Privacy and Data Security

• Obtained voluntary dismissal in a putative data breach class action for a global Biopharma Company.  
• Employee benefits company in a putative class action arising from a data breach involving HIPAA and other sensitive data.  
• Global consumer company in response to a data breach, putative class actions and regulatory enforcement in the U.S. and Europe.
• GoTo and LastPass in multiple putative class actions related to the 2023 data breach of both companies.
• Major sports league NFT marketplace and global video game provider in putative class actions alleging violations of the Video Privacy Protection Act.
• A large national retailer against claims of violation of California’s Invasion of Privacy Act related to social media pixel technology.
• Multiple global cosmetics companies in a putative class action alleging violations of the Illinois Biometric Information Privacy Act.
• Publicly traded AP processor in response to data breach and regulatory enforcement actions.  
• Advising numerous public companies on compliance with the new SEC Public Company cybersecurity rules including development of Enterprise Risk Assessments and Board and Executive training and breach response table tops.
• Assisted a major entertainment company in developing VPPA compliance program.
• Cloud software company in response to a cybersecurity attack.
• Multiple companies in response to the Log4j vulnerability including coordinating the response, responding to regulatory inquiries and working with third parties.
• Counseled a medical device manufacturer on a coordinated vulnerability disclosure from a third party researcher on one of the projects.
• Counseling multiple companies on increased cyber risk resulting from the Ukraine and Russia conflict.
• L’Oreal USA, Inc. against multiple putative class actions alleging that L’Oreal’s virtual makeup try on service violates Illinois’ Biometric Information Privacy Act.  Obtained voluntary dismissal in two separate actions.
• BioFire Diagnostics, LLC in a $100 million trade secret and breach of contract action brought by U.S. Medical Networks LLC relating to medical diagnostic technologies.
• Led a global manufacturing company’s response to the disclosure of potential vulnerabilities in its products.
• Led an internal investigation into a multinational information technology company’s supply chain and computer network security, and representing the company in a related SEC investigation.
• Assisted a global pharmaceutical company in implementing a global data governance structure, including clinical data, sales and marketing data, and employee information.
• An access solutions and products company in an EU GDPR data breach, following a failure of servers at a data center impacting EU residents, as well as notifying the relevant Supervisory Authority.
• An e-commerce and digital marketing company in response to unauthorized disclosure of personal data in a public marketing campaign, including reporting and coordination with Supervisory Authority in the EU.
• A diversified financial services group in a data breach litigation brought against a check processing and payday loan company for negligently allowing client’s check information to be compromised, resulting in millions of dollars of fraudulent checks being written.
• Counseled one of the world’s largest e-commerce and payments processing companies in all aspects of its GDPR compliance and cross-border data transfer systems.
• Advised a major international manufacturing conglomerate on its privacy and data security systems, with a particular emphasis on meeting GDPR requirements.
• Advised an OEM auto parts company in response to a data breach relating to the theft of W-2 information for employees across seven states.
• Guided several of the world’s largest automakers on the development of its privacy and data security programs for their U.S. autonomous vehicle fleets and various aftermarket parts.
• Advised one of the largest construction equipment rental companies on the development of its privacy and data security programs for its Canadian and European affiliates and protecting data transfers from that region.
• Advised a U.S. college on a school-wide review of its privacy and data security programs, particularly with respect to information received from international applicants.
• A major financial institution in its development of its privacy and data protection program, including compliance with European Union privacy and data transfer laws and data breach response plans.
• Worked with a large, multinational automobile parts supplier on the development of its privacy policies and data breach response plan.
• A Fortune 20 company on a modernization outsourcing contract that was terminated by its former customer. The customer alleged that certain personally identifiable information was visible on public terminals even after users logged off. After a six-week bench trial, the court found that no data breach had occurred, among other findings for the client.
• A financial services firm against two large competitors in a trade secret, misappropriation, trademark infringement, and breach of copyright lawsuit related to Exchange Traded Funds.
• Advised a national automotive parts supplier on its Privacy Shield certification and compliance.
• Advised an international metal manufacturer on compliance with GDPR, including reviewing and revising external facing privacy notices.
• Advising one of the world’s largest hedge funds on worldwide privacy and cybersecurity matters including, international privacy compliance programs and transfer mechanisms.
• One of the world’s largest hedge funds in a series of data breaches involving personal health information, personally identifiable information and company confidential information.
• Spectrum Pharmaceuticals, Inc. in an internal investigation into a ransomware attack against the company.
• Led an energy technology company’s response to a cybersecurity incident, including communications with third parties and regulators, through the successful completion of the merger.

Trial Experience

• Lead trial counsel in a patent litigation filed against a Chinese competitor in the medical device field. After commencement of discovery and claim construction, secured a major victory for client when the competitor agreed to withdraw all accused products from the market.
• A Fortune 20 company on a modernization outsourcing contract that was terminated by its former customer. After successfully compelling the customer to produce tens of thousands of documents improperly held under various claims of privilege, scored a significant victory prior to trial, winning summary judgment against the customer on all of its fraud claims. After a six-week bench trial, the Marion County Superior Court awarded client more than $52 million on its claims against the former customer for payment for services rendered. The court simultaneously dismissed the customer’s claims for breach of contract, including its claim for more than $1.3 billion in damages. Also, successfully defended against a data privacy breach claim brought by the customer.
• A corporation in a lawsuit relating to mobile device management. Prior to trial, plaintiff dropped one of its patents from the litigation, and the court invalidated more than half of the claims in the remaining patent. The case was tried to a verdict in 2012. After the verdict, the judge granted defendant’s JMOL motion, finding that defendant did not infringe the plaintiff’s patent. Awarded one of the top 25 defense verdicts in California in 2012.
• Plaintiffs in a multi-patent lawsuit relating to peritoneal dialysis. Defendant conceded infringement on a number of patents prior to trial. The case was tried to verdict in 2010.
• Chicago’s largest no-kill animal organization in the prosecution of a trademark in the U.S. Patent and Trademark Office. In addition, performed a comprehensive IP asset evaluation for client to determine other areas of potential protection.

• Presenter, IANS Executive Communications Q3 Recap, “Ransomware’s Evolution and the Business/Legal Implications” (October 27, 2020)
• Speaker, IANS 2020 Boston Virtual CISO Roundtable, “The Changing Landscape in Cybersecurity, Privacy, and Risk Management” (October 21, 2020)
• Speaker, IANS 2020 New York Virtual CISO Roundtable, “The Changing Landscape in Cybersecurity, Privacy, and Risk Management” (September 24, 2020)
• Speaker, IANS 2020 Chicago/Columbus Virtual CISO Roundtable, “The Changing Landscape in Cybersecurity, Privacy, and Risk Management” (September 15, 2020)
• Speaker, Ankura 2020 Privacy Webinar Series, “Return to Work Privacy Alert” (June 30, 2020)
• Adjunct professor at the Mitchell Hamline School of Law, lecturing on international data privacy, global data breach response, and data governance.
• Presented on U.S. and European privacy considerations for an internationally focused webinar on “Managing COVID-19 through Technology: Locational Tracking and Privacy,” May 2020
• Quoted, “Hacker Diplomacy: Minimizing Business Risks Stemming From Vulnerability Disclosures,” Above the Law, August 2020
• Podcast, “Legal Ramifications of Vulnerability Disclosure,” The Cyber5 by Nisos, August 2020