skip to main content
Experience List
  • Email Page
  • Create PDF
  • Print Page

Privacy & Security

Communications data retention for Internet service providers

Advising on European Union legislation revising requirements for Internet services providers to retain communications traffic data for use in law enforcement and national security investigations in Europe. (Ongoing)

Consumer protection, marketing, and privacy

Counseling clients on regulatory compliance of web and mobile payment interfaces and privacy policies, including the FTC Act and related rules (eg, Telemarketing Sales Rule, Dot Com Disclosures), Restore Online Shoppers’ Confidence Act, the Equal Credit Opportunity Act and the Fair Credit Reporting Act. (Ongoing)

Counseling cloud service provider on AI deployment

Advising leading cloud service provider on legal, ethical, and policy risks and issues arising from provision of services leveraging artificial intelligence applications (utilizing machine learning, deep learning, and neural networks) deployed in wholesale and retail services. (Ongoing)

Develop nationally recognized coordinated care organization

Acts as general and specialty counsel to Health Share of Oregon (Health Share) by advising on operational, governance, integration, regulatory and compliance matters. Health Share is the largest coordinated care organization in Oregon and responsible for the physical and mental health of more than 160,000 residents. The State of Oregon received $1.9 billion in state and federal funding to help implement coordinated care through organizations such as Health Share. (Ongoing)

European data protection for global business media & events company

Advise on European data protection compliance for client’s marketing communications & lead generation activities, use of website cookies and privacy policies. (Ongoing)

Facial recognition use and deployment issues

Counseling developer of AI and machine learning applications on issues surrounding deployment and use of facial recognition and related technologies in public and semi-public locations. (Ongoing)

Financial and data services counseling

Providing sophisticated counsel on the application of the FCRA and GLBA to providers of financial services and data aggregation products and services across all industry types. (Ongoing)

Financial institution compliance

Counsels clients on HIPAA and state health information privacy compliance matters regarding financial institutions. (Ongoing)

Health Share of Oregon

Counseling Health Share of Oregon, a coordinated care organization for the Medicaid population of the greater Portland area, on HIPAA and state health information privacy matters. (Ongoing)


Counseling Humetrix, a mobile device application developer, on privacy matters related to its iBlueButton application, an iOS application allowing patients and clinicians to securely exchange health information. (Ongoing)

Internet advertising privacy counseling

Advising privacy counsel and general counsel of leading streaming video programming providers and online retailers regarding litigation risks in online privacy and terms of use policies. (Ongoing)

IP video and digital media for various MSOs and vendors

Advice on operational, regulatory, franchising, programming, security, copy protection, and interface requirements for delivery of commercial video content to tablets, 'Smart TVs,' IP-enabled devices, and home networks. (Ongoing)

Mayo Clinic

Counseling the Mayo Clinic health care system on compliance with the HIPAA privacy, security, and breach notification regulations and other applicable health information privacy laws. (Ongoing)

Microsoft Corp. v. John Does 1-100

Representing Microsoft in case against the perpetrators of a complex phishing scheme to unlawfully obtain account access credentials from Microsoft customers. (E.D. Mich. Ongoing)

Mortensen v. Bresnan Communications

Representing Internet service provider Bresnan Communications in federal privacy lawsuit challenging the use of ad-targeting technology. Won dismissal and currently on appeal to the 9th Circuit. (9th Cir. 2014)

Nationwide TCPA putative class action for energy supplier

Representing an energy supplier in putative nationwide class action alleging company placed calls to phones on National DNC and cell phones in violation of the TCPA. (N.D. Ill. Ongoing)

Privacy and data security counseling

Providing nuanced privacy and data security advice to diverse clients on compliance with all manner of regulations, from emerging requirements such as EU General Data Protection Regulation (GDPR) and California’s new privacy law, to the application of long-stating rules—such as the Fair Credit Reporting Act, the Gramm-Leach-Bliley, Children’s Online Privacy Protection Act (COPPA), and the Drivers Privacy Protection Act (DPPA) to innovative products and services. (Ongoing)

Privacy counseling

Advising clients on state privacy regulation and litigation-related issues. (Ongoing)

Privacy legislation

Counsels clients on developments in federal privacy laws and legislation directed at digital media applications and services involving the collection and use of personal information and behavioral marketing and advertising. (Ongoing)

Privacy matters for companies

Representing companies in connection with the development and implementation of privacy statements, information security policies, and incident response plans.

Privacy policies

Counsels clients on corporate privacy practices, including reviewing and drafting privacy policies for Internet and other digital media and communications services. (Ongoing)

Ruppel v. Consumers Union of United States, Inc.

Defending a nonprofit in putative class action alleging violations of Michigan's Video Rental Privacy Act based on alleged disclosure of subscribers’ personal information. (S.D.N.Y. Ongoing)

Artificial intelligence

Advised leading cloud service provider on issues arising from AI and AI platforms, in both sell-side and buy-side transactions. Analyzed potential risks and outlined solutions to address issues related to: building transparency, auditability and (defensive) recordkeeping into AI tools; protecting algorithms, data sets, and intellectual property; techniques for protecting against allegations of bias/discrimination in AI tools, such as those arising in consumer and financial service; risk allocation and liability coverage; specialized regulatory and licensing regimes affecting AI applications; crafting terms to anticipate changes in regulation; and engaging directly with policymakers, government leaders, and independent standards bodies developing AI standards. (2018)

Hall v. Forbes Media LLC

Defended magazine publisher in putative class action alleging violations of Michigan's Video Rental Privacy Act based on alleged disclosure of subscribers’ personal information. Voluntarily dismissed with prejudice. (E.D. Mich. 2018)

Facebook v. United States

Filed amicus brief in the D.C. Court of Appeals on behalf of eight technology companies (Apple, Avvo, Dropbox, Google, Microsoft, Snap, Twitter, and Yelp) and The Reporters Committee for Freedom of the Press in support of Facebook’s First Amendment challenge to a gag order concerning warrants the company received under the Stored Communications Act. The search warrants were issued in connection with a criminal investigation into incidents arising out of the January 20, 2017 presidential inauguration. Following briefing, the government voluntarily dismissed its appeal. 2017 WL 5502809 (D.C. Super. Ct. Crim. Div. Nov. 9, 2017)

Gragg v. Orange Cab Company, Inc. & Ridecharge Inc.

Defended mobile application developer in putative class action alleging the company sent text messages in violation of various consumer protection statutes. Obtained order dismissing TCPA claim on summary judgment. 995 F. Supp. 2d 1189 (W.D. Wash. 2014). Obtained order dismissing Washington Consumer Protection Act claim, 942 F. Supp. 2d 1111 (W.D. Wash. 2013), and Washington Commercial Electronic Mail Act claim, 145 F. Supp. 3d 1046 (W.D. Wash. 2015). Case resolved. (W.D. Wash. 2017)

BMG v. Cox

Submitted amicus brief in support of Cox’s appeal of a $25 million contributory copyright infringement verdict based on alleged infringements by Cox’s internet service subscribers. The decisions and verdict eliminate protections in the DMCA’s safe harbor provisions vital to providing internet service, rendering them ineffective for all ISPs. (4th Cir. 2016)

Hetherington v. Omaha Steaks, Inc. and Omaha Steaks Int’l, Inc.

Defended leading food manufacturing, marketing, and distribution company in putative nationwide class action alleging the company placed automated and prerecorded messages to cell phones in violation of the TCPA and state common law. (D. Or. 2016)

Nationwide TCPA putative class action for commercial lender

Representing commercial lender in putative nationwide class action, alleging the company placed calls in violation of the TCPA, and putative Washington statewide class action alleging the company placed automated and prerecorded commercial solicitation calls in violation of Washington's Automatic Dialing and Announcing Device Act, and Consumer Protection Act. Settled favorably on class basis. (W.D. Wash. 2016)

Willett et al. v. Redflex Traffic Systems, Inc. et al.

Representing nation’s largest vendor of automated red-light traffic cameras in putative nationwide class action alleging the company caused automated and prerecorded messages to be placed to cell phones in violation of the TCPA. Settled favorably on class basis. (D. N.M. 2016)

Nationwide TCPA putative class action for medical services company

Represented medical services company in putative nationwide class action alleging company placed calls to cell phones in violation of the TCPA. Obtained voluntary dismissal. (N.D. Ill. 2015)

Cousineau v. Microsoft

Represented Microsoft in putative nationwide class action litigation alleging violation of Electronic Communications Privacy Act and other statutes arising from collection of location information through Windows Phone mobile operating system. Won dismissal of most claims on motion to dismiss. After discovery, won summary judgment on remaining claim. 6 F.Supp.3d 1167 (W.D. Wash. 2014)

Friedman v. Nutribullet, LLC, & Tribune Broadcasting Co., LLC

Represented major broadcasting company in putative nationwide class action alleging the company sent text messages in violation of the TCPA. Settled favorably on individual basis. (C.D. Cal. 2014)

Lightspeed v. Smith

Won fees and sanctions for Comcast in district court affirmed on appeal in frivolous suit accusing Comcast and AT&T of "conspiring" to avoid disclosing thousands of subscriber’s identities to noted porn troll group for alleged copyright infringement. (SD Ill. 2013; 7th Cir. 2014)

Washington State telephone commercial solicitation class action for financial services company

Represented financial services company in putative Washington statewide class action alleging the company placed automated and prerecorded commercial solicitation calls in violation of Washington Automatic Dialing and Announcing Device Act and Consumer Protection Act. Settled favorably on individual basis. (King Cnty. (Wash.) Super. Ct. 2014)

Cyber-extortion matter

Represented large social media site in connection with cyber-extortion threats. (2013)

First Unitarian Church of Los Angeles v. National Security Agency

Submitted amicus brief forPEN American Center highlighting the chilling effect of NSA’s sweeping collection of metadata on writers. (N.D. Cal. 2013)

Hodsdon v. Bright House Networks, LLC

Successfully moved to enforce class action waiver and compel arbitration of a putative class action arising from Internet service provider’s alleged retention of subscriber data. 2013 WL 1091396, findings & recommendations adopted, 2013 WL 1499486 (E.D. Cal. 2013)

Valentine v. Nebuad

Obtained dismissal on lack of jurisdiction, on behalf of internet service provider Bresnan Communications in federal privacy lawsuit challenging the use of deep-packet inspection technology (2009). Won dismissal of ECPA claims in sister-case in Montana and in the 9th Circuit enforcing arbitration. (N.D. Cal. 2011; 9th Cir. 2013)

Joe Miller v. Fairbanks North Star Borough

Lead counsel representing the Fairbanks North Star Borough in litigation filed by failed 2010 U.S. Senate candidate Joe Miller alleging privacy infringement and related claims for alleged disclosure of his personnel file to the media. Successfully defended the case, with claims alleging damages exceeding $200,000 being settled for $5,000 on an offer of judgment disclaiming fault. (2012)

Paul v. Providence Health System

Represented Providence Health System against a putative class action. Plaintiffs alleged that the theft of unencrypted backup tapes and optical discs from the car of an employee was negligent and a violation of the Oregon Unfair Trade Practices Act. Plaintiffs sought to certify the case on behalf of a class of 365,000 current and former patients whose patient information was stored on the stolen material. The court granted a motion to dismiss with prejudice and all claims were dismissed. Dismissal was affirmed by the Oregon Court of Appeals and by the Oregon Supreme Court, 273 P.3d 106. Oral arguments. (February 24, 2012)

Cloud based privacy compliance for leading technology company

Advised on compliance obligations under selected European, Asian and Middle Eastern privacy laws with respect to the international launch of cloud-based collaboration services. (2011)

International information security for cloud services providers

Advised several clients on data transfer and information security requirements under Argentinean data protection law related to providing services in and locating servers in Argentina. (2011)

Keck v.

