Douglas H. Meal

Partner

Boston

Seasoned trial lawyer Doug Meal defends clients targeted by litigation and government investigations stemming from major privacy and cybersecurity incidents. According to Chambers USA, clients select Doug because "[h]e is the premier expert in this field and knows how to run a breach response process from A to Z”; is “extremely experienced [and] can give immediate advice off the top of his head"; "has been in court through trials and negotiations, all aspects of the litigation, and is highly effective in all of them"; and "is good to work with, personable and very authoritative." This year, clients said, "I would trust him with my life if I ran into a litigation"; "Doug is extremely calm and has a way of presenting and explaining problems which makes you feel empowered to do your job"; and "He has great experience in this field and is a solid rock in litigation." Based on client assessments like these, Chambers USA has named Doug as the first and only “Band 1” litigator in the Privacy and Data Security category, describing him as the “market leader,” being “regarded by market sources as the leading privacy litigator in the USA” and “the dean of the data breach litigation Bar."

As the lead outside lawyer handling claims and/or regulatory investigations stemming from the data security breaches suffered by Target, Neiman Marcus, The Home Depot, Hilton Worldwide, Landry’s, Arby’s, Shopify, Chegg, Supervalu, Sally Beauty, Sony, Heartland Payment Systems, TJ Maxx, Hannaford Brothers, Aldo, Genesco, and Wyndham Hotels—some of the most highly publicized breaches in recent years—Doug has become the national leader in defending companies that suffer breaches involving consumer information against the ensuing claims and regulatory investigations. Doug’s recent successes include leading the team that prevailed in the closely watched LabMD v. FTC litigation, convincing the U.S. Court of Appeals for the Eleventh Circuit to become the first court ever to overturn a cybersecurity enforcement action by the FTC.

Doug has been recognized four times as one of The Cybersecurity Docket’s Incident Response 40—a list of the top 40 incident response lawyers in the United States. He is also a five-time Law360 Privacy MVP.

Mandate
- Acuant. Lead counsel in Acuant’s defense of a BIPA class action brought in 2019 based on Acuant’s alleged unlawful collection of biometric information by means of its facial recognition technology.
- Aldo Group. Lead counsel in Aldo’s ongoing defense of card brand and card issuer claims resulting from an alleged data security breach that the retailer discovered in early 2010.
- Arby’s Restaurant Group. Lead counsel in defending Arby's against all third-party claims arising from a payment card incident announced in February 2017 and also in litigation against Arby’s former payment card processor, Visa, and MasterCard in connection with Visa’s and MasterCard’s issuer reimbursement assessments relating to the data security incident.
- Chegg. Lead counsel for Chegg in defending consumer class action litigation and related arbitration demands stemming from a data breach discovered by Chegg in 2018.
- Destination Hotels and Resorts. Lead counsel in DH&R’s defense of the card brand claims stemming from the data security breaches suffered in 2010 by certain hotels managed by DH&R.
- Donnelly Financial Solutions. Lead counsel in Donnelly’s defense of a consumer class action brought against Donnelly in 2020 based on a data breach suffered by Mediant Communications in 2019.
- Fortune 100 Insurance Company. National coordinating counsel with respect to the litigations and regulatory inquiries arising from the criminal cyber-attack on a certain portion of a Fortune 100 insurance company’s computer network.
- Genesco. Lead counsel for Genesco in addressing its various legal obligations and exposures resulting from a substantial data security breach that Genesco discovered in late 2010.
- Hannaford Brothers. Lead counsel in Hannaford’s defense of the card brand claims stemming from the data security breach announced by Hannaford in 2008.
- Heartland Payment Systems. Lead counsel in Heartland’s ongoing defense of the card brand claims, the card issuer class action, and the FTC investigation stemming from the data security breach announced by Heartland in 2009.
- Hilton Worldwide. Lead counsel regarding potential card brand claims stemming from two separate data security incidents that affected certain Hilton-branded hotels around the world in 2014 and 2015, and also in litigation against Hilton's former payment card processor in connection with a commercial dispute relating to the data security incidents.
- The Home Depot. Advised and represented Home Depot in responding to card brand inquiries stemming from the data security breach that Home Depot announced in September 2014.
- LabMD. Represented LabMD in its successful petition to the U.S. Court of Appeals resulting in the first-ever court decision overturning an FTC cybersecurity action.
- Landry's. Lead outside counsel for Landry's on third-party claims brought by Landry's against two major card brands arising out of their allegedly unlawful conduct in imposing substantial assessments on Landry's acquiring bank as a result of a data security breach suffered by Landry's.
- Neiman Marcus. Advised and represented Neiman Marcus in responding to card brand inquiries stemming from the data security breach that Neiman Marcus announced in January 2014.
- Nordstrom. Lead counsel for Nordstrom in defending a consumer class action brought against Nordstrom based on a data breach suffered by a Nordstrom service provider in 2019.
- Sally Beauty Products. Advising and representing Sally Beauty in responding to card brand inquiries stemming from the data security breach that Sally Beauty announced in March 2014 and also in litigation against Visa in connection with Visa’s issuer reimbursement assessment relating to the data security incidents.
- Sony. Global coordinating counsel with respect to the multiple litigations and investigations that have arisen from the criminal cyber-attacks on certain of the Sony’s computer networks.
- Supervalu Inc. Lead outside counsel for Supervalu in defending and responding to all litigation claims, and regulatory inquiries stemming from the data security breach that Supervalu announced in August 2014.
- Target. Lead outside counsel advising and representing Target Corp. in responding to card brand inquiries and defending card issuer litigation stemming from the data security breach that Target announced in December 2013.
- The TJX Companies. Lead counsel in TJX’s defense of the card brand claims and the card issuer class action stemming from the data security breach announced by TJX in 2007.
- Twitter. Lead counsel for Twitter in defending a consumer class action brought against Twitter based on alleged violations of Washington telephone records privacy statute.
- Wyndham Hotels & Resorts. Lead counsel in Wyndham’s defense of the card brand claims stemming from the data security breaches suffered by certain of the Wyndham-branded hotels in 2008–2010; co-lead counsel in Wyndham’s defense of FTC enforcement action stemming from these intrusions.
- Zoosk. Lead counsel for Zoosk in defending a consumer class action brought against Zoosk based on a data breach discovered by Zoosk in 2020.

