Communications data retention for Internet service providers
Advising on European Union legislation revising requirements for Internet services providers to retain communications traffic data for use in law enforcement and national security investigations in Europe. (Ongoing)
Compliance & HIPAA advice for Norton Sound Health Corporation
Provide advice on compliance program and HIPAA. (Ongoing)
Consumer protection, marketing, and privacy
Counseling clients on regulatory compliance of web and mobile payment interfaces and privacy policies, including the FTC Act and related rules (eg, Telemarketing Sales Rule, Dot Com Disclosures), Restore Online Shoppers’ Confidence Act, the Equal Credit Opportunity Act and the Fair Credit Reporting Act. (Ongoing)
Cousineau v. Microsoft
Co-counsel for Microsoft opposing putative class action claims alleging Windows phones unlawfully use location information. (Ongoing)
Develop nationally recognized coordinated care organization
Acts as general and specialty counsel to Health Share of Oregon (Health Share) by advising on operational, governance, integration, regulatory and compliance matters. Health Share is the largest coordinated care organization in Oregon and responsible for the physical and mental health of more than 160,000 residents. The State of Oregon received $1.9 billion in state and federal funding to help implement coordinated care through organizations such as Health Share. (Ongoing)
European data protection for global business media & events company
Advise on European data protection compliance for client’s marketing communications & lead generation activities, use of website cookies and privacy policies. (Ongoing)
Financial institution compliance
Counsels clients on HIPAA and state health information privacy compliance matters regarding financial institutions. (Ongoing)
General counsel for Bristol Bay Area Health Corporation
Represent client on complaints to the Office of Civil Rights on HIPAA violations, advise on compliance and HIPAA. (Ongoing)
Health Share of Oregon
Counsel Health Share of Oregon, a coordinated care organization for the Medicaid population of the greater Portland area, on HIPAA and state health information privacy matters. (Ongoing)
HIPAA and privacy analysis
Advised various health industry clients on issues of security breaches, patient authorizations, and general permitted uses and disclosure of patient health information under federal and state laws. (Ongoing)
Counsel Humetrix, a mobile device application developer, on privacy matters related to its iBlueButton application, an iOS application allowing patients and clinicians to securely exchange health information. (Ongoing)
IP video and digital media for various MSOs and vendors
Advice on operational, regulatory, franchising, programming, security, copy protection and interface requirements for delivery of commercial video content to tablets, 'Smart TVs,' IP-enabled devices, and home networks. (Ongoing)
Counsel the Mayo Clinic health care system on compliance with the HIPAA privacy, security, and breach notification regulations and other applicable health information privacy laws. (Ongoing)
Mortensen v. Bresnan Communications
Representing Internet service provider Bresnan Communications in federal privacy lawsuit challenging the use of ad-targeting technology. Won dismissal and currently on appeal to the 9th Circuit. (D. Mont.; 9th Cir. Ongoing)
Privacy and security compliance for Charter Communications*
Tightened regulatory compliance by advising management and developing training programs related to various privacy and security requirements. (2005-2013)
Counsels clients on developments in federal privacy laws and legislation directed at digital media applications and services involving the collection and use of personal information and behavioral marketing and advertising. (Ongoing)
Counsels clients on corporate privacy practices, including reviewing and drafting privacy policies for Internet and other digital media and communications services. (Ongoing)
Valentine v. Nebuad
Obtained dismissal on lack of jurisdiction, on behalf of Internet service provider Bresnan Communications in federal privacy lawsuit challenging the use of deep-packet inspection technology (2009). Won dismissal of sister-case in Montana and currently on appeal in the 9th Circuit. (Ongoing)
Hodsdon v. Bright House Networks, LLC
Successfully moved to enforce class action waiver and compel arbitration of a putative class action arising from Internet service provider’s alleged retention of subscriber data. 2013 WL 1091396, findings & recommendations adopted, 2013 WL 1499486 (E.D. Cal. 2013)
Payment card information theft for Jetro/Restaurant Depot
Advised Jetro/Restaurant Depot officials regarding steps to respond to the thefts of customers' payment card information. (2011, 2013)
Polanco v. Omnicell, Inc., et al.
Successfully moved to dismiss the putative class action claims against South Jersey Hospital, now known as Inspira, related to the theft of a laptop with patient information from a hospital contractor. (D.N.J. 2013)
Privacy and security programs for Charter Communications*
Drafted and led implementation of the company’s privacy and information security programs and related policies to ensure compliance with privacy and security requirements. (2004-2013)
Consumer protection investigations
Represented multiple companies in connection with investigations by the Federal Trade Commission Bureau of Consumer Protection under the Fair Credit Reporting Act and the Children’s Online Privacy Protection Act. Investigations closed without action. (2012)
Joe Miller v. Fairbanks North Star Borough
Lead counsel representing the Fairbanks North Star Borough in litigation filed by failed 2010 U.S. Senate candidate Joe Miller alleging privacy infringement and related claims for alleged disclosure of his personnel file to the media. Successfully defended the case, with claims alleging damages exceeding $200,000 being settled for $5,000 on an offer of judgment disclaiming fault. (2012)
Paul v. Providence Health System
Represented Providence Health System against a putative class action. Plaintiffs alleged that the theft of unencrypted backup tapes and optical discs from the car of an employee was negligent and a violation of the Oregon Unfair Trade Practices Act. Plaintiffs sought to certify the case on behalf of a class of 365,000 current and former patients whose patient information was stored on the stolen material. The court granted a motion to dismiss with prejudice and all claims were dismissed. Dismissal was affirmed by the Oregon Court of Appeals and by the Oregon Supreme Court, 273 P.3d 106. Oral arguments.
(February 24, 2012)
Cloud based privacy compliance for leading technology company
Advised on compliance obligations under selected European, Asian and Middle Eastern privacy laws with respect to the international launch of cloud-based collaboration services. (2011)
International information security for cloud services providers
Advised several clients on data transfer and information security requirements under Argentinean data protection law related to providing services in and locating servers in Argentina. (2011)
Keck v. Amazon.com
Defended Amazon.com against privacy claims raised by book that was published by third parties through Amazon's Kindle Direct Publishing program. Court found Amazon.com immune from liability under Section 230, granting its motion for judgment on the pleadings. (2011)
Retailer's customer loyalty and rewards program
Represented large multi-store retailer in creating and launching a customer loyalty program throughout China, including online customer interface, information privacy and security and back-end data processing. (2011)
Advised location information technology licensor TruePosition regarding legal restrictions pertaining to use of cell site location information. (2011)
Data breach advice for Children's Hospital Los Angeles
Advised Children's Hospital Los Angeles regarding steps it should take in response to data breach. (2010)
Data breach advice for Monoprice Inc.
Advised Monoprice regarding steps it should take in response to electronic data breach. (2010)
MSIT PCI support for Microsoft Corporation
Assisted Microsoft in negotiating and drafting an agreement with Qualified Security Assessor to perform PCI DSS security assessment. (2010)
Privacy breach/stolen desktop computers for St. Joseph's Hospital
Advised St. Joseph's Hospital regarding steps it should take in response to electronic data breach. (2010)
Smith v. The Regents of Univ. of California
Represented The Regents, through summary judgment, in a class action that included CMIA and constitutional invasion of privacy claims arising from UCSF’s automated sharing of patient information with a third-party vendor. The constitutional privacy claim was dismissed on summary judgment and the CMIA claim was favorably resolved in a settlement approved by the trial court. 2010 WL 5148256 (2010)
Zango, Inc. v. Kaspersky Lab, Inc.
Summary judgment dismissing lawsuit against distributor of anti-malware products, recognizing 'robust' immunity under 47 U.S.C. § 230(c)(2) enabling consumer access to information about potentially 'objectionable' software. In 2009, the U.S. Court of Appeals for the 9th Circuit affirmed the lower court's 2007 dismissal. WL 1655217 (W.D. Wash., 9th Cir. 2009)
Arcilla v. adidas Promotional Retail Operations, Inc.
Defended two consumer class actions asserting violations of FACTA (credit card privacy act). 488 F. Supp. 2d 965 (C.D. Cal. 2008)
U.S. Dept. of Health & Human Services, Office for Civil Rights, In re: Providence Health & Services
Represented Providence Health & Services in federal administrative proceedings related to the theft of backup tapes. Proceedings ended in a negotiated settlement. (Or. App. 2008) Read more
ACLU vs. National Security Agency
Represented the ACLU in a challenge to the president's authority to engage in warrantless wiretapping of U.S. citizens, including an appeal of a summary judgment ruling, first to the 6th Circuit and then to the U.S. Supreme Court. 493 F.3d 644 (6th Cir. 2007), cert. denied, 128 S. Ct. 1334 (2008) (U.S. 2007)
In re National Security Agency Telecommunications Records Litigation
Obtained the dismissal of three electronic companies from a nationwide class action case accusing defendants of assisting the U.S. government in conducting warrantless wiretaps. (2007)
South San Joaquin Irrigation District v. Meridian Pacific, Inc.
Action against political consulting firm for unauthorized entry into governmental agency's computer network. (San Joaquin County (Cal.) Super. Ct. 2007)
Steinbuch v. Cutler
Obtained dismissal of privacy and related claims against Ana Marie Cox, former author of the blog 'Wonkette,' based on excerpting, linking to and commenting on another blogger's first-hand accounts of her relationship with plaintiff. 1:05CV00970 (D.D.C. 2007)
Gilmore v. Gonzales
Represented John Gilmore in writ petition to the U.S. Supreme Court challenging, on due process grounds, the Transportation Security Agency's secret directive that requires commercial airline passengers show identification or undergo security screenings before flying. (2006)
Kaiser Permanente v. Cooper
Obtained temporary and permanent injunction against former IT employee (self-dubbed the "Diva of Disgruntled") from disseminating online, protected health information for over 100 Kaiser members. (2006)
Sparks v. San Francisco Bay Guardian*
Successfully defended Bay Guardian in libel and invasion of action arising from April Fool’s Day parody edition of the newspaper. 17 Cal. App. 4th 655 (1993)
Cybersecurity for cable MSOs
Consultation with federal security agencies on network and supply chain security.
DWT HIPAA Privacy Audit Toolkit
Authored and launched the HIPAA Privacy Audit Toolkit, a comprehensive HIPAA privacy self-assessment tool now in use by health care systems such as The Johns Hopkins Health System, Memorial Sloan-Kettering Cancer Center, and Seattle Children’s Hospital.
HIPAA compliance for Bristol Bay Area Health Corporation
Represent client -- which includes a hospital, substance abuse treatment center, and village clinics -- in its HIPAA compliance efforts. Identified applicable federal and state requirements; structured a compliance approach; developed policies and supporting documentation; assisted with addressing complaints to the Office for Civil Rights concerning HIPAA compliance; and provide ongoing advice on HIPAA and HITECH compliance.
HIPAA compliance for PeaceHealth
Worked with a large multi-state health system in developing and implementing a HIPAA compliance program. Identified HIPAA's applicability to various functions and services, developed privacy policies and other documents (including its notice of privacy practices and authorizations), and addressed other HIPAA implications.
Service and contract negotiation for McKesson Corp.
Drafting and negotiation of services and software contracts between McKesson and benefits payors, drug manufacturers, and service providers. Also providing HIPAA and privacy advice.
* Denotes experience completed at a prior firm