companies in inquiries by state Attorneys General, DOJ, and SEC following cybersecurity breaches, crafting defensible narratives in response to questions concerning breach scope, delay in discovery, and adequacy of security controls.
  • Represented a U.S. state in an OCR investigation following a healthcare data breach, resulting in no fine or enforcement action after coordinating tailored cybersecurity training for state agencies and demonstrating proactive remediation.
  • Represented a university in an active investigation by the U.S. Department of Education and Federal Student Aid (FSA) following a ransomware incident, ultimately resolving the matter with no fine or public action after negotiating a remediation agreement focused solely on implementing additional technical controls.
  • Responded to multistate inquiries from Attorneys General following a high-profile media article about a technology company breach, culminating in a declination of further action after strategic engagement with lead states and assurance of adequate response measures.
  • Advised a government contractor facing Congressional inquiries regarding the use of federal funds in relation to Cybersecurity Maturity Model Certification (CMMC) requirements, helping the client navigate committee expectations and demonstrate programmatic compliance, resulting in positive resolution.

Cybersecurity and Data Breach Response

  • Directed global incident response efforts for multinational organizations, including regulatory and individual notifications across jurisdictions.
  • Authored and implemented company-wide incident response plans, including playbooks, escalation protocols, and internal training programs.
  • Designed insider risk management protocols and supported internal investigations following data compromise events.
  • Led cybersecurity tabletop exercises and risk mitigation training for hospitals, universities, and publicly traded companies.

Privacy and Compliance

  • Developed U.S.-specific privacy programs in preparation for anticipated corporate transactions and increased regulatory scrutiny.
  • Counseled U.S.-based Technology Company on compliance with COPPA, state privacy laws, and cross-border data handling requirements.
The following is a selected sampling of matters and is provided for informational purposes only. Past success does not indicate the likelihood of success in any future matter.

Previous Professional Experience 

  • Senior Privacy & Security Counsel, TikTok U.S. Data Security (2025)
  • Global Cybersecurity Counsel, ByteDance (2024)
  • Senior Associate, International Law Firm (2017–2024)
  • Active-Duty U.S. Marine Corps Judge Advocate (2011–2016)

Representative Matters 

Regulatory Investigations and Enforcement 

  • Lead counsel on U.S. regulatory investigations stemming from high-profile privacy incidents, responsible for reviewing all regulatory correspondence and advising on public-facing media statements to ensure alignment and mitigate enforcement risk. Developed a comprehensive, consistent narrative across agencies and jurisdictions to avoid unnecessary escalation.
  • Represented multinational companies in inquiries by state Attorneys General, DOJ, and SEC following cybersecurity breaches, crafting defensible narratives in response to questions concerning breach scope, delay in discovery, and adequacy of security controls.
  • Represented a U.S. state in an OCR investigation following a healthcare data breach, resulting in no fine or enforcement action after coordinating tailored cybersecurity training for state agencies and demonstrating proactive remediation.
  • Represented a university in an active investigation by the U.S. Department of Education and Federal Student Aid (FSA) following a ransomware incident, ultimately resolving the matter with no fine or public action after negotiating a remediation agreement focused solely on implementing additional technical controls.
  • Responded to multistate inquiries from Attorneys General following a high-profile media article about a technology company breach, culminating in a declination of further action after strategic engagement with lead states and assurance of adequate response measures.
  • Advised a government contractor facing Congressional inquiries regarding the use of federal funds in relation to Cybersecurity Maturity Model Certification (CMMC) requirements, helping the client navigate committee expectations and demonstrate programmatic compliance, resulting in positive resolution.

Cybersecurity and Data Breach Response

  • Directed global incident response efforts for multinational organizations, including regulatory and individual notifications across jurisdictions.
  • Authored and implemented company-wide incident response plans, including playbooks, escalation protocols, and internal training programs.
  • Designed insider risk management protocols and supported internal investigations following data compromise events.
  • Led cybersecurity tabletop exercises and risk mitigation training for hospitals, universities, and publicly traded companies.

Privacy and Compliance

  • Developed U.S.-specific privacy programs in preparation for anticipated corporate transactions and increased regulatory scrutiny.
  • Counseled U.S.-based Technology Company on compliance with COPPA, state privacy laws, and cross-border data handling requirements.

Community

  • Cavalry Member, Iraq and Afghanistan Veterans of America (IAVA)

Military

  • U.S. Marine Corps, Active Duty and Reserves (2012–Present)
  • Preliminary Hearing Officer, USMC Reserves

Ericka focuses her practice on cybersecurity and privacy, with significant experience leading global incident response, regulatory investigations, and litigation arising from data breaches and security incidents. As the former Global Cybersecurity Counsel for ByteDance, including TikTok and its other affiliated companies, she regularly advises clients in high-pressure moments following cybersecurity events, coordinating internal investigations, breach... notifications, and multijurisdictional regulatory responses. Ericka also defends clients in enforcement actions brought by the DOJ, FTC, SEC, OCR, and state Attorneys General, particularly where privacy violations or disclosure obligations are at issue.

In addition to her response work, Ericka provides proactive counsel on cybersecurity risk management, including leading tabletop exercises, advising boards of directors, and designing privacy and incident response programs. She has led cross-border incident response efforts and overseen global regulatory engagement for large, highly regulated organizations. She has also served as outside counsel to state and local governments, advising public agencies—including in healthcare and education—on cybersecurity preparedness and breach response.

Ericka is also a reservist in the U.S. Marine Corps. During her active-duty service, she served as the principal cybersecurity legal advisor to the Marine Corps’ senior uniformed attorney at the Pentagon, helping establish the legal specialty for cybersecurity. She also served as counsel for cyber and information operations during a combat deployment to Afghanistan. Ericka continues to serve as a Reservist in the Washington, D.C. area.

Experience

The following is a selected sampling of matters and is provided for informational purposes only. Past success does not indicate the likelihood of success in any future matter.

Previous Professional Experience 

  • Senior Privacy & Security Counsel, TikTok U.S. Data Security (2025)
  • Global Cybersecurity Counsel, ByteDance (2024)
  • Senior Associate, International Law Firm (2017–2024)
  • Active-Duty U.S. Marine Corps Judge Advocate (2011–2016)

Representative Matters 

Regulatory Investigations and Enforcement 

  • Lead counsel on U.S. regulatory investigations stemming from high-profile privacy incidents, responsible for reviewing all regulatory correspondence and advising on public-facing media statements to ensure alignment and mitigate enforcement risk. Developed a comprehensive, consistent narrative across agencies and jurisdictions to avoid unnecessary escalation.
  • Represented multinational companies in inquiries by state Attorneys General, DOJ, and SEC following cybersecurity breaches, crafting defensible narratives in response to questions concerning breach scope, delay in discovery, and adequacy of security controls.
  • Represented a U.S. state in an OCR investigation following a healthcare data breach, resulting in no fine or enforcement action after coordinating tailored cybersecurity training for state agencies and demonstrating proactive remediation.
  • Represented a university in an active investigation by the U.S. Department of Education and Federal Student Aid (FSA) following a ransomware incident, ultimately resolving the matter with no fine or public action after negotiating a remediation agreement focused solely on implementing additional technical controls.
  • Responded to multistate inquiries from Attorneys General following a high-profile media article about a technology company breach, culminating in a declination of further action after strategic engagement with lead states and assurance of adequate response measures.
  • Advised a government contractor facing Congressional inquiries regarding the use of federal funds in relation to Cybersecurity Maturity Model Certification (CMMC) requirements, helping the client navigate committee expectations and demonstrate programmatic compliance, resulting in positive resolution.

Cybersecurity and Data Breach Response

  • Directed global incident response efforts for multinational organizations, including regulatory and individual notifications across jurisdictions.
  • Authored and implemented company-wide incident response plans, including playbooks, escalation protocols, and internal training programs.
  • Designed insider risk management protocols and supported internal investigations following data compromise events.
  • Led cybersecurity tabletop exercises and risk mitigation training for hospitals, universities, and publicly traded companies.

Privacy and Compliance

  • Developed U.S.-specific privacy programs in preparation for anticipated corporate transactions and increased regulatory scrutiny.
  • Counseled U.S.-based Technology Company on compliance with COPPA, state privacy laws, and cross-border data handling requirements.

Education

  • University of Wisconsin School of Law, JD (2011)
  • University of California Santa Barbara, BA, Business Economics, Dean's List Honors (2008)
    • NCAA Division I Softball
    • Academic All-American

Admissions

  • District of Columbia
  • Wisconsin

Practice Areas

  • Cavalry Member, Iraq and Afghanistan Veterans of America (IAVA)
  • U.S. Marine Corps, Active Duty and Reserves (2012–Present)
  • Preliminary Hearing Officer, USMC Reserves