Data Privacy

• Advising a multinational Fortune 500 company on the development, communication, and operationalization of privacy program and governance structure in the U.S., Canada, and international data protection across 18 jurisdictions, including creation of privacy principles, policies, notice, cross-border data strategy, data lifecycle management, individual rights management, Privacy by Design, third-party risk management, and training.
• Built an extensive privacy risk assessment framework for one of the largest broadband communications and video services providers in the U.S., evaluating privacy risk for delivery of content to approximately 4.9 million customers across 21 states.
• Advising private equity and other investment funds in the U.S., Europe, and Asia on implementing and operationalizing the CCPA, NY Department of Financial Services Cybersecurity Regulation, GDPR, GLBA, SEC rules, and evolving state and federal privacy regulations.
• Developed COVID-19 privacy risk framework, including privacy considerations regarding temperature and symptom checks for employees, vendors, and customers and serological testing of employees and evaluating retention and sharing requirements in the U.S., Europe, Middle East, and Asia.
• Advising mortgage servicer and lender on privacy and cybersecurity compliance, developing compliance program to ensure compliance with the GLBA, CCPA, and other laws.

Cybersecurity

• Represented an online retailer in a data breach affecting 50 states and 16 countries; assisting with the identification of the nature and scope of the intrusion; working with the information technology team and experts to restore normal system operation; providing customer notification and call center management, states’ regulatory negotiations, discussions with PCI-DSS council and payment card issuers, and public relations communications.
• Led investigation of a ransomware attack by an advanced persistent threat actor, retaining forensic investigators, recovery and restoration service, and public relations consultants, ensuring OFAC compliance, advising on SEC cyber disclosures, facilitating communications with auditors, communicating with law enforcement, and providing notification to approximately 16 million individuals and 52 different regulators.
• Represented clients in a broad array of regulatory cyber investigations, including FTC, SEC, FCC, CFPB, HHS, and others.
• Advised top-ten U.S. city in ransomware incident impacting city employees and residents, advising on legal obligations, notifications, regulatory discussions, and strategic communications.
• Advising a multistate hospital system in a data breach by a third-party vendor affecting nearly four million patients nationwide; counseling on notification obligations to patients and regulators and multidistrict litigation.
• Represented an online retailer in responding to an aggressive attack, guiding the company through its investigation, retaining forensic experts, coordinating with law enforcement, and resolving the breach with minimal exposure to the company.
• Counseling a retailer with more than half a billion dollars in annual sales in all phases of an unauthorized intrusion into its network, interfacing with the Federal Bureau of Investigation (FBI) and identifying internal control improvements.

Class Actions

• Representing numerous companies in defending against claims asserted under federal and state anti-wiretapping laws, including the California Invasion of Privacy and the Wiretapping and Electronic Surveillance Control Act.
• Represented a 14-hospital health system that included clinics, home health services, and doctors serving Indiana and Illinois, advising them on data breach response, data breach litigation, and state attorney general enforcement.
• Represented a communications and media company in consolidated putative class actions alleging claims for negligence, negligence per se, breach of implied contract, violation of the New York Labor Law, and violation of the Cable Communications Act arising from a data security incident involving the personal data of current and former employees.
• Defended client in consolidated putative class actions arising from data breach involving the alleged exposure of personally identifiable information and asserting common law tort claims, as well as New York and California statutory claims, including claims under the California Consumer Privacy Act (CCPA), and obtained a full dismissal at the district court level of all claims.
• Advised client in putative class action arising from a data breach at a third-party service provider involving alleged claims for negligence, negligence per se, breach of confidence, breach of implied contract, breach of fiduciary duty, and violation of the state consumer protection act.
• Represented a guardrail manufacturer in two consumer class actions in the Western District of Wisconsin and Southern District of Illinois alleging fraud, breach of warranty and contract unjust enrichment, and violations of the Deceptive Trade Practices Act.
• Defeated class certification in a federal securities class action, using expert testimony to rebut predominance under Rule 23(b)(3).
• Obtained a favorable settlement within insurance limits in a derivative suit against directors of a publicly traded energy company alleging claims of breach of fiduciary duty and unjust enrichment.
• Secured a complete dismissal of fiduciary duty claims alleged against directors of a publicly traded company in federal court in Texas.

Matters may have been handled prior to joining Paul Hastings.

