Ian Ballon, Doug Smith, Michele Lee, Rob McHenry

Compliance lawyers too frequently overlook litigation issues and trends in seeking to mitigate risk. This workshop will drill down on CCPA and cybersecurity breach litigation to provide granular solutions for companies seeking to improve their position when sued, both from a litigation and risk-mitigation perspective. Both litigators and compliance lawyers will benefit from participating in this workshop.


The first part of the workshop will include an overview of case law and trends – including surprising trends – and what to expect from CPRA litigation beginning on January 1, 2023.


The second part of the workshop will include a roundtable discussion with in-house counsel on practice tips for mitigating risk in anticipation of CCPA and CPRA litigation and other cybersecurity and data privacy class action litigation, how to manage litigation from an in-house perspective, and how to best partner with outside counsel. The panel will also distill lessons from litigation into practical steps businesses should take to mitigate their risk of exposure.


Throughout the workshop, we will evaluate trends and what they mean for companies (and how they should respond). Among the trends that will be discussed —


– More cybersecurity breach cases overall are being filed these days, but unlike in past years fewer of them involve large numbers of law firms competing for control of the case or even MDL proceedings. What type of breaches are most likely to lead to large scale litigation and large settlements?


– The explosion of CCPA litigation so far has not moved the needle on settlement values because plaintiffs, in most CCPA cases, would need to go to trial to prevail


– Much of the law in this area is being driving from one judicial district, which is skewing national perspectives.


– Privilege issues are now front and center in every data breach case because of the 2020 Capital One opinion, but not all courts apply the “driving force” test applied by the Fourth Circuit, but Capital One requires companies to adopt counter-intuitive approaches to protect information when security incidents arise


– The threat of mass arbitration has caused companies to rethink whether compelling consumer arbitration makes sense. Recent cases suggest a series of approaches that companies may wish to consider.


The workshop is intended to be interactive and provide valuable “take away” lessons. Attendees will also receive extensive materials analyzing case law and trends.

Ian Ballon, Shareholder, Greenberg Traurig

Doug Smith, VP, Legal & Compliance Division, Morgan Stanley

Michele Lee, Assist. Gen. Counsel, Head of Litigation, Regulatory, & Employment, Pinterest

Rob McHenry, VP, Litigation, IP, Employment & Product, Twillio

Doug Smith

VP, Legal & Compliance Division
E*TRADE/Morgan Stanley

Ian Ballon

Greenberg Traurig

Michele Lee

Assist. General Counsel, Head of Litigation, Regulatory, & Employment

Rob McHenry

VP, Litigation, IP, Employment & Product