Defended against privacy claims raised by book that was published by third parties through Amazon's Kindle Direct Publishing program. Court found immune from liability under Section 230, granting its motion for judgment on the pleadings. (2011)

Retailer's customer loyalty and rewards program

Represented large multi-store retailer in creating and launching a customer loyalty program throughout China, including online customer interface, information privacy and security, and back-end data processing. (2011)

Smith v. The Regents of Univ. of California

Represented The Regents, through summary judgment, in a class action that included CMIA and constitutional invasion of privacy claims arising from UCSF’s automated sharing of patient information with a third-party vendor. The constitutional privacy claim was dismissed on summary judgment and the CMIA claim was favorably resolved in a settlement approved by the trial court. 2010 WL 5148256 (2010)

Zango, Inc. v. Kaspersky Lab, Inc.

Summary judgment dismissing lawsuit against distributor of anti-malware products, recognizing 'robust' immunity under 47 U.S.C. § 230(c)(2) enabling consumer access to information about potentially 'objectionable' software. In 2009, the U.S. Court of Appeals for the 9th Circuit affirmed the lower court's 2007 dismissal. WL 1655217 (W.D. Wash., 9th Cir. 2009)

Arcilla v. adidas Promotional Retail Operations, Inc.

Defended two consumer class actions asserting violations of FACTA (credit card privacy act). 488 F. Supp. 2d 965 (C.D. Cal. 2008)

U.S. Dept. of Health & Human Services, Office for Civil Rights, In re: Providence Health & Services

Represented Providence Health & Services in federal administrative proceedings related to the theft of backup tapes. Proceedings ended in a negotiated settlement. (Or. App. 2008) Read more

In re National Security Agency Telecommunications Records Litigation

Obtained the dismissal of three communication company defendants from a nationwide class action case accusing defendants of assisting the U.S. government in conducting warrantless wiretaps. (N.D. 2007)

South San Joaquin Irrigation District v. Meridian Pacific, Inc.

Action against political consulting firm for unauthorized entry into governmental agency's computer network. (San Joaquin County (Cal.) Super. Ct. 2007)

Steinbuch v. Cutler

Obtained dismissal of privacy and related claims against Ana Marie Cox, former author of the blog 'Wonkette,' based on excerpting, linking to and commenting on another blogger's first-hand accounts of her relationship with plaintiff. 1:05CV00970 (D.D.C. 2007)

Gilmore v. Gonzales

Represented John Gilmore in writ petition to the U.S. Supreme Court challenging, on due process grounds, the Transportation Security Agency's secret directive that requires commercial airline passengers show identification or undergo security screenings before flying. (2006)

Kaiser Permanente v. Cooper

Obtained temporary and permanent injunction against former IT employee (self-dubbed the "Diva of Disgruntled") from disseminating online, protected health information for over 100 Kaiser members. (2006)

Sparks v. San Francisco Bay Guardian*

Successfully defended Bay Guardian in libel and invasion of action arising from an April Fool’s Day parody edition of the newspaper. 17 Cal. App. 4th 655 (1993)

Cybersecurity for cable MSOs

Consultation with federal security agencies on network and supply chain security. (2011-2012)

DWT HIPAA Privacy Audit Toolkit

Authored and launched the HIPAA Privacy Audit Toolkit, a comprehensive HIPAA privacy self-assessment tool now in use by health care systems such as The Johns Hopkins Health System, Memorial Sloan-Kettering Cancer Center, and Seattle Children’s Hospital.

HIPAA compliance for Bristol Bay Area Health Corporation

Represent client -- which includes a hospital, substance abuse treatment center, and village clinics -- in its HIPAA compliance efforts. Identified applicable federal and state requirements; structured a compliance approach; developed policies and supporting documentation; assisted with addressing complaints to the Office for Civil Rights concerning HIPAA compliance; and provide ongoing advice on HIPAA and HITECH compliance.

HIPAA compliance for PeaceHealth

Worked with a large multi-state health system in developing and implementing a HIPAA compliance program. Identified HIPAA's applicability to various functions and services, developed privacy policies and other documents (including its notice of privacy practices and authorizations), and addressed other HIPAA implications.

Service and contract negotiation for McKesson Corp.

Drafting and negotiation of services and software contracts between McKesson and benefits payors, drug manufacturers, and service providers. Also providing HIPAA and privacy advice.
* Denotes experience completed at a prior firm
Blog for insight and commentary on information management and protection
View State Data Breach Notice Statues
download the business associate contract
Law Firm of the Year in Communications
Privacy 101 videos