• Moderator, Apollo Portfolio Tech & Digital Conference, June 11, 2024
• Speaker, “Privacy Law Update,” DFW Financial Services Counsel Roundtable, June 4, 2024
• Speaker, “After the Data Breach,” Talks On Law, April 2024
• Panelist, "The Latest Update in Privacy," Association of Corporate Counsel (ACC) National Capital Region and ACC San Francisco Bay Area, March 19, 2024, March 2, 2023, and March 17, 2022
• Moderator, “Law Tech Connect: Protection from Mayhem,” Xponential, April 22, 2024
• Moderator, “Adapting to Shifting State Privacy Laws: Creating Synergies within Your Data Protection Program,” General Counsel Conference Southwest, September 20, 2023
• Speaker, “Class Action for Breach of Data Protection,” ICLG.com Global Class Actions Symposium, November 16, 2021
• Speaker, “A Day in the Life of Incident and Data Breach: How to Help Ensure Global Compliance,” Association of Corporate Counsel Houston Chapter, August 19, 2021
• Speaker, “Defensible Data Retention: The Holy Grail of Mitigating Data Privacy Risks,” Association of Corporate Counsel, September 16, 2020
• Speaker, “How Do You Put a System of Controls in Place When Your Target Keeps Moving?,” Cybersecurity and Data Privacy Law Conference, The Center for American and International Law, Plano, TX, September 10, 2020
• Speaker, “The Evolving Cybersecurity Regulatory Framework: What Startups Need to Know,” Dallas Startup Week, Dallas, TX, September 2, 2020
• Speaker, “Privacy and Data Security Forum: 2019 Year in Review and Preparing for 2020,” Association of Corporate Counsel National Capital Region, Washington, D.C., February 13, 2020
• Speaker, “Tactics to Combat Privacy Enforcement Actions,” Association of Corporate Counsel Dallas-Fort Worth, Dallas, TX, February 11, 2020
• Speaker, “The Changing Face of Privacy Laws,” Annual New York Private Investment Funds Conference, New York, September 26, 2019
• Speaker, “The Biometric Information Privacy Act (BIPA): The Recent Explosion of Lawsuits in Illinois and How Businesses Can Reduce Legal Risk,” TecNation Chicago (Illinois Chamber of Commerce), August 15, 2019
• Speaker, “Preparing for the Unknown Privacy and Cybersecurity Regulation,” HFM Billion Dollar Club North American COO Summit, June 2019
• Speaker, “Value-Based Branding: Why Building Relationships Trumps Selling,” National Association of Women Lawyers Conference, Dallas, May 3, 2018
• Speaker, “Cybersecurity,” SEC Hot Topics Institute, Dallas, September 14, 2017
• Speaker, “Data Privacy and Cybersecurity – What CRAs Need to Know,” AccioData Conference, Austin, February 21, 2017
• Speaker, “The Practical Approaches to Data Privacy & Cyber Security,” Apollo Portfolio Company Conference, Las Vegas, October 17, 2017
• Panelist, “Cybersecurity Preparedness for 2016: Board Oversight & Best Practices,” The Society of Corporate Secretaries – Texas Chapter, Dallas, March 2, 2016
• Panelist, “Lawyers Leading the Race to Cybersecurity: How to Help Your Leadership Defend Attacks in 2016,” ACC South Central, February 3, 2016
• Panelist, “EB-5 & Data Security – Risk Management and Insurance Considerations,” Invest in the USA, January 7, 2016
• Panelist, “Investment Management Spotlight – The Ever-Changing Landscape,” Deloitte and the Managed Funds Association, December 3, 2015
• Panelist, “Map the Privacy Frontier,” Bloomberg BNA Privacy & Data Security Breakfast Panel Discussion, September 16, 2015
• Panelist, “Cybersecurity: Risks and Best Practices for Medical Device Makers,” MDMA Webcast, March 25, 2015
• Panelist, “Fraud-on-the-Market Theory: Significant Issues and Updates for 2014 and Beyond,” The Knowledge Congress Live Webcast, August 7, 2014

• Co-Chair: Class Actions and Derivative Suits and Securities Litigation, Litigation Section, American Bar Association
• Co-Founder: Domestic Violence Project, Austin Young Lawyers Association
• Member: Texas Bar Association Pro Bono College; J. Reuben Clark Law Society; Women’s Advocacy Project; Leadership Dallas Class of 2019