Mehr

Mehr

Mehr

D: +1 617 880 1880
E:[email protected]

Adresse:

222 Berkeley Street
Suite 2000
Boston, MA 02116
United States

vCard

Tätigkeitsgebiete

Zugelassen in
- New York
- Massachusetts
Referendariat
- Hon. Robert J. Ward, United States District Court, Southern District of New York
Weitere Zulassungen
United States District Courts
- District of Massachusetts
- Southern District of New York
- Eastern District of New York
- Western District of New York
- Northern District of New York
United States Courts of Appeals
- First Circuit
- Second Circuit
- Third Circuit
- Fourth Circuit
- Fifth Circuit
- Seventh Circuit
- Eighth Circuit
- Ninth Circuit
- Eleventh Circuit
- District of Columbia Circuit
Ausbildung
- The Fletcher School of Law and Diplomacy, MALD
- University of Pennsylvania, B.A., summa cum laude
- Harvard Law School, J.D., cum laude; Notes and Comments Editor of the Harvard International Law Journal
Auszeichnungen
- Chambers USA, Nationwide: Privacy & Data Security: Litigation, Band 1, 2019-2022
- Massachusetts Super Lawyers (2004, 2007-2020)
- Financial Times “U.S. Innovative Lawyer” (2012, 2013, 2018)
- Chambers Global: The World’s Leading Lawyers for Business (2012-2020)
- The Best Lawyers in America – Privacy & Data Security (2013-2020)
- Legal 500 Hall of Fame - Cyber law, Data protection & Privacy (2014-2022)
- Cybersecurity Docket’s “Incident Response 40” (2016, 2018, 2019, 2021)
- Law360 “MVP in Privacy” (2012-2017)
- BTI Client Service All-Star (2017)
- The National Law Journal “Cybersecurity & Data Privacy Trailblazer” (2017)
- Best Lawyers Privacy & Data Security Lawyer of the Year (2018, 2019)
- National Law Journal’s “Litigator of the Week,” (June 8, 2018)
Mitgliedschaften
- The Sedona Conference, Working Group 11: Member 2014-present; Steering Committee Member 2017-present; Vice Chair 2018-2020; Chair 2020-present
Reden und Fachvorträge
Pre Orrick Speeches
- Panelist, “Insurance Coverage: How to Mediate A Cyber Dispute,” 2018 CLM New York Conference & Holiday Party (December 12, 2018)
- Panelist, “Cybersecurity Risk: What’s at stake for Investors,” Council of Institutional Investors, Boston, MA (October 25, 2018)
- Panelist, “Litigation Tips from the Trenches: A Focus on Settlement of Cybersecurity Class Actions and Regulatory Investigation,” NetDiligence Cyber Risk and Privacy Liability Forum, Santa Monica, CA (October 12, 2018)
- Panelist, “Challenging and Mitigation of Payment Card Industry (PCI) Fines,” NetDiligence Cyber Risk and Privacy Liability Forum, Santa Monica, CA (October 2, 2018)
- Panelist, “The Toughest Debate in Town,” Privacy. Security. Risk. 2018, Austin, TX (October 16-19, 2018)
- Panelist, “Managing Cyber Liability Claims and Related Class Action Litigation Post-Equifax,” ACI Consumer Finance Class Actions Program, Chicago, IL (July 16-18, 2018)
- Panelist, “Litigation Round-Up,” Third National Institute on Cybersecurity Law, New York, NY (June 21, 2018)
- Panelist, “Liability Trends: Will I get Sued and By Whom? Will I get investigated and by Whom?” Georgetown Law's 6th Annual Cybersecurity Law Institute, Washington, D.C. (May 23, 2018)
- Panelist, “Data Security and Privacy Litigation,” “The Exchange” Data Privacy and Cybersecurity Forum, Boston, MA (April 24, 2018)
- Panelist, “Managing Cyber Liability Claims and Related Class Action Litigation,” ACI Cyber Risk & Data Security Conference, Chicago, IL (April 11, 2018)
