Emily S. Tabatabai

Partner

Washington, D.C. Office

Houston

Emily S. Tabatabai is a partner and founding member of Orrick’s global Cyber, Privacy & Data Innovation Group. She has been recognized by The Legal 500 for her "extraordinary depth of knowledge in student data privacy matters," and by Chambers USA as "an invaluable resource to have when it comes to data privacy and security."

Emily advises clients on an array of privacy and data management matters, helping clients navigate the complex web of privacy laws, rules, regulations and best practices governing the collection, use, transfer and disclosure of data and personal information. Emily works closely with client business teams and in-house counsel to assess and manage privacy risks, design and deploy compliance programs and implement privacy-by-design approaches to address key compliance objectives while supporting each client’s data innovation strategies and the development and use of cutting-edge digital technologies. She frequently guides child and student-directed service providers through the complexities of compliance with the Children’s Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA), California’s Student Online Personal Information Protection Act (SOPIPA) and similar state student privacy laws. Emily represents clients subject to regulatory investigations and litigation. She also advises companies across the industry spectrum as they work towards compliance with federal and state laws, including:

  • California Online Privacy Protection Act (CalOPPA)
  • California Consumer Privacy Act (CCPA)
  • COPPA
  • California Privacy Rights Act (CPRA)
  • Fair Credit Reporting Act (FCRA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Section 5 of the Federal Trade Commission Act (FTC Act)
  • Virginia Consumer Data Protection Act

Emily also has an active consumer protection practice, focused on marketing and promotional issues. She counsels clients on interest-based advertising, sweepstakes and marketing promotions, retail sales and e-commerce platforms, advertising substantiation, new media and social media integration, and SMS text messaging and telemarketing, including matters involving the Telemarketing Sales Rule (TSR), the Telephone Consumer Protection Act (TCPA), the Restore Online Shoppers’ Confidence Act (ROSCA) and state and federal consumer protection statutes.

Emily is a frequent speaker on data privacy matters, with a particular focus on children’s privacy (COPPA), student data privacy and EdTech. She has been featured as an “Up and Coming” Privacy & Data Security attorney by Chambers USA and Chambers Global. Clients tell Chambers, “she's been an excellent partner. She has a very good understanding of the practical realities of implementing privacy policies for large companies.” Citing her expertise in the field of educational privacy, student data and ed-tech matters, Chambers reports that clients regard her as “very knowledgeable and truly and expert in this space,” with some saying, “On the student data side, she is unmatched.”

Emily is a Certified Information Privacy Professional in both U.S. and European privacy law (CIPP/US and CIPP/E) and a member of the International Association of Privacy Professionals (IAPP) Publications Advisory Board.

  • Recent Cybersecurity & Privacy matters:

    • Successfully representing a global EdTech provider in non-public FTC investigation involving alleged COPPA violations in connection with student-directed services and adtech.
    • Counseling global SaaS provider on development and deployment of big data analytics service offerings utilizing artificial intelligence (AI) and machine learning technologies.
    • Advising major municipality on smart cities initiative and development of comprehensive privacy compliance program.
    • Representing a major global fashion retailer in an enforcement action by the U.S. Federal Trade Commission’s Bureau of Consumer Protection involving the client’s online privacy policies and behaviorally-targeted advertising practices.
    • Representing a social application developer in a confidential investigation by the FTC involving alleged breach of data protected by COPPA.
    • Advising EdTech providers on compliance with FERPA and state student data privacy law obligations and cybersecurity matters.
    • Advising a consumer electronics company in designing and implementing global Web site privacy policies and procedures.
    • Representing a software developer in non-investigative discussions with the FTC regarding the developer’s behaviorally targeted marketing program for bank transactions.
    • Advising hundreds of start-ups and mature company clients across the business spectrum on design of online privacy policies, mobile privacy policies and data collection practices and procedures in accordance with FTC guidance, industry best practices and global data privacy regulations.
    • Counseling hundreds of companies on proactive and reactive security breach incident protocols, including compliance with U.S. state and international data breach notification rules.
    • Advising consumer-facing retailers and service providers on a range of consumer protection issues, including advertising substantiation, sweepstakes and contest design and regulation, social media marketing, mobile marketing, celebrity endorsement agreements, and sales and advertising issues.