Privacy and Consumer Regulatory

Representative Experience

  • Lead counsel representing a preeminent financial services and private wealth firm against defamation and invasion privacy claims brought by a departed executive advisor.
  • Worked with a major retailer regarding its data breach, and particularly with regards to Congressional investigations and hearings.
  • Works with the National Retail Federation, National Association of Chain Drug Stores and other retail trade associations to support important data security and data breach policies.
  • Successfully represented a nationwide radiology company in two lawsuits brought in Georgia involving departing physician shareholder groups who then competed against our clients. These lawsuits involved extensive breach of contract, breach of fiduciary duty and competition issues, and both were resolved on very favorable terms to our clients.
  • Advised a publicly traded corporation regarding the potential jurisdiction of the Consumer Financial Protection Bureau over the operations of multiple subsidiaries. Work included assessments of whether subsidiaries were “covered persons”, whether subsidiaries may be considered to be “larger participants” subject to CFPB supervision, and authority the CFPB may exercise over the company and its subsidiaries under consumer protection statutes for which full or partial authority was transferred to the CFPB.
  • Advised an e-commerce client regarding enrollment in the Department of Commerce Safe Harbor Program for the transfer of personal information from the European Union to the United States.  Advice included assisting the client in developing safe harbor compliant consumer and human resources privacy policies, development of internal implementing policies and controls and completion of required filings with the Department of Commerce.
  • Conducted a privacy risk assessment for a client with multiple e-commerce properties. The privacy assessment examined the client’s online and offline privacy practices and marketing practices as well as internal privacy controls in areas such as human resources, with compliance and best practice recommendations to the client in each area, when appropriate.
  • Advised a client regarding developing an online privacy policy and related content for a website designed for consumers from several European Union member states. In addition to advising the client regarding the content of the online privacy policy, we also advised the client regarding obtaining the consent of individuals providing information through the site for the transfer of health information to the United States.
  • Draft website privacy policies.
  • Successfully represented a consumer reporting agency before the Federal Trade Commission in a nonpublic FTC inquiry into compliance with the Fair Credit Reporting Act. Following document productions, responses to interrogatories, and meetings with the FTC staff, the inquiry was closed without further action by the FTC.
  • Advised a client in connection with the development of a consolidated online privacy policy to govern more than 80 company websites. Work included assisting the client in developing a survey tool to assess website privacy practices, reconciling the survey results, making best practice recommendations regarding changes in website practices, and developing a consolidated online privacy policy.
  • Advised a consumer electronics retailer regarding consumer data breach notification obligations and other steps to respond to a data breach. In addition to advising the client regarding consumer, regulatory, and other notifications advice also addressed matters pertaining to the investigation of the breach, cooperation with law enforcement, and enhancing internal controls to minimize the potential for additional breaches.
  • Advised a client regarding the development of a HIPAA/HI-TECH Act compliance program covering its potential obligations as a business associate of HIPAA covered entities. Assisted the client in the conduct of a gap analysis to identify areas where further action may be necessary depending upon proposed changes to the HIPAA privacy, security, and breach notification regulations.
  • Represented a large consumer information company in one of the nation’s first high profile data breaches. In addition to representing the client before the Federal Trade Commission, we also advised the client on consumer breach notification issues, congressional testimony, and enhancements to the client’s internal controls.
  • Provided counsel and strategic advice to the background screening industry on employment and tenant screening issues before the U.S. Congress and multiple federal agencies.