Matthew E.S. Coleman

Managing Associate

New York, Boston

Matthew Coleman is a Managing Associate in Orrick’s Cyber, Privacy & Data Innovation practice group in New York. Matthew leverages years of experience in researching, auditing, counseling, and litigating complex, multi-jurisdictional issues surrounding privacy, cybersecurity and information governance. Matthew is a Certified Information Privacy Manager and a Certified Information Privacy Professional with a specialization in United States privacy law.

Matthew focuses his practice on helping clients develop global privacy programs to meet the requirements of an incomplete patchwork of privacy and cybersecurity laws, both in the United States and abroad, including the GDPR, CCPA and its progeny, GLBA, COPPA, FCRA, TCPA, CAN-SPAM and state breach notification and cybersecurity laws. He also has extensive experience guiding clients through mergers and acquisitions to identify and mitigate privacy and cybersecurity risks. Matthew routinely advises on emerging technologies, including artificial intelligence and blockchain, and helps clients navigate self-regulatory privacy programs such as the EU-US Privacy Shield, Binding Corporate Rules, APEC CBPRs, programs covering online behavioral advertising including the DAA, EDAA, IAB and the NAI, and programs covering payment card processing. An ever-growing portion of Matthew’s practice involves helping companies prepare for privacy or security breaches and leading an immediate response in the event of an incident, successfully guiding clients through investigation, remediation, notification and ensuing government inquiries.

Matthew leans on his experience working for federal regulators to keep clients on the safe side of the watchful eye of the law. His understanding of overarching data management best practices helps him counsel beyond the letter of the law, but also facilitate worldwide expansion, interoperable business processes, and innovative uses of consumer data all while maintaining user trust. His all-encompassing, risk-based approach involves developing and executing internal and external policies for the collection, use, disclosure, sharing, retaining, transferring, and destruction of personal information. This includes managing contractual relationships with vendors, employees, acquired entities, and creditors as well as the building privacy into companies’ product development life cycle and change management strategies. Prior to joining Orrick, Matthew was an Enterprise Privacy Solutions Manager for TrustArc (formerly TRUSTe), a San Francisco-based privacy consulting and certification firm, and an adjunct law professor of Privacy Law at Santa Clara University.

Insights

Events

News