Timothy C. Blank

Privacy & Cybersecurity

• A multinational internet company in a U.S. Federal Trade Commission investigation related to data privacy issues and theft of computer data.
• Various mutual funds, hedge funds and investment advisors in drafting information security programs and counseling with regard to state and federal data privacy and security rules.
• A biotechnology company when their drug development research data was hacked from third party research laboratory by foreign actors. 
• A permanent capital firm and registered investment adviser with offices in the U.S. and London in providing strategic CCPA and GDPR advice. We assisted the client in navigating gray areas in the CCPA and leveraged extensive knowledge of the Gramm-Leach-Bliley Act and Regulation S-P to provide advice on complex and nuanced issues related to the scope of the CCPA’s GLBA carve-out and its impact on personal information collected from investors/client and potential investors/clients across various channels. Provide GDPR advice to client in connection with its opening of a UK office. 
• A permanent capital firm on risks related to complex privacy and data security matters in connection with its bid for and acquisition of a global social media and dating app. We addressed significant regulatory issues and assessed risk of regulatory proceedings in the EEA and the U.S. 
• A global asset manager with offices in New York and London in providing strategic CCPA and GDPR compliance advice. We assisted in navigating gray areas in the CCPA and leveraged extensive knowledge of the Gramm-Leach-Bliley Act and Regulation S-P to provide advice on complex and nuanced issues related to the scope of the CCPA’s GLBA carve-out and its impact on personal information collected from investors/client and potential investors/clients across various channels. 
• An asset management firm in providing risk analysis and assessment in relation to the acquisition and use of large data sets in investment decision making. We provided guidance on proper data collection practices under relevant U.S. securities and anti-hacking laws.
• A large parcel service advising the client through a conciliation process with the Office of the Australian Information Commissioner (OAIC).
• The Board of Directors of one of the world’s largest hedge funds in responding to a major data breach involving the personal and financial records of major investors and shareholders, including advice on required notifications to individuals and regulators located in 23 countries.
• An international food services company on all issues arising from a substantial ransomware attack that encrypted all company systems, including advice on ransom negotiations, remediation and recovery of company operations, working with government investigators, and addressing insurance issues.
• A major asset manager in providing advice and training on all cyber and privacy related requirements, including leading tabletop exercises for IT and Business teams relating to ransomware attacks and other data breach incidents involving loss of personal and company data.
• A large national bank in class action litigation arising out of data breach involving theft of over 40 million credit card records.

Intellectual Property

• A privately held software company in copyright litigation in the District of Massachusetts alleging the illegal downloading and copying of kitchen design software programs (three-week jury trial).
• A technology company in patent litigation relating to computer network switches and routers (settled favorably).
  
• A multinational biotech company and its subsidiary in patent and licensing litigation related to siRNA synthesis (won dismissal of patent claim and successfully settled license issues).
• An Internet company in a U.S. Federal Trade Commission investigation related to data privacy issues and theft of computer data.
• A major bank in litigation arising out of computer data theft involving millions of credit card numbers (ongoing).
• A privately held software company in litigation alleging breach of software license, copyright infringement and misappropriation of trade secrets by a large publicly traded software company (three-week trial).
• A publicly traded software company in copyright litigation alleging copying of proprietary source code for CAD systems (two-week trial in federal court).
• A Canadian software company in litigation alleging copyright infringement of its graphical user interface (ongoing).

Financial Services and Securities

• The officers and directors of a publicly traded company in a securities class action in the District of Massachusetts alleging misrepresentations in connection with bond offerings (settled favorably).
  
• Mutual fund companies in investigations by the SEC, NASD and state attorneys general.
• Public and private fund companies, managers and advisors regarding advice given in connection with regulatory and contractual matters.
• A mutual fund company in national class action litigation alleging improper investment activity in violation of securities law (settled favorably).
• Public and private pension funds in litigation related to management of the funds.

Complex Commercial Litigation

• A major provider of cable services in national consumer class actions (ongoing).
• A software company in a dispute arising out of the acquisition of another company.
• An aircraft manufacturer in multi-party contract litigation (settled favorably).
• A specialty food product manufacturer in litigation over worldwide distribution rights (two-week trial).
• A global chemical manufacturer in multi-billion dollar litigation arising out of explosion and fire.

• Privacy and Cybersecurity — 2019 Los Angeles Investment Management Symposium, Los Angeles, CA (November 21, 2019)
• Privacy and Cybersecurity — 2019 San Francisco Investment Management Symposium, San Francisco, CA (November 19, 2019)
  
• GDPR: The First Six Months — New York, NY (October 11, 2018)
• Intellectual Property Issues in Financial Services Seminar: What's Hot? — Boston, MA (September 27, 2018)
• SuperReturn US East — (June 13, 2017)
  
  Chair, Cybersecurity Workshop. Leader, "Crime Watch" session on obtaining a better understanding of cyber-crime and its impacts on day-to-day business, including ways in which regulators expect private equity firms to minimize cyber risks.

• Cybersecurity and the Board of Directors — 2016 ICI Global Cybersecurity Forum, London (June 14, 2016)
• The Role of a Law Firm Prior to and During a Breach — Investment Company Institute Committee Meeting, London (January 28, 2016)
• Monitoring Cyber Behavior: Big Brother or Prudent Defense? — 2015 Investment Company Institute Cybersecurity Forum, Washington (November 5, 2015)
  
  Speaker, panel on practices that can help meet the needs of both the company and individuals.

• Cybersecurity: What to Do Once There Has Been a Data Breach — Legal Forum at the Investment Company Institute General Membership Meeting, Washington, D.C. (May 20, 2014)
  
  Presenter, "Cybersecurity: What to Do Once There Has Been a Data Breach."

• Cybersecurity and Data Privacy Law - Will the US and EU Regulators Soon Be Knocking on Your Door? — Presented by ACC GNY with Sponsorship by Dechert LLP, New York, NY (March 22, 2012)
  
  Leader, roundtable discussion on recent US and EU regulatory developments regarding cybersecurity and data privacy.

• Data Privacy and Cybersecurity: Keeping Up with the Ever Changing US and European Data Privacy Developments — Presented by DELVACCA with Sponsorship by Dechert LLP, Philadelphia, PA (February 21, 2012)
  
  Speaker, discussion on developments related to data privacy and protection liabilities.

• Keeping Up With Ever-Changing US and European Data Privacy Requirements-Are You In Compliance? — Association of Corporate Counsel - Greater NY Chapter - Compliance and Ethics Practice Group Meeting, New York, NY (September 20, 2011)
  
  Speaker, discussion on recent SEC and FTC enforcement actions, and the data breach notification statutes in the US.

• Legal Frameworks: An Overview of the Patchwork of Privacy-Related Laws and Regulations Around the Globe — IAPP Privacy Bootcamp, Boston, MA (June 17, 2011)