Featured Experience:

• Led a team representing an academic medical center throughout its response to and investigation of a widely reported cybersecurity matter, including advising on and managing the forensic investigation, crisis communications, litigation defense, regulatory interactions, law enforcement engagement, and all related matters.
• Served as lead counsel for a leading children's hospital, successfully defending allegations in a purported class action that alleged patient data was inappropriately accessed in violation of privacy and security disclosures. The case centered on a novel legal theory that a HIPAA Privacy Notice formed a contractual basis to bring actual and implied breaches of contract, a theory the court summarily rejected after significant oral argument.
• Serving as lead counsel for a global financial institution and asset manager in breach of contract and fraud litigation that involved more than 10 consolidated actions over a sizable asset.
• Represented a global data and technology company throughout an investigation of, and its response to, simultaneous intrusions by multiple nation-state attackers and various financially motivated threat actors.
• Secured dismissal of a purported class action for a surgical and medical facility in an issue of first impression in the US Court of Appeals for the Eleventh Circuit. The case concerned Article III standing requirements to plead harm in a case brought against a health care facility, which alleged that patient data had been accessed, stolen, and posted on the internet by a well-known threat actor.

Cybersecurity, Data Privacy, and Technology-Focused Matters

• Represented a health care analytics company and its business associate in its investigation of and response to a reported security compromise and reported breach by a vendor.
• Defended a global data and technology company in a Delaware Chancery Court action related to data quality and integrity that was brought by a competitor.
• Led a team representing a global biotechnology company in investigating and defending against a cyberattack by a sophisticated threat actor. This matter involved extensive interaction with various US agencies and law enforcement.
• Represented a start-up multimedia company with an international audience against allegations involving data theft and raiding in a state court litigation, proactively advancing cyber espionage claims against former executives and employees.
• Represented a leading publisher of legal, business, and regulatory information as a plaintiff in federal court case alleging the unauthorized taking of millions of dollars of protected data through an online portal using a bot, or "data scraper.”
• Obtained dismissal on matters of first impression for a global risk intelligence company in a purported class action alleging violation of state law concerning the alleged display of consumers' Social Security numbers. Also secured appellate victories upholding dismissal up to the state's highest court and established jurisdiction of a purported class action in the state's complex business session.
• Secured a complete defense verdict for a multichannel media company after a two-week federal court bench trial involving allegations of IP rights violations and Massachusetts consumer protection laws.
• Conducted an internal investigation and cyber incident response for a global retail chain focusing on concerns of credit card theft spanning four continents.
• Advised various clients on federal and state wiretapping statutes related to website pixels, cookies, tracking technologies, and chatbots. This work has included defending a healthtech provider in federal court litigation concerning alleged wiretapping violations through the deployment of social media pixels on its website, defending a national retailer in litigation regarding alleged wiretapping violations involving the deployment of a leading chatbot on its website, and advising health care companies on complying with recent US Department of Health and Human Services guidance as to the application of the Health Insurance Portability and Accountability Act's (HIPAA) Privacy Rule to website tracking technology.
• Counseled a health care claims and analytics company in its response to a publicly reported cybersecurity matter from a key vendor providing cybersecurity and privacy-related services, including advising on investigation and reporting obligations to hundreds of downstream vendors.
• Defended numerous clients in lawsuits brought by Atlas Data Privacy Corporation and others asserting violations of New Jersey's Daniel's Law, NJ Statutes section 56:8-166.1, which relates to the privacy of judicial officers and the online publication of data about law enforcement personnel.
• Represented a cloud e-commerce platform company in its response to multiple cybersecurity incidents involving alleged credit card data theft and misuse as well as in a privacy class action filed in Delaware.
• Advised a biotechnology and therapeutics company in its response to reports of hacking of its patient technology, which entailed an investigation and reporting to the FDA.
• Advised a Big 4 accounting firm on numerous security and privacy matters.
• Represented a health information cloud provider throughout its investigation and remediation of a ransomware attack that encrypted thousands of patient records.
• Advised a global health care company on matters related to a material joint venture with a pharmaceutical company, developing a privacy and security framework in compliance with laws from 50+ jurisdictions.
• Represented an adtech company in connection with the collection, processing, and transfer of data across dozens of global jurisdictions, which included data transfers into and out of the US.
• Advised a real estate and property tech (proptech) industry group and its global members on the California Consumer Privacy Act (CCPA) through white papers and industry presentations and in presenting comments on the CCPA regulations.
• Oversaw an internal investigation and incident response for a global restaurant chain in connection with concerns of credit card theft involving the potential exposure of millions of cards.
• Represented individuals accused in a federal court action of violating the Computer Fraud and Abuse Act and the Stored Communications Act as part of an alleged scheme to clone a state-owned petrochemical company's electronic infrastructure.
• Counseled a global financial services company on the redesign and rebuild of its digital forensics and cybersecurity functions to increase the company's efficiency and efficacy in response to disputes, investigations, and compliance risks.
• Advised one of the world's largest technology companies on the development and drafting of data privacy and security addendums focused on hardware and software, which reflect new privacy obligations and potential security-related liability.
• Advised an e-gaming company in connection with global cybersecurity and privacy risks and obligations in a potential transaction.
• Counseled a defense contractor on the containment and remediation of a ransomware attack that impacted the company's production and assembly operations and reported information pursuant to federal defense contractor obligations.
• Advised a professional services firm in an investigation of a business email compromise involving dozens of employees, which compromised the data for various firm clients.