- Presenter, “The State of U.S. Data Privacy and Cybersecurity Litigation Today,” IAPP Privacy Bar Section Forum, Washington, D.C. (March 29, 2018)
- Panelist, “Data Breach Litigation and Regulatory Investigations,” 2018 Cybersecurity and Privacy Protection Conference, Cleveland, OH (March 22, 2018)
- Presenter, “Privacy & Cybersecurity Litigation Roundup,” Ropes & Gray Roundtable, Palo Alto, CA (March 13, 2018)
- Panelist, “Top 10 Mistakes Companies Make in Incident Preparedness and Response, and How to Avoid Them,” Ropes & Gray Privacy & Cybersecurity Summit, New York, NY (February 8, 2018)
- Panelist, “The Cybersecurity Regulatory Complex: The Secret Laws, Rules and Tactics of Federal Regulators,” SINET Showcase, Washington, D.C. (November 9, 2017)
- Panelist, “Data Security and Privacy Litigation,” The Exchange: Cybersecurity, Washington, D.C. (November 2, 2017)
- Panelist, “The Changing Landscape in Europe: What You Need to Know to Do Business. The topics include: GDPR, Model Clauses, Privacy Shield and effect of Brexit on US Transactions,” NECCA Seminar, Waltham, MA (November 1, 2017)
- Panelist, “State of Litigation,” NetDiligence Cyber Risk and Privacy East Coast Forum, Philadelphia, PA (June 5, 2017 – June 7, 2017)
- Presented, “Lessons Learned from Major Data Security Breaches,” The 4th Annual SINET Global Institute BOD - CISO Workshop, Scottsdale, AZ (October 18-19, 2017)
- Faculty, “The Exchange,” Data Privacy and Cybersecurity Forum, New York, NY (May 24, 2017)
- Speaker, “PCI and CNP: How to Spell Security,” Card Not Present Expo, Orlando, FL (May 23, 2017)
- Panelist, “Litigation Trends in Data Breaches,” Georgetown Law School Cybersecurity Law Institute, Washington, DC (May 19, 2017)
- Speaker, “When Uncle Sam Comes After Corporate Cybercrime Victims - The FTC’s Cybersecurity Enforcement Program,” DRI Business Litigation Seminar (May 11, 2017)
- Moderator, “The Ever-Changing Privacy and Cybersecurity Landscape and its Impact on Private Equity Firms,” Ropes & Gray Roundtable (May 9-10, 2017)
- Faculty, “The Exchange” Data Privacy and Cybersecurity Forum, Boston, MA (April 27, 2017)
- Speaker, “The State of Data Breach Litigation Today,” IAPP Global Privacy Summit (April 19, 2017)
- Panelist, “Understanding and Managing Legal Exposure Created by Cyberattacks”, Cybersecurity Symposium, Boston, MA (April 5, 2017)
- Panelist, “Managing Retail Data Breaches”, Incident Response Forum, Washington, DC (April 4, 2017)
- Panelist, “Cybersecurity Regulatory Enforcement”, 6th Annual BCLT Privacy Law Forum, San Francisco, CA (March 24, 2017)
- Panelist, “Staying on the Right Side of the Law in 2017: Focus on Health Care Data”, Bloomberg Law 2017 Outlook on Privacy & Data Security, Washington, D.C. (February 28, 2017)
- Panelist, “Cybersecurity Risk: What’s at stake for Investors,” Council of Institutional Investors, Boston, MA (October 25, 2018)
- Faculty, “Hot Topics in Cyber Risk Conference,” New York, New York (January 26, 2017)
- Panelist, “Litigation Tips from the Trenches: A Focus on Settlement of Cybersecurity Class Actions and Regulatory Investigation,” NetDiligence Cyber Risk and Privacy Liability Forum, Santa Monica, CA (October 12, 2018)
Publikationen
Pre Orrick Publications
- Co-author, “Key Takeaways from LabMD: The Implications May Be Broader Than You Think,” Bloomberg Law (December 2018)
- Featured, “In Bellwether Data Security Case, 11th Cir. Rejects FTC Order,” Bloomberg Law (June 6, 2018)
- Co-author, “What litigating the LabMD case showed us about US cybersecurity regulation,” IAPP’s Privacy Perspectives (June 27, 2018)
