Sheryl Falk

Partner and Co-Lead, Winston’s Global Privacy & Data Security

Sheryl, co-leader of the firm’s Global Privacy and Data Security Task Force, brings significant investigation and litigation experience to her practice to navigate regulatory and litigation inquiries arising out of data security incidents. A former Assistant U.S. Attorney, she has 25 years of litigation experience before state and federal courts, as well as arbitrators. Her work has garnered recognition in Legal 500.


Intellectual Property, Litigation, Privacy & Data Security, Trade Secrets, White Collar, Regulatory Defense & Investigations, eDiscovery & Information Governance


Health Care Privacy & Data Security, Disruptive Technologies



Court Admissions

USCA - 5th Circuit, Southern District of Texas


University of Houston, JD, 1991
University of the South - Sewanee, BA, 1988

Sheryl Falk concentrates her practice in data security, cyber and other internal investigations, trade secret litigation, and complex commercial litigation. Sheryl has significant experience helping clients protect data, from developing data security and trade secret protection procedures to responding to data security incidents and investigating trade secret theft claims. In her data security practice, she counsels clients on how to identify and mitigate business and legal risks arising out of these incidents.

Sheryl is an experienced litigator known for extracting the truth in each of her cases. As a Certified Computer Examiner, Sheryl uses her knowledge and background to provide invaluable assistance to clients in connection with data security issues and the theft of trade secrets and confidential information.

Recently, she was on the successful Winston team that secured a $24.5 million jury verdict for a post-tension company in federal court in Houston, Texas. Sheryl led the forensic investigation in this case that recovered key evidence and uncovered the defendants’ destruction of evidence.

Because data protection and privacy issues have far-reaching implications, Sheryl’s cross-disciplinary practice enables her to assist clients on a variety of legal issues, including:

  • counseling clients through the data breach response process and running data breach investigations;
  • advising clients on international data protection and cross- border data transfers;
  • providing in-house analysis based on technical background during data breach;
  • investigating and litigating regulatory inquiries arising out of data security incidents;
  • directing internal investigations of the theft of trade secrets;
  • developing privacy compliance programs and trade secret protocols; and
  • counseling clients on privacy and data protection considerations of internet of things, cloud, and third-party data outsourcing.


  • Suncoast Post-Tension, Ltd. v. Peter Scoppa, The Sterling Engineering Group of Companies, PT USA, Inc., and Sandeep Patel. After a five-day trial, a Houston federal jury awarded $24.5 million in a copyright and trade secret theft case in favor of Winston client Suncoast Post-Tension, Ltd., the nation’s largest supplier of systems that strengthen concrete for high-rise buildings and other structures. The Winston team proved that a former employee and others on two continents conspired to steal Suncoast’s proprietary information and start a competing company. Sheryl’s discovery of key evidence was crucial in the jury’s ruling. After trial, the district court awarded attorneys’ fees and pre-judgment interest, bringing the final verdict to almost $28 million.
  • INROCK Drilling Systems, Inc. et al. v. Darrell Klesel, et al. Served as counsel for INROCK Drilling Systems, Inc. in trade secret litigation in the 215th Judicial District Court of Harris County, Texas against six former employees and two corporate defendants involving products and services in the horizontal directional drilling industry. Successfully obtained a temporary restraining order, expedited discovery, and temporary injunction against defendants. The case was quickly developed and litigated, and was settled favorably against all defendants within three months
  • Successful trial against multi-plaintiff products liability claim involving plastic resin chairs.
  • Successful trial resulting in $7.5 million verdict in breach of contract case for chemical manufacturer.
  • Successful trial defending against Estate of Elvis Presley’s claim of trademark infringement.
  • Successfully defended company against a $12 million shareholder’s derivative claim in arbitration.
  • Defended against a $15 million products liability claim arising out of petrochemical explosion blamed on a defective valve. After winning partial summary judgment, case settled.


  • Named a “Texas Trailblazer” by Texas Lawyer's (2019)
  • Ranked in The Legal 500 U.S. for trade secret litigation and cyber law (including data privacy and data protection) (2018)
  • Recognized as “Top Rated General Litigation Attorney in Houston, TX” by Super Lawyers


Sheryl is co-leader of Winston’s Global Privacy and Data Security Task Force and co-chairs the firm’s Cross-Border Data Privacy subcommittee.


Sheryl received a B.A. from Sewanee: The University of the South and a J.D. from the University of Houston. Sheryl also holds a Certified Computer Examiner (CCE) certification from the International Society of Forensic Computer Examiners (ISFCE).


Sheryl is a regularly requested speaker on the legal issues surrounding today’s digital technology. Her insight on computer forensics, data breach investigations, international data transfer, internet of things, and digital evidence has been shared with peers and industry leaders.

Recent speaking engagements include:

  • "Data Privacy – The Good, The Bad and The Ugly," Women’s Global Leadership Conference in Energy (WGLC), Houston, October 29, 2019
  • "Hacking Our Identity: Biometrics, AI, and Emerging Technology Issues," International Association of Privacy Professionals, Houston, October 1, 2019
  • “GDPR,” National Association of Attorneys General (NAAG) Fall Conference, Houston, October 22, 2018
  • “Data Privacy & GDPR: The Age of the GDPR - A Perspective Four Months In,” Legal Technology Showcase & Conference, Houston, September 27, 2018
  • “The Intersection of Cybersecurity Risks and Regulatory Requirements – Practical Advice from the Experts,” Association of Corporate Counsel’s (ACC) Privacy and Data Security Group Meeting, Houston, September 25, 2018
  • “Privacy & Data Security: Navigating the Challenges of Emerging Technologies,” Silicon Valley, September 6, 2018
  • “Mitigating Risk in the Era of Digital Transformation,” Ernst & Young’s Legal Compliance and Technology Forum, Houston, Texas, May 1, 2018
  • “Effectively Partnering with Outside Counsel to Protect Your Data,” CLOC Annual Legal Operations Institute, Las Vegas, NV, April 23, 2018
  • “Cyber Security and Cyber Insurance,” State Bar of Texas Advanced Real Estate Drafting Seminar, Dallas, TX, March 16, 2018
  • “Making Sense of the Patchwork of Cybersecurity Laws: What is Reasonable?” alongside James E. Elliott Federal Trade Commission (FTC), Advanced Intellectual Property Law, Houston, TX, February 7, 2018
  • “Welcome to the Internet of Things: Risks every in house counsel needs to know!” Association of Corporate Counsel, Houston, TX, November 9, 2017
  • “The impact of the EU General Data Protection Regulation (GDPR) on cross-border transfers of data for the purpose of litigation or investigations,” The Sedona Conference Working Group 6 (WG6) Membership-Building Event, Houston, TX, October 17, 2017
  • “Tips and Tricks for Negotiating Data Privacy and Security Provisions,” Association of Corporate Counsel, Houston, TX, August 8, 2017
  • “6 Degrees of Forensics: Employing Digital Forensics in Any Matter,” Enfuse Conference, Las Vegas, NV, May 25, 2017
  • “Cybersecurity: Safeguarding Confidential Data,” Ideas Forum for In House Counsel, Houston, TX, April 27, 2017
  • “Ethical Obligations to Protect Client Data,” The Sedona Conference, St. Pete Beach, FL, January 16, 2017
  • “Cyber Insurance and Cyber Security,” Texas State Bar CLE, San Antonio, TX, July 9, 2016
  • “Solving Previously Unsolvable Cases With Digital Forensics,” International Offshore Alert Conference London, United Kingdom, November 15, 2016
  • “Navigating the Social Media Minefield: Advice from Experts in Employment Law, Data Security and Computer Forensics,” Association of Corporate Counsel, Houston, TX, June 8, 2016
  • “The Five Mistakes you don’t want to make when Providing Forensic Testimony,” Computer Enterprise Investigations – Enfuse Conference, Las Vegas, NV, May 23–26, 2016
  • “Solving Previously Unsolvable Cases with Computer Forensics,” Offshore Alert Fraud Conference, Miami, FL, May 2–3, 2016
  • “Safe Harbor - Not So Safe? What Should Businesses Do Next?” Winston & Strawn LLP, Houston, TX, February 4, 2016
  • “Focus on Forensic Issues,” Harris County Judges Judicial Education Conference, San Antonio, TX, August 4, 2015
  • “IP Theft from In-House to Courtroom,” “Forensic Testimony in Court,” and “Your Career Path – Where Do You Go From Here?,” Computer Enterprise Investigations Conference (CEIC), Las Vegas, NV, May 18–21, 2015
  • “Cloud Computing: Critical Business, Technology, Legal, and Regulatory Considerations and Negotiation Strategies,” University of Texas at Austin School of Law’s 28th Annual Technology Law Conference, Austin, TX, May 21, 2015
  • “Thunderstruck: Intellectual Property Issues in the Cloud,” Association of Corporate Counsel – Corporate Section, Houston, TX, April 21, 2015
  • “Practical Advice on How to Conduct a Data Breach Investigation to Minimize your Risk,” Champlain College, Burlington, VT, April 17, 2015
  • “Focus on Protecting Your Information: Preparing for and Responding to an Insider Threat,” International Association of Privacy Professionals (IAPP) Houston Chapter KnowledgeNet, Houston, TX, March 24, 2015
  • “Strategies to Maintain and Enforce your Trade Secrets,” Winston eLunch Webinar, September 17, 2014
  • “Trade Secret Litigation–from In house to the Courthouse,” High Technology Crime Investigation Association’s 2014 HTCIA International Conference, Austin, TX, August 25, 2014
  • “The Zero Hour Phone Call: Strategies to Take When Faced with a Data Breach,” Houston Infragard Banking & Finance Special Interest Group, Houston, TX, June 24, 2014
  • “Anatomy of a Cloud Computing Data Breach,” ACC Houston Chapter ITPEC Practice Group, Houston, TX, June 17, 2014
  • “The Zero Hour Phone Call – How to Respond to a Data Break to Minimize Your Risk,” Computer Enterprise Investigations Conference (CEIC), Las Vegas, NV, May 19-22, 2014
  • “Trade Secrets Investigations,” AccessData Users’ Conference, Las Vegas, NV, May 14-16, 2014
  • “Cyber Security For Decision Makers: A Non-Technical Presentation,” NASA and the University of Houston event, Houston, TX, December 10, 2013
  • “Trade Secret Investigations: Focusing on Digital Evidence to Catch a Thief” and “Security Response and Breach Notification,” Masters Conference for Legal Professionals, September 19, 2013
  • “What to Do After a Cyber Penetration and Data Breach,” Energy Security Council (ESC) 2013 Annual Conference, Woodlands, TX, May 8, 2013
  • “The Zero Hour Phone Call – How to Respond to a Data Breach to Minimize Your Legal Risks,” University of Houston-Clear Lake Cyber Security Collaboration Forum, Houston, TX, April 4, 2013