Business Litigation, Financial Institution Litigation, Class Actions and Crisis Management

• Obtained a defense verdict as first-chair trial counsel for a start-up media company, prevailing on all counts after a two-week federal court bench trial involving allegations of violations of intellectual property rights and a Massachusetts consumer protection statute.
• Defended a Fortune 100 life insurance company in a purported class action that challenged the company's retention of surplus profits and its alleged noncompliance with Massachusetts law concerning the distribution of dividends to policy owners, with alleged damages of billions of dollars.
• Represented a mutual life insurance company — and obtained a motion-to-dismiss victory — in a purported class action, which concerned the company's corporate governance and members' voting rights to elect the company's board of directors. The case presented matters of first impression under Massachusetts law and ultimately upheld the company's 160-year-old practice.
• Defended a financial services company in a purported class action that challenged the legality of the company's bylaws and certain amendments, which raised matters of first impression, and provided guidance to the company and its board of directors on a second round of bylaw amendments.
• Counseled a foreign-based asset manager and its US parent company on the acquisition of a Korean asset manager, serving as the parent company's representative in Korea throughout the process of gaining regulatory approval from the Korean government.
• Represented a global pharmacy chain in litigation defending allegations related to alleged Telephone Consumer Protection Act violations.

Internal Investigations, Government Enforcement, and White Collar Defense

• Advising a global medical technology company in its response to multiple subpoenas stemming from a DOJ investigation of third parties' alleged Medicare fraud schemes relating to genetic testing.
• Advised a global company in its investigation of the offboarding of employees suspected of raiding the company’s customer information, trade secrets, and proprietary information.
• Led an investigation of accounting irregularities for a start-up technology company preparing for an initial public offering (IPO) or acquisition.
• Resolved an SEC enforcement matter and other regulatory inquiries — stemming from allegations of a purported Dodd-Frank Act whistleblower — related to the disclosure of certain variable annuity features on behalf of a life insurance company.
• Represented financial service companies, including life insurance companies and broker-dealers, in connection with regulatory inquiries involving alleged sales practice violations as well as product design and disclosure matters. These engagements involved interacting with the SEC, FINRA, and state regulatory authorities (including the Massachusetts Division of Securities, the Massachusetts Division of Insurance, the Massachusetts Attorney General, and the NYDFS).