Did California Open (Another) Floodgate for Breach Litigation?
Antony (Tony) Kim is a Partner in Orrick's internationally recognized Cyber, Privacy & Data Innovation practice, which pursues "an aggressive yet practical approach" to data protection and innovation that "meets the needs of both in-house counsel and tech-savvy business clients."
When faced with a cybersecurity crisis, companies call on Tony to help navigate critical legal, risk and reputational landmines. Tony has helped clients respond to hundreds of cyberattacks and data breaches. He has directed forensic investigations, cross-border notifications, and defended enforcement actions and civil litigation, in connection with incidents involving the personal information of employees and customers, including PCI/payment card data, as well as proprietary data and corporate trade secrets, on behalf of private and public companies as well as governmental entities.
Tony has also defended over fifty clients in regulatory investigations and enforcement actions by the Federal Trade Commission (FTC) and State Attorneys General. These investigations and enforcement matters have involved (i) cybersecurity and data breach incidents, (ii) privacy implications of innovative data use-cases, and (iii) consumer protection claims relating to online and offline sales & marketing and advertising practices -- particularly in the retail e-commerce and fintech/consumer finance industries. Tony draws insights from his regulatory enforcement practice to inform his counseling work, where he regularly advises Legal, InfoSec, IT/IS, Product/Marketing, Engineering, as well as C-Suite/Board stakeholders on a host of governance, compliance, and risk mitigation strategies.
For his work on behalf of clients, the National Law Journal named Tony to its 2014 list of D.C. Rising Stars, a 40-under-40 group of "game changing" private, government and public interest attorneys. Based on surveys of general counsel and senior in-house lawyers, Tony was awarded the Client Choice Award by the International Law Office (ILO)/Lexology in 2015, and was named an Acritas Star Lawyer in 2016 and 2017. He is recognized in multiple legal guides and directories, including Chambers-U.S.A., The Legal 500-USA, Benchmark Litigation, Super Lawyers-D.C. Rising Stars, and The Cybersecurity Docket -- which twice named Tony to its "Incident Response 30" list of the top professionals to call when facing a major cyberattack. In 2016, Law360 named Orrick's Cyber,
Privacy & Data Innovation practice "Practice Group of the Year" in the data privacy category.
In addition to his Cyber, Privacy & Data Innovation practice, Tony has extensive experience in the full gamut of antitrust and competition matters, including the defense of mergers and acquisitions before the federal antitrust agencies, defense of criminal cartel proceedings, and civil litigation. Tony is a past Global Co-Chair of the Cyber, Privacy & Data Innovation practice group.
Before joining Orrick, Tony was a member of the antitrust litigation practice group at White & Case LLP in Washington D.C. Prior to law school, he worked in Philadelphia as an investment consultant for corporate defined benefit and defined contribution plans.
A representative selection of Tony's cybersecurity, data privacy, and consumer protection experience, includes the following:
Cybersecurity/Incident Response. Tony works with in-house Legal, IT, InfoSec teams, as well as C-Suites and Boards of Directors, on proactive cybersecurity preparedness programs and risk mitigation strategies. He is regularly before these stakeholders in relation to critical cybersecurity and privacy training and compliance matters. In his incident response practice, Tony has worked closely with Legal and IT/InfoSec teams to direct forensic investigations, cross-border notifications, regulatory interactions, and civil defense strategies, in relation to hundreds of cyberattacks and data breaches involving the personal information of employees and customers (e.g., payment card data), as well as proprietary data and trade secrets, and on behalf of private and public companies as well as governmental entities.
Data Privacy/Sales & Marketing. Tony has worked with brick-and-mortar and online companies across industries to design and develop effective privacy disclosures, privacy-by-design processes, compliance programs, online and offline marketing strategies, and a host of other data-handling compliance mechanisms and policies.
Regulatory Investigations. Tony has defended clients in federal and state regulatory investigations, across an array of cybersecurity, data privacy and consumer protection matters. Highlights of his work include representations on behalf of the following clients:
Consumer Litigation. Tony has led or co-led the defense in consumer class action matters, including for the following clients:
Tony also has extensive experience in all facets of antitrust and competition law, including:
Mergers & Acquisitions. Tony has led or co-led the defense in merger, acquisition and joint venture investigations before the U.S. Department of Justice’s Antitrust Division and U.S. Federal Trade Commission, on behalf of clients such as:
Cartel Investigations. Tony has experience conducting internal investigations and defending companies in criminal proceedings before the U.S. Department of Justice’s Antitrust Division, including investigations involving the following industries:
Antitrust Litigation. Tony has served on litigation/trial teams serving plaintiffs and defendants in state and federal courts, including for the following clients: