Overview
Michelle Reed is Co-Chair of the Data Privacy and Cybersecurity group and is a partner in the Litigation Department at Paul Hastings. She is based in the firm’s Dallas office. Michelle has two decades of experience advising companies, boards, and executives on navigating the evolving risks in privacy and cybersecurity regulation, enforcement, and class action litigation.
Michelle is a leading lawyer in crisis management, guiding corporations in data breach investigations and notifications, Securities and Exchange Commission (SEC) cybersecurity compliance, regulatory investigations, privacy and data protection compliance, and emerging developments in artificial intelligence, biometrics, children’s privacy, geolocation, and national security.
A Certified Information Privacy Professional (CIPP/US, International Association of Privacy Professionals), Michelle assists clients in conducting comprehensive privacy and security risk assessments and develops policies and procedures to mitigate and remediate privacy and cybersecurity threats, frequently working across teams to find practical solutions. Chambers describes Michelle as “incredibly responsive and super knowledgeable.”
Michelle also represents clients in a variety of complex civil litigation matters, including securities class actions, derivative suits, and consumer class actions.
Recognitions
- Chambers Global, Privacy & Data Security (2024)
- Chambers USA, Privacy & Data Security: Cybersecurity USA–Nationwide (2021-2024)
- Chambers USA, Litigation: Securities–Texas (2022-2024)
- D Magazine, Best Lawyers in Dallas, Business/Commercial Litigation (2017, 2022-2024)
- The Legal 500 U.S., Cyber Law (2017-2024)
- The Legal 500 U.S., Securities Litigation: Defense (2023-2024)
- Lawdragon, 500 Leading Litigators in America (2024)
- Corporate Counsel, Women, Influence and Power in Law Awards, Best Mentor (2023)
- Pro Bono Champion, ABA Commission on Immigration (2023)
- The Best Lawyers in America, Litigation - Securities (2022-2023)
- Cybersecurity Docket, Incident Response (2021-2023)
- JD Supra, Readers’ Choice Awards (2020-2024)
- The American Lawyer, Best Mentor finalist (2021)
- Super Lawyers, Securities Litigation (2015-2020)
- Super Lawyers, Class Action/Mass Torts (2015-2020)
- Super Lawyers, Civil Litigation: Defense (2015-2020)
- Texas Lawyer, Attorney of the Year finalist (2020)
- Who’s Who Legal, Investigations (2020)
- Texas Lawyer, Texas Trailblazer (2019)
- National Diversity Counsel, Top 50 Women Lawyers in Dallas (2017)
- Dallas Business Journal, Women in Business Award (2017)
- Texas Lawyer, Lawyers on the Rise (2016)
- Recipient of the Frank Scurlock Award for Outstanding Pro Bono Service, State Bar of Texas (2013)
Education
- Brigham Young University J. Reuben Clark Law School, J.D. (summa cum laude) 2003
- Brigham Young University, B.A. (with honors) 1999
Representations
Data Privacy
- Advising a multinational Fortune 500 company on the development, communication, and operationalization of privacy program and governance structure in the U.S., Canada, and international data protection across 18 jurisdictions, including creation of privacy principles, policies, notice, cross-border data strategy, data lifecycle management, individual rights management, Privacy by Design, third-party risk management, and training.
- Built an extensive privacy risk assessment framework for one of the largest broadband communications and video services providers in the U.S., evaluating privacy risk for delivery of content to approximately 4.9 million customers across 21 states.
- Advising private equity and other investment funds in the U.S., Europe, and Asia on implementing and operationalizing the CCPA, NY Department of Financial Services Cybersecurity Regulation, GDPR, GLBA, SEC rules, and evolving state and federal privacy regulations.
- Developed COVID-19 privacy risk framework, including privacy considerations regarding temperature and symptom checks for employees, vendors, and customers and serological testing of employees and evaluating retention and sharing requirements in the U.S., Europe, Middle East, and Asia.
- Advising mortgage servicer and lender on privacy and cybersecurity compliance, developing compliance program to ensure compliance with the GLBA, CCPA, and other laws.
Cybersecurity
- Represented an online retailer in a data breach affecting 50 states and 16 countries; assisting with the identification of the nature and scope of the intrusion; working with the information technology team and experts to restore normal system operation; providing customer notification and call center management, states’ regulatory negotiations, discussions with PCI-DSS council and payment card issuers, and public relations communications.
- Led investigation of a ransomware attack by an advanced persistent threat actor, retaining forensic investigators, recovery and restoration service, and public relations consultants, ensuring OFAC compliance, advising on SEC cyber disclosures, facilitating communications with auditors, communicating with law enforcement, and providing notification to approximately 16 million individuals and 52 different regulators.
- Represented clients in a broad array of regulatory cyber investigations, including FTC, SEC, FCC, CFPB, HHS, and others.
- Advised top-ten U.S. city in ransomware incident impacting city employees and residents, advising on legal obligations, notifications, regulatory discussions, and strategic communications.
- Advising a multistate hospital system in a data breach by a third-party vendor affecting nearly four million patients nationwide; counseling on notification obligations to patients and regulators and multidistrict litigation.
- Represented an online retailer in responding to an aggressive attack, guiding the company through its investigation, retaining forensic experts, coordinating with law enforcement, and resolving the breach with minimal exposure to the company.
- Counseling a retailer with more than half a billion dollars in annual sales in all phases of an unauthorized intrusion into its network, interfacing with the Federal Bureau of Investigation (FBI) and identifying internal control improvements.
Class Actions
- Representing numerous companies in defending against claims asserted under federal and state anti-wiretapping laws, including the California Invasion of Privacy and the Wiretapping and Electronic Surveillance Control Act.
- Represented a 14-hospital health system that included clinics, home health services, and doctors serving Indiana and Illinois, advising them on data breach response, data breach litigation, and state attorney general enforcement.
- Represented a communications and media company in consolidated putative class actions alleging claims for negligence, negligence per se, breach of implied contract, violation of the New York Labor Law, and violation of the Cable Communications Act arising from a data security incident involving the personal data of current and former employees.
- Defended client in consolidated putative class actions arising from data breach involving the alleged exposure of personally identifiable information and asserting common law tort claims, as well as New York and California statutory claims, including claims under the California Consumer Privacy Act (CCPA), and obtained a full dismissal at the district court level of all claims.
- Advised client in putative class action arising from a data breach at a third-party service provider involving alleged claims for negligence, negligence per se, breach of confidence, breach of implied contract, breach of fiduciary duty, and violation of the state consumer protection act.
- Represented a guardrail manufacturer in two consumer class actions in the Western District of Wisconsin and Southern District of Illinois alleging fraud, breach of warranty and contract unjust enrichment, and violations of the Deceptive Trade Practices Act.
- Defeated class certification in a federal securities class action, using expert testimony to rebut predominance under Rule 23(b)(3).
- Obtained a favorable settlement within insurance limits in a derivative suit against directors of a publicly traded energy company alleging claims of breach of fiduciary duty and unjust enrichment.
- Secured a complete dismissal of fiduciary duty claims alleged against directors of a publicly traded company in federal court in Texas.
Matters may have been handled prior to joining Paul Hastings.
