John Michels is an associate in the Privacy and Cybersecurity practice of Paul Hastings, and is based in the Firm's Chicago office. John focuses his practice on data breach investigation and response, privacy litigation, and regulatory investigations. John's experience includes managing large-scale cybersecurity incident investigations, responding to governmental subpoenas and investigative demands, and advising clients on compliance with privacy laws such as the EU's General Data Protection Directive (GDPR), the California Consumer Privacy Act (CCPA), and the Illinois Biometric Information Protection Act (BIPA). John also has litigated numerous actions in federal court under the Fair Credit Reporting Act (FCRA). Prior to law school, John was a combat survival, enemy evasion, interrogation resistance, and captivity escape specialist for the U.S. Air Force. During his eight years of service, he occupied a variety of leadership roles involving operational planning and personnel recovery coordination.
Northwestern Pritzker School of Law, J.D. (cum laude), 2018
American Military University, B.A. (with honors), 2014
Young Privacy Professional, Chicago Chapter of the International Association of Privacy Professionals
Represented a Fortune 500 manufacturing company in the investigation of website cyberattacks targeting consumer payment card data.
Conducted an investigation into a data breach at a global retailer, and represented the company in a related Federal Trade Commission (FTC) investigation.
Represented a national credit reporting bureau in federal litigation related to alleged violations of the Fair Credit Reporting Act (FCRA).
Advised a multinational financial services company on compliance with biometric information protection statutes.
Counseled a global access solutions and products company on the development of its privacy and data protection program, including compliance with the European Union's General Data Protection Regulation (GDPR).
Represented a computer hardware company in response to an alleged supply chain cybersecurity attack, and in a related investigation by the Securities and Exchange Commission (SEC).
Represented eight veterans of the armed forces in federal litigation against predatory lenders under the Racketeer Influenced and Corrupt Organizations Act (RICO).