Did California Open (Another) Floodgate for Breach Litigation?
Antony (Tony) Kim is a partner in Orrick's internationally recognized Cyber, Privacy & Data Innovation practice, which pursues "an aggressive yet practical approach" to data protection and innovation that "meets the needs of both in-house counsel and tech-savvy business clients."
When faced with a cyber crisis, companies call on Tony to help navigate critical legal, risk and reputational landmines. Tony has helped clients respond to hundreds of cyberattacks and data breaches. He has directed forensic investigations, cross-border notifications, and regulatory and private enforcement matters, in connection with incidents involving personal data of employees and customers, including PCI/payment card data, as well as proprietary data and corporate trade secrets, on behalf of private and public companies as well as governmental entities.
Tony has also defended over fifty clients in regulatory investigations and enforcement actions by the Federal Trade Commission (FTC) and State Attorneys General. These matters have involved (i) cyberattacks and data breach incidents, (ii) privacy implications of innovative data use-cases, and (iii) consumer protection issues relating to online and offline sales & marketing and advertising practices -- particularly in the retail e-commerce and fintech/consumer finance industries. Tony draws insights from his regulatory practice to inform his counseling work, where he regularly advises Legal, InfoSec/IT, Product/Marketing, and C-Suite/Board stakeholders on a host of governance, compliance, and risk mitigation strategies.
The National Law Journal named Tony to its 2014 list of D.C. Rising Stars, a 40-under-40 group of "game changing" private, government and public interest attorneys. Based on surveys of senior in-house counsel, Tony was awarded the Client Choice Award by the International Law Office (ILO)/Lexology in 2015, and was named an Acritas Star Lawyer in 2016 and 2017. He is recognized in multiple legal directories, including Chambers-U.S.A., The Legal 500-USA, Benchmark Litigation, Super Lawyers-D.C. Rising Stars, and The Cybersecurity Docket -- which twice named Tony to its 2016 and 2018 "Incident Response 30" list of the top IR professionals in the U.S. (note that 4 Orrick partners are named on the IR 30, which is more than any other firm). In 2016, Law360 named Orrick's Cyber, Privacy & Data Innovation practice "Practice Group of the Year" in the data privacy category.
Tony serves on the firm's Executive Management Committee.
Tony is the co-founder and a past Global Co-Chair of the Cyber, Privacy & Data Innovation practice group.
In addition to his cyber/privacy practice, Tony has extensive experience across the gamut of antitrust and competition matters, including the defense of mergers and acquisitions before the federal antitrust agencies, defense of criminal cartel proceedings, and civil antitrust litigation for both plaintiffs and defendants.
Before joining Orrick, Tony was a member of the litigation practice at White & Case LLP in Washington D.C. Prior to law school, he worked in Philadelphia at Towers Perrin, as an investment consultant for corporate defined benefit and defined contribution plans.
A representative selection of Tony's cybersecurity, data privacy, and consumer protection experience, includes the following:
Cybersecurity/Incident Response. Tony has represented public and private companies, as well as governmental entities, in responding to hundreds of cyberattacks and data breaches involving the personal information of employees and customers (e.g., payment card data) as well as proprietary information and trade secrets. In his response capacity, Tony collaborates with key stakeholders to:
Based on this experience, Tony helps clients design and deploy proactive governance, compliance, and risk mitigation strategies focused on incident preparedness (e.g., tabletop simulations), vendor management, and cyber training for Directors and Officers.
Data Privacy/Sales & Marketing. Tony works with companies on critical internal and external data-use-cases relevant to privacy, as well as to state and federal "unfair" or "deceptive" trade practices law, including:
In connection with this work, Tony regularly advises clients on a host of data-related rules and regulations, including but not limited to Section 5 of the Federal Trade Commission Act, the Telemarketing Sales Rule, the Telephone Consumer Protection Act, the CAN-SPAM Act, the Gramm Leach Bliley Act, and the Fair Credit Reporting Act, as well as relevant state law, including the California Online Privacy Protection Act, state "UDAP" statutes and specialty rules such as those concerning social security numbers, data brokers and biometric privacy.
Regulatory Investigations. Tony has defended clients in federal and state regulatory investigations, across an array of cybersecurity, data privacy and consumer protection matters. Highlights of his work include representations on behalf of the following clients:
Consumer Litigation. Tony has led or co-led the defense in consumer class action matters, including for the following clients:
Tony also has extensive experience in all facets of antitrust and competition law, including:
Mergers & Acquisitions. Tony has led or co-led the defense in merger, acquisition and joint venture investigations before the U.S. Department of Justice’s Antitrust Division and U.S. Federal Trade Commission, on behalf of clients such as:
Cartel Investigations. Tony has experience conducting internal investigations and defending companies in criminal proceedings before the U.S. Department of Justice’s Antitrust Division, including investigations involving the following industries:
Antitrust Litigation. Tony has served on litigation/trial teams serving plaintiffs and defendants in state and federal courts, including for the following clients: