Matt is an accomplished disputes and investigations lawyer who advises organizations and individuals, including sophisticated corporate data users, vendors, and data-first organizations, on a broad spectrum of data privacy, data governance, and cybersecurity issues. He leverages more than 15 years of experience in private practice and as in-house counsel at a global financial institution to litigate and provide guidance on high-stakes and complex matters. Matt represents clients in a variety of industries, including technology, artificial intelligence, financial services, health care, blockchain, and the adtech and martech sectors.
Holding a Certified Information Privacy Professional/United States (CIPP/US) certification issued by the International Association of Privacy Professionals, Matt regularly provides proactive guidance on privacy and security governance and compliance obligations. He also manages and mitigates security incidents and cyber risks, advises on data governance and licensing issues, negotiates data-related contracts and transactions, and assists with product and program development. Additionally, he has advised clients on the data protection aspects of acquisitions and divestitures and on litigation risk, including providing pricing to account for the materiality of litigation, privacy, security, and data risk to the transaction.
His experience encompasses counseling clients on US federal and state data laws, including the federal Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Family Educational Rights and Privacy Act (FERPA), the CAN-SPAM Act, the Telephone Consumer Protection Act (TCPA), the California Consumer Privacy Act (CCPA), the Illinois Biometric Information Privacy Act, Massachusetts and New York cybersecurity rules, and the Virginia Consumer Data Protection Act (VCDPA). He also provides guidance on global data laws, such as the EU’s General Data Protection Regulation (GDPR) and ePrivacy Directive, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Brazil’s LGPD, and China’s Personal Information Protection Law).
In the litigation side of his practice, Matt represents clients in cutting-edge data- and privacy-related disputes in state and federal courts nationwide, including cases involving novel claims. He frequently achieves positive outcomes at the early stages of cases and when brought in to counter unfavorable developments. He also represents companies in commercial litigation, including class actions and investigations.
Matt writes widely on data privacy and cybersecurity matters, deploying his extensive legal experience in the field to analyze emerging issues. Before joining Mintz, he was a special counsel in the Privacy and Data Security Practice at a national, Los Angeles–based firm. Earlier, he was a senior privacy counsel at one of the world’s largest financial institutions, where he counseled company leaders on global and US privacy laws, including the GLBA, the CAN-SPAM Act, and the GDPR, and practiced at a global law firm, focusing on privacy and security matters, litigation and regulatory enforcement matters, and M&A diligence.
Before law school, Matt worked as a Java, SQL, and website developer.
Matt is an accomplished disputes and investigations lawyer who advises organizations and individuals, including sophisticated corporate data users, vendors, and data-first organizations, on a broad spectrum of data privacy, data governance, and cybersecurity issues. He leverages more than 15 years of experience in private practice and as in-house counsel at a global financial institution to litigate and provide guidance on high-stakes and complex matters. Matt represents clients in a variety of industries, including technology, artificial intelligence, financial services, health care, blockchain, and the adtech and martech sectors.
Experience
Privacy and Security Governance and Compliance Obligations
- Counseling professional sports and entertainment operators on maturing their privacy programs, including the use of facial recognition and biometrics within their facilities.
- Advising global leading chatbot and communication-platform providers on proactive data and communication privacy considerations and compliance with US and global wiretapping laws.
- Counseling a health care technology company operating at the intersection of health care plans, providers, and members on data privacy compliance in connection with the use of offshore resources.
- Counseling a global B2B data company on developing its product pipeline and on proactive compliance with the Federal Wiretap Act, the Stored Communications Act and state wiretap acts.
- Counseling a Big 4 advertising and public relations company in developing new tools to leverage health information to identify and generate audiences in order to improve advertising spend.
- Advising a leading S&P SmallCap 600 data connectivity company on enhancing and maturing its privacy program in response to changes in U.S. state privacy laws.
- Counseling a Fortune 250 consumer goods company on managing its privacy, data and security risk associaed with vendors and affiliates, including establishing a privacy-by-design vendor tiering and data transfer program to permit international data transfers across multiple jurisdictions.
- Advising two Big 4 accounting firms on privacy and security considerations, including the movement of sensitive data subject to extensive restrictions, information security obligations and general privacy compliance.
- Advising a global systemically important bank on privacy compliance and operations under the GLBA, the CCPA, HIPAA and international privacy laws.
- Advising a leading online reseller on privacy and cybersecurity, including counseling on securities disclosures and testing and maturing the organization’s incident response plan and processes.
- Advising an independent, multifacility health care system on maturing and enhancing its privacy and security program, including its HIPAA Privacy, Security, and Breach Notification Rule compliance.
- Counseling a vertically integrated technology and financial institution on developing its privacy program, including preparing and aligning its GLBA and CCPA privacy statements.
- Advising a global online gaming company on its privacy disclosures and compliance with app store privacy rules.
Security Incidents and Cyber Risks
- Representing multifacility health care systems, provider networks, and other health care companies in responding to security incidents involving potential unauthorized access to sensitive personal information.
- Representing a leading online reseller in responding to social engineering attacks against its employees.
- Representing a global systemically important bank in first-in-the-nation litigation at the intersection of the CCPA and
GLBA, involving the alleged theft of financial information. - Representing a Fortune 250 consumer goods company in investigating and responding to a ransomware attack at a vendor that impacts the development of a high-profile product.
- Representing a leading, publicly listed mortgage originator and servicer in investigating and responding to a potential security incident first identified by a gray-hat security researcher.
- Representing a leading health care data analytics organization in identifying potential security weaknesses and developing, enhancing and maturing its security program.
Commercial Litigation
- Representing a Fortune 100 financial institution in complex, consolidated breach of contract litigation and advising on data handling obligations of the outside counsel team.
- Representing a Fortune Global 500 financial institution in complex litigation over corporate governance and allegations of financial fraud.
- Representing a leading national specialty retailer in a putative class action lawsuit alleging its use of chatbot technology violates state wiretapping laws.
- Representing the specialty retailer arm of a national health insurance company in putative class actions alleging violations of consumer protection laws.
- Representing a Fortune 100 pharmaceutical company in mass torts litigation in e-discovery and cross-border data flows, including advising the organization on the transfer of sensitive health care data across borders and across multiple regulatory regimes, including the GDPR, PIPEDA, the Australian Privacy Act, and Israeli law.
- Representing a leading sports league in handling and producing sensitive player data in class action and mass tort litigation.
M&A and General Corporate Compliance
- Counseling leading global investment and private equity firms on evaluating the privacy and security concerns for potential investments and acquisitions.
- Counseling an S&P 500 enterprise software company on strategic issues connected with an acquisition arising out of changes to privacy laws and privacy offerings in the marketplace, including around changes to the adtech and martech ecosystems.
- Counseling a Fortune 250 consumer goods company on corporate and management fiduciary duties related to the organization and the structure of its security response program and compliance with best practices in conformity with U.S. securities laws.
- Advising healthtech startups and investors on the application of novel anonymization techniques, including differential privacy, to permit deidentified data analytics of sensitive health care data to improve medical research.
- Representing an independent, multifacility health care system in the acquisition and integration of a major enterprise software solution.
- Representing a global nonprofit advocacy and research organization in the transition of its research data network to a new provider and new contractual structure.
- Representing a national health care company in the potential divestment of a retail subsidiary.
Above experience is representative of work done at a prior firm.
Publications
- Author, “Massachusetts’ march to comprehensive privacy legislation: an end-of-year update,” Massachusetts Lawyers Weekly (January 2024)
- Co-author, “How SEC And NY Cyber Reporting Rules Affect Key Industries,” Law360 (December 2023)
- Co-author, “Chapter 7: Telehealth and digital health privacy regulations,” Diabetes Digital Health and Telehealth (2022)
- Co-author, “Signs Inscribed on a Gate: The Impact of Van Buren v. United States on Civil Claims Under the Computer Fraud and Abuse Act,” Western New England Law Review (2022)
- Co-author, “Consumer Financial Services Answer Book (2022 Edition),” Practising Law Institute (November 2021)
- Co-author, “Cryptojacking: A Real, Economic Threat,” Legaltech News (June 2021)
- Co-author, “Considerations in Machine Learning–Led Programmatic Underwriting,” RAIL: The Journal of Robotics, Artificial Intelligence & Law (May 2021)
- Co-author, “Addressing The Security Risks Of University Foreign Funding,” Law360 (January 2021)
- Co-author, “An Intersection Between Ransomware and U.S. National Security: OFAC Speaks,” Corporate Compliance Insights (October 2020)
- Co-author, “Conducting Internal Investigations During the COVID-19 Pandemic,” Law Journal Newsletters’ Business Crimes Bulletin (March 2020)
- Co-author, “Figuring Out if You Are ‘Doing Business’ in California Under the CCPA,” Bloomberg Law (February 2020)
Matt is an accomplished disputes and investigations lawyer who advises organizations and individuals, including sophisticated corporate data users, vendors, and data-first organizations, on a broad spectrum of data privacy, data governance, and cybersecurity issues. He leverages more than 15 years of experience in private practice and as in-house counsel at a global financial institution to litigate and provide guidance on high-stakes and complex matters. Matt represents clients in a variety of industries, including technology, artificial intelligence, financial services, health care, blockchain, and the adtech and martech sectors.
Recognition & Awards
Greater Boston Chamber of Commerce’s Boston’s Future Leaders Program (2014)
Matt is an accomplished disputes and investigations lawyer who advises organizations and individuals, including sophisticated corporate data users, vendors, and data-first organizations, on a broad spectrum of data privacy, data governance, and cybersecurity issues. He leverages more than 15 years of experience in private practice and as in-house counsel at a global financial institution to litigate and provide guidance on high-stakes and complex matters. Matt represents clients in a variety of industries, including technology, artificial intelligence, financial services, health care, blockchain, and the adtech and martech sectors.
Involvement
- Book Publishing Board Member, Litigation Section, American Bar Association (2017-2019, 2023-Present)
- Newsletter editor, Class Actions & Derivative Suits Section, American Bar Association (2016-2018)