Back To Search

Mary-Elizabeth Hadley

Associate, Corporate Department
T 1(202) 551-1750
F 1(202) 551-0150
Mary-Elizabeth M. Hadley is a senior associate, based in Paul Hastings’ Washington, DC office. Her practice focuses on privacy and data security, and she regularly advises companies across a wide range of sectors on compliance with U.S. and global privacy and data security laws and regulations. She also has experience providing advice on a broad array of other regulatory issues, including those related to export controls and government contracts, conducting Foreign Corrupt Practices Act investigations, and defending clients against civil litigation. Ms. Hadley writes frequently regarding privacy and data security developments.


Privacy & Data Security Representative Experience 

  • Conducting privacy and data security risk assessments of global companies, including a casino and clinical trial review company, by conducting interviews, analyzing policies and procedures, and providing recommendations.
  • Advising companies responding to incidents of data breach, including with related regulatory inquiries. 
  • Formulation of more than thirty consumer and business-to-business privacy policies.
  • Advising on privacy risks raised by mergers and acquisitions.
  • Negotiating vendor contracts, including information protection and security addenda and key privacy terms.
  • Providing advice to companies regarding certification to the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks for international data transfers.
  • Advising companies on compliance with numerous federal privacy laws, including the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act and the Children’s Online Privacy Protection Act.

Additional Representative Experience 

  • Defense of two former executives of IndyMac Bank in a five week federal jury trial in Los Angeles involving the failure of IndyMac Bank. 
  • Representation of a global company in multiple Foreign Corrupt Practices Act internal investigations.
  • Pro bono representation of an international human rights organization as amicus curiae at the certiorari stage in the U.S. Supreme Court.
  • Pro bono representation of military veterans in appeals to the U.S. Court of Appeals for the Federal Circuit.

Speaking Engagements and Publications

  • New Privacy Training Requirements for Covered Federal Contractor Employees, PH Perspectives (April 2017) 
  • Swiss Privacy Shield Update: Get Ready to Certify on April 12, PH Privacy (March 2017)
  • Panelist, Top Tips for IoT Success, Benchmark Litigation Privacy & Data Security Privacy Forum (February 14, 2017)
  • Swiss Privacy Shield Approved; Applications Accepted April 12, PH Privacy (January 2017)
  • 72-Hour Cyberattack Reporting Rule for Federal Government Contractors Finalized, PH Stay Current (October 2016)
  • FTC Report on Big Data: Risks & Recommendations, PH Privacy (October 2016)
  • Panelist, Privacy Shield: Super Hero or Super Zero? Five Simple Steps to Certify, International Association of Privacy Professionals (IAPP) KnowledgeNet, Research Triangle Park, NC (August 16, 2016)
  • Clarifying Two Areas of Confusion on Privacy Shield: September 30, 2016, Deadline & Effect on Swiss Safe Harbor, PH Privacy (August 2016)
  • Privacy and Data Security Issues in M&A Transactions - A Checklist, PH Perspectives (May 2016)
  • FTC’s First Foray into APEC Cross-Border Privacy Rules: Settlement Reached, PH Privacy (May 2016)
  • The Future of Consumer Data Security, Privacy and the Internet of Things: Guidance from FTC Commissioner Terrell McSweeny, PH Privacy (February 2016)
  • EU-U.S. Safe Harbor Update: U.S. Chamber of Commerce & BusinessEurope Issue Letter Urging Leaders to Reach New Agreement, PH Privacy (December 2015)
  • Key Takeaways from FTC Workshop on Cross-Device Tracking, PH Privacy (November 2015)
  • EU-U.S. Safe Harbor Update: Agreement in Principle on Aspects of a New Framework, PH Privacy (November 2015)
  • House Seeks to Reassure Europe by Approving Bill to Extend Privacy Protections to Certain Foreign Citizens, PH Privacy (October 2015)
  • Social Media Site Posts Safe from Criminal Defendants’ Pre-Trial Subpoenas, Says a California Appellate Court, Caveat Vendor (September 2015)
  • Third Circuit Upholds FTC’s Authority to Regulate Cybersecurity “Unfairness,” Caveat Vendor (September 2015)
  • Three Lessons Learned from a Data Breach Investigation, Caveat Vendor (September 2015)
  • Wave of FTC Safe Harbor Enforcement Continues with 13 Proposed Settlements, Caveat Vendor (August 2015)
  • A Circuit Split Emerges: At Least for Now, the Protection Afforded to Cell Location Information Depends on Where You Are, Caveat Vendor (August 2015)
  • Internet of Things: Continued Regulatory Focus and Consistent Themes, but Not Without Discord, Caveat Vendor (June 2015)
  • LinkedIn Reference Searches Do Not Violate the FCRA, Says a Federal Court, Caveat Vendor (April 2015)
  • New Law Requires New Jersey Health Insurance Companies to Encrypt Personal Information, Caveat Vendor (January 2015)
  • Self-Regulatory Organization Enforcement Agreements Aim to Increase Transparency in Personalized Ads, Caveat Vendor (November 2014)
  • Certain Financial Institutions Can Save Money by Posting Privacy Notices Online, Says the CFPB, Caveat Vendor (October 2014)
  • FTC Workshop on Big Data: Lots of Questions & a Few Answers, Caveat Vendor (September 2014)
  • Warrantless Cell Tracking Won’t Work . . . At Least Not in the Eleventh Circuit, Caveat Vendor (June 2014)
  • Clarifying California Law on Privacy Policies: California AG Issues New Guidance, Caveat Vendor (May 2014)
  • Scope of Stored Communications Act Continues to Be Defined: DOJ Says Companies Can Share Aggregated Cyber Threat Data, Caveat Vendor (May 2014)
  • Going, Going, Not Gone – Snapchat Settles FTC Claims regarding Non-Disappearing Messages, Caveat Vendor (May 2014)
  • Overseas Data Not Safe from U.S. Government Search Warrant Power, Caveat Vendor (May 2014)
  • FTC Scores Key Victory in Challenge to its Authority to Enforce Data Security, PH Stay Current (April 2014)
  • California Privacy Law Developments with Potentially Far-Reaching Consequences, PH Stay Current (November 2013)
  • FTC Releases Second Set of COPPA FAQs: Here Are Some Highlights, Caveat Vendor (August 2013)
  • Legislation To Permit Cyber-Intelligence Sharing: Why All The Fuss?, Caveat Vendor (May 2013)
  • California Gives Its Teens the Right to Be Forgotten, Caveat Vendor (April 2013)
  • Responding to Corporate Criminal Investigations, BNA (April 2013)
  • Digital Privacy Reform: Bipartisan Legislation Introduced in the House, Caveat Vendor (March 2013)

Professional and Community Involvement

  • Admitted to practice in the District of Columbia and North Carolina
  • Serves as Membership Outreach Chair of the D.C. Bar Young Litigators Committee
  • Member, American Bar Association
  • Member, Junior League of Washington


  • Ms. Hadley received her J.D., with honors, from the Georgetown University Law Center in 2010, where she was Senior Notes Editor of The Georgetown Journal of Legal Ethics.
  • She received her B.A., from Wake Forest University, cum laude, in 2005, where she studied Spanish, Economics, and International Studies.