- Featured, “Litigator of the Week: In FTC Data Security Fight, Saving the Best for Last,” The Litigation Daily (June 8, 2018)
- Featured, “Law360’s Weekly Verdict: Legal Lions & Lambs,” Law360 (June 7, 2018)
- Featured, “States’ Foray Into Breach Suits Will Spur Change, Attorneys Say,” Law360 (March 29, 2018)
- Co-author, “With ‘LabMD’ Decision Looming, FTC Workshop Delves into Privacy & Data Security Harms,” The WLF Legal Pulse (December 21, 2017)
- Featured, “MVP: Ropes & Gray's Douglas Meal,” Law360 (December 11, 2017)
- Featured, “Cybersecurity & Data Privacy Trailblazers,” The National Law Journal (2017)
- Co-author, “High Hurdles Faced by Data Security Breach Shareholder Derivative Plaintiffs,” Bloomberg BNA Privacy and Security Law Report (May 2017)
- Featured, “Privacy MVP: Ropes & Gray’s Doug Meal,” Law360 (December 9, 2016)
- Co-author, “Recent Decisions Highlight Product Cybersecurity Issues,” Law360 (November 18, 2016)
- Featured, “LabMD Bolsters Defense to Appeal FTC Data-Privacy Ruling,” The National Law Journal (August 18, 2016)
- Co-author, “Amazon Unfair Practice Case May Affect Data Breach Cases,” Law360 (July 1, 2016)
- Co-author, “Expert Q&A on Avoiding Common Mistakes in Data Breach Prevention and Response,” Thomson Reuters Practical Law (May 2016)
- Featured, “Meal vs. Mithal delivers the Wyndham debate goods at Summit,” The Privacy Advisor (April 26, 2016)
- Featured, “Privacy MVP: Ropes & Gray's Douglas H. Meal,” Law360 (December 10, 2015)
- Mentioned, “Super MVPs In A Class Of Their Own,” Law360 (November 8, 2015)
- “Clients’ cyber attacks turn lawyer into a go-to expert,” The Boston Globe (April 7, 2015)
- Doug Meal, Mark Szpak and David Cohen,“St. Joseph Demonstrates Challenges For Breach Plaintiffs,” Law360 (February 26, 2015)
- “Privacy MVP: Ropes & Gray's Douglas H. Meal,” Law360 (December 16, 2014)
- Douglas H. Meal and David T. Cohen, “Private Data Security Breach Litigation in the United States,” Inside the Minds: Privacy and Surveillance Legal Issues (2014)
- Douglas H. Meal and David T. Cohen, “Private Data Security Breach Litigation in the United States,” Inside the Minds: Privacy and Surveillance Legal Issues (2014)
- Douglas H. Meal and David T. Cohen, “Takeaways From 9th Circ. FCRA Ruling Against Spokeo,” Law360 (February 13, 2014)
- Douglas H. Meal, James S. DeGraw, Paul D. Rubin and David T. Cohen, “FTC's Increasingly Aggressive Assertion Of Authority,” Law360 (October 9, 2013)
- Douglas H. Meal and Mark P. Szpak, “Data Breach Plaintiffs, Don't Skim This Decision” Law360 (September 17, 2013)
- Douglas H. Meal and David T. Cohen, “Data Breach Plaintiffs Continue To Face Challenges,” Law360 (July 22, 2013)

Douglas H. Meal

Mandate

Orrick Cybersecurity Litigation Team Wins Eighth Circuit Ruling Dismissing Data Breach Class Action Claims Against Supervalu

Evaluating the Impact of TransUnion LLC v. Ramirez on Article III Standing in Data Breach Cases: Lessons from the Supreme Court's Ruling and the Lower Court's Effort to Apply that Ruling

Build Back Better Act Could Expose Companies to Harsh FTC Penalties

NetDiligence Cyber Risk Summit: Motivated Plaintiffs

Twenty-Fourth Annual Institute on Privacy and Cybersecurity Law: Litigation in Privacy and Data Security

Orrick Partners Recognized 7 Years in a Row as Top Incident Response Professionals in the U.S.

Orrick Partners Recognized 6 Years in a Row as Top Incident Response Professionals in the U.S.