Matt is an accomplished disputes and investigations lawyer who advises organizations, including some of the world’s most sophisticated corporate data users, vendors, and data-first organizations, on a broad spectrum of data privacy, data governance, and cybersecurity issues, leveraging more than 15 years of experience to litigate, solve problems, and advise on high-stakes and complex matters. Matt represents organizations across sectors, including technology, artificial intelligence, financial services, health care, and adtech and martech.
Holding a CIPP/US certification, Matt advises organizations on privacy and security obligations, cyber risk mitigation, data governance and licensing, to manage risk and implement effective governance solutions. He also handles security incident response and recovery, negotiates data-related contracts and transactions, and assists with product and program development. Additionally, he equips clients with practical legal and business insights into the data protection and litigation risks in acquisitions and divestitures. This way, Matt helps organizations navigate complex privacy and security obligations to avoid significant legal, financial, and reputational risks.
His experience encompasses frequently counseling clients on key US data laws, such as federal sectoral privacy laws for the financial services, health care, and education sectors, the TCPA and Illinois’s BIPA, the state privacy and data broker laws in effect in many states, and the cybersecurity rules in Massachusetts, New York, and Texas. He also often counsels on data laws worldwide, from north to south and from east to west. In doing so, he guides organizations to coherent and comprehensive compliance across often inconsistent legal frameworks.
As a litigator, Matt represents clients in cutting-edge, novel data- and privacy-related disputes in state and federal courts nationwide. He frequently delivers positive outcomes at the early stages of cases and when brought in to counter unfavorable developments. He also represents companies in commercial litigation, including class actions and investigations, taking the long view on the litigation and developing and executing on strategies that take the whole matter into consideration.
Matt writes widely on data privacy and cybersecurity matters, deploying his extensive legal experience in the field to analyze emerging issues. Earlier in his career, he worked at two other national firms and as a senior privacy counsel at one of the world’s largest financial institutions. Before that, Matt was a Java, SQL, and website developer.
Matt is an accomplished disputes and investigations lawyer who advises organizations, including some of the world’s most sophisticated corporate data users, vendors, and data-first organizations, on a broad spectrum of data privacy, data governance, and cybersecurity issues, leveraging more than 15 years of experience to litigate, solve problems, and advise on high-stakes and complex matters. Matt represents organizations across sectors, including technology, artificial intelligence, financial services, health care, and adtech and martech.
Experience
Privacy and Security Governance and Compliance Obligations
- Counseling professional sports and entertainment operators on maturing their privacy programs, including the use of facial recognition and biometrics within their facilities.
- Advising global leading chatbot and communication-platform providers on proactive data and communication privacy considerations and compliance with US and global wiretapping laws.
- Counseling a health care technology company operating at the intersection of health care plans, providers, and members on data privacy compliance in connection with the use of offshore resources.
- Counseling a global B2B data company on developing its product pipeline and on proactive compliance with the Federal Wiretap Act, the Stored Communications Act and state wiretap acts.
- Counseling a Big 4 advertising and public relations company in developing new tools to leverage health information to identify and generate audiences in order to improve advertising spend.
- Advising a leading S&P SmallCap 600 data connectivity company on enhancing and maturing its privacy program in response to changes in U.S. state privacy laws.
- Counseling a Fortune 250 consumer goods company on managing its privacy, data and security risk associaed with vendors and affiliates, including establishing a privacy-by-design vendor tiering and data transfer program to permit international data transfers across multiple jurisdictions.
- Advising two Big 4 accounting firms on privacy and security considerations, including the movement of sensitive data subject to extensive restrictions, information security obligations and general privacy compliance.
- Advising a global systemically important bank on privacy compliance and operations under the GLBA, the CCPA, HIPAA and international privacy laws.
- Advising a leading online reseller on privacy and cybersecurity, including counseling on securities disclosures and testing and maturing the organization’s incident response plan and processes.
- Advising an independent, multifacility health care system on maturing and enhancing its privacy and security program, including its HIPAA Privacy, Security, and Breach Notification Rule compliance.
- Counseling a vertically integrated technology and financial institution on developing its privacy program, including preparing and aligning its GLBA and CCPA privacy statements.
- Advising a global online gaming company on its privacy disclosures and compliance with app store privacy rules.
Security Incidents and Cyber Risks
- Representing diverse companies in the financial services and health care sectors, including provider networks and multifacility healthcare systems in responding to security incidents involving potential unauthorized access to sensitive personal information.
- Representing a leading online reseller in responding to social engineering attacks against its employees.
- Representing a global systemically important bank in first-in-the-nation litigation at the intersection of the CCPA and
GLBA, involving the alleged theft of financial information. - Representing a Fortune 250 consumer goods company in investigating and responding to a ransomware attack at a vendor that impacts the development of a high-profile product.
- Representing a leading health care data analytics organization in identifying potential security weaknesses and developing, enhancing and maturing its security program.
Commercial Litigation
- Representing a Fortune 100 financial institution in complex, consolidated breach of contract litigation and advising on data handling obligations of the outside counsel team.