Engagement & Publications
- Moderator, Apollo Portfolio Tech & Digital Conference, June 11, 2024
- Speaker, “Privacy Law Update,” DFW Financial Services Counsel Roundtable, June 4, 2024
- Speaker, “After the Data Breach,” Talks On Law, April 2024
- Panelist, "The Latest Update in Privacy," Association of Corporate Counsel (ACC) National Capital Region and ACC San Francisco Bay Area, March 19, 2024, March 2, 2023, and March 17, 2022
- Moderator, “Law Tech Connect: Protection from Mayhem,” Xponential, April 22, 2024
- Moderator, “Adapting to Shifting State Privacy Laws: Creating Synergies within Your Data Protection Program,” General Counsel Conference Southwest, September 20, 2023
- Speaker, “Class Action for Breach of Data Protection,” ICLG.com Global Class Actions Symposium, November 16, 2021
- Speaker, “A Day in the Life of Incident and Data Breach: How to Help Ensure Global Compliance,” Association of Corporate Counsel Houston Chapter, August 19, 2021
- Speaker, “Defensible Data Retention: The Holy Grail of Mitigating Data Privacy Risks,” Association of Corporate Counsel, September 16, 2020
- Speaker, “How Do You Put a System of Controls in Place When Your Target Keeps Moving?,” Cybersecurity and Data Privacy Law Conference, The Center for American and International Law, Plano, TX, September 10, 2020
- Speaker, “The Evolving Cybersecurity Regulatory Framework: What Startups Need to Know,” Dallas Startup Week, Dallas, TX, September 2, 2020
- Speaker, “Privacy and Data Security Forum: 2019 Year in Review and Preparing for 2020,” Association of Corporate Counsel National Capital Region, Washington, D.C., February 13, 2020
- Speaker, “Tactics to Combat Privacy Enforcement Actions,” Association of Corporate Counsel Dallas-Fort Worth, Dallas, TX, February 11, 2020
- Speaker, “The Changing Face of Privacy Laws,” Annual New York Private Investment Funds Conference, New York, September 26, 2019
- Speaker, “The Biometric Information Privacy Act (BIPA): The Recent Explosion of Lawsuits in Illinois and How Businesses Can Reduce Legal Risk,” TecNation Chicago (Illinois Chamber of Commerce), August 15, 2019
- Speaker, “Preparing for the Unknown Privacy and Cybersecurity Regulation,” HFM Billion Dollar Club North American COO Summit, June 2019
- Speaker, “Value-Based Branding: Why Building Relationships Trumps Selling,” National Association of Women Lawyers Conference, Dallas, May 3, 2018
- Speaker, “Cybersecurity,” SEC Hot Topics Institute, Dallas, September 14, 2017
- Speaker, “Data Privacy and Cybersecurity – What CRAs Need to Know,” AccioData Conference, Austin, February 21, 2017
- Speaker, “The Practical Approaches to Data Privacy & Cyber Security,” Apollo Portfolio Company Conference, Las Vegas, October 17, 2017
- Panelist, “Cybersecurity Preparedness for 2016: Board Oversight & Best Practices,” The Society of Corporate Secretaries – Texas Chapter, Dallas, March 2, 2016
- Panelist, “Lawyers Leading the Race to Cybersecurity: How to Help Your Leadership Defend Attacks in 2016,” ACC South Central, February 3, 2016
- Panelist, “EB-5 & Data Security – Risk Management and Insurance Considerations,” Invest in the USA, January 7, 2016
- Panelist, “Investment Management Spotlight – The Ever-Changing Landscape,” Deloitte and the Managed Funds Association, December 3, 2015
- Panelist, “Map the Privacy Frontier,” Bloomberg BNA Privacy & Data Security Breakfast Panel Discussion, September 16, 2015
- Panelist, “Cybersecurity: Risks and Best Practices for Medical Device Makers,” MDMA Webcast, March 25, 2015
- Panelist, “Fraud-on-the-Market Theory: Significant Issues and Updates for 2014 and Beyond,” The Knowledge Congress Live Webcast, August 7, 2014
Involvement
- Co-Chair: Class Actions and Derivative Suits and Securities Litigation, Litigation Section, American Bar Association
- Co-Founder: Domestic Violence Project, Austin Young Lawyers Association
- Member: Texas Bar Association Pro Bono College; J. Reuben Clark Law Society; Women’s Advocacy Project; Leadership Dallas Class of 2019