- Representing a Fortune Global 500 financial institution in complex litigation over corporate governance and allegations of financial fraud.
- Representing a leading national specialty retailer and a S&P 600 technology company in separate wiretapping lawsuits at the intersection of communication technologies, SaaS solutions, artificial intelligence, and privacy.
- Representing the specialty retailer arm of a national health insurance company in putative class actions alleging violations of consumer protection laws.
- Representing a Fortune 100 pharmaceutical company in mass torts litigation in e-discovery and cross-border data flows, including advising the organization on the transfer of sensitive health care data across borders and across multiple regulatory regimes, including the GDPR, PIPEDA, the Australian Privacy Act, and Israeli law.
- Representing a leading sports league in handling and producing sensitive player data in class action and mass tort litigation.
M&A and General Corporate Compliance
- Counseling leading global investment and private equity firms on evaluating the privacy and security concerns for potential investments and acquisitions.
- Counseling an S&P 500 enterprise software company on strategic issues connected with an acquisition arising out of changes to privacy laws and privacy offerings in the marketplace, including around changes to the adtech and martech ecosystems.
- Counseling a Fortune 250 consumer goods company on corporate and management fiduciary duties related to the organization and the structure of its security response program and compliance with best practices in conformity with U.S. securities laws.
- Advising healthtech startups and investors on the application of novel anonymization techniques, including differential privacy, to permit deidentified data analytics of sensitive health care data to improve medical research.
- Representing an independent, multifacility health care system in the acquisition and integration of a major enterprise software solution.
- Representing a global nonprofit advocacy and research organization in the transition of its research data network to a new provider and new contractual structure.
- Representing a national health care company in the potential divestment of a retail subsidiary.
Above experience is representative of work done at a prior firm.
News & Press
FCA Settlements Demonstrate Importance of Cybersecurity Controls Imposed by Contract
August 20, 2024
Members Scott Lashway, Laurence Freedman, and Special Counsel Matthew Stein published an article in Bloomberg Law about how recent False Claims Act (FCA) settlements show a focus on cybersecurity enforcement. In the article, they outline how organizations with government contracts can mitigate the risk of cybersecurity-related FCA investigations and litigation.
Publications
- Co-author, "FCA Settlements Demonstrate Importance of Cybersecurity Controls Imposed By Contract," Bloomberg Law (August 2024)
- Author, “Massachusetts’ march to comprehensive privacy legislation: an end-of-year update,” Massachusetts Lawyers Weekly (January 2024)
- Co-author, “How SEC And NY Cyber Reporting Rules Affect Key Industries,” Law360 (December 2023)
- Co-author, “Chapter 7: Telehealth and digital health privacy regulations,” Diabetes Digital Health and Telehealth (2022)
- Co-author, “Signs Inscribed on a Gate: The Impact of Van Buren v. United States on Civil Claims Under the Computer Fraud and Abuse Act,” Western New England Law Review (2022)
- Co-author, “Consumer Financial Services Answer Book (2022 Edition),” Practising Law Institute (November 2021)
- Co-author, “Cryptojacking: A Real, Economic Threat,” Legaltech News (June 2021)
- Co-author, “Considerations in Machine Learning–Led Programmatic Underwriting,” RAIL: The Journal of Robotics, Artificial Intelligence & Law (May 2021)
- Co-author, “Addressing The Security Risks Of University Foreign Funding,” Law360 (January 2021)
- Co-author, “An Intersection Between Ransomware and U.S. National Security: OFAC Speaks,” Corporate Compliance Insights (October 2020)
- Co-author, “Conducting Internal Investigations During the COVID-19 Pandemic,” Law Journal Newsletters’ Business Crimes Bulletin (March 2020)
- Co-author, “Figuring Out if You Are ‘Doing Business’ in California Under the CCPA,” Bloomberg Law (February 2020)
Matt is an accomplished disputes and investigations lawyer who advises organizations, including some of the world’s most sophisticated corporate data users, vendors, and data-first organizations, on a broad spectrum of data privacy, data governance, and cybersecurity issues, leveraging more than 15 years of experience to litigate, solve problems, and advise on high-stakes and complex matters. Matt represents organizations across sectors, including technology, artificial intelligence, financial services, health care, and adtech and martech.
Recognition & Awards
Greater Boston Chamber of Commerce’s Boston’s Future Leaders Program (2014)
Matt is an accomplished disputes and investigations lawyer who advises organizations, including some of the world’s most sophisticated corporate data users, vendors, and data-first organizations, on a broad spectrum of data privacy, data governance, and cybersecurity issues, leveraging more than 15 years of experience to litigate, solve problems, and advise on high-stakes and complex matters. Matt represents organizations across sectors, including technology, artificial intelligence, financial services, health care, and adtech and martech.
Involvement
- Book Publishing Board Member, Litigation Section, American Bar Association (2017-2019, 2023-Present)
- Newsletter editor, Class Actions & Derivative Suits Section, American Bar Association (2016-2018)