Jon’s enforcement work involves helping clients navigate the patchwork of federal and state “consumer protection” rules and defending investigations and enforcement actions brought by the Federal Trade Commission (FTC), U.S. Department of Justice (DOJ), State Attorneys General (AGs), and other state regulatory agencies. These matters cover a broad spectrum of B2C and B2B issues, including data privacy, cybersecurity, greenwashing, and so-called “unfair and deceptive” sales and marketing practices with a focus on representation of e-commerce platforms, marketplaces, gig economy, social media and fintech companies. In connection with these enforcement matters, Jon is able to leverage his substantial experience in crisis management by helping clients devise and implement coordinated regulatory, legislative, and media responses to these high stakes incidents.
Jon also helps companies identify and understand regulatory risks and opportunities associated with ESG marketing and goals by providing guidance on greenwashing and the FTC’s Green Guides to help clients avoid deceptive marketing for environmental responsibility and sustainability.
Jon also has substantial experience in the antitrust and competition space, including class action antitrust litigation, criminal cartel investigations and enforcement actions before the DOJ and international regulators, as well as mergers and acquisitions and conduct investigations before the DOJ and FTC. In addition, Jon also provides strategic public policy counseling to clients on consumer protection and data management matters before Congress and executive branch agencies, and he has an active complex commercial litigation practice in federal and state courts across the country.
Tori advises clients on enhancing their data privacy and security profiles and building comprehensive global data protection programs. She provides guidance on issues relating to a vast array of state, federal and international privacy and cybersecurity laws, including:
Children’s Online Privacy Protection Act (COPPA)
EU General Data Protection Regulation (GDPR)
Section 5 of the Federal Trade Commission (FTC) Act
Telephone Consumer Protection Act (TCPA)
U.S. surveillance-related laws
U.S. state data breach notification laws
U.S. state privacy laws in California, Colorado, Connecticut, Utah and Virginia (CCPA, CPRA, CPA, CTDPA, UCPA, VCDPA)
Tori also supports clients in developing strategies to reduce the risk of security incidents, regularly advises on general consumer protection issues, and counsels on sweepstakes, marketing, and advertising matters.
Prior to joining Orrick, Tori served as an in-house data privacy and security law clerk at a pharmaceutical company in Boston, at a large nonprofit corporation in New York City, and at an international oil and gas company in Beijing. She also worked on data privacy matters in the Office of the General Counsel of Northeastern University. Having worked across diverse business sectors, including life sciences, technology and energy, Tori brings an in-house perspective to her client matters.
Nick provides compliance guidance on both proposed and effective laws on a federal and state level in the United States, including:
Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM)
Children’s Online Privacy Protection Act (COPPA)
Illinois Biometric Information Privacy Act (BIPA) and other biometric privacy laws
Fair Credit Reporting Act (FCRA)
Gramm-Leach-Bliley Act (GLBA)
Section 5 of the Federal Trade Commission Act (FTC) Act
Telephone Consumer Protection Act (TCPA)
U.S. state breach notification laws
U.S. state privacy laws
U.S. artificial intelligence laws
He also counsels clients on the impact of international laws from a U.S. perspective, including the General Data Protection Regulation (GDPR), the ePrivacy Directive (ePD), and the EU Artificial Intelligence Act.
Nick helps clients develop flexible governance frameworks for the development and use of artificial intelligence in the face of ever evolving AI legislation. He also advises clients on strategies, policies and procedures for the sourcing of AI training data, the responsible use of AI by employees, the assessment of risks presented by AI tools, the design of consumer-facing AI, the negotiation of AI-related contracts and the handling of AI-related regulatory inquiries and investigations.
Nick also devotes a portion of his practice to innovative client solutions and community engagement. He was part of the Orrick team that developed Orrick’s AI Resource Center, EU AI Act reference guide, U.S. AI Law Tracker and Gen AI Policy Builder. His pro bono practice has included representing clients in immigration and innocence matters and assisting small businesses with their legal needs.
Nick has obtained the Certified Information Privacy Professional -/ United States (CIPP/US), Certified Information Privacy Technologist (CIPT) and Privacy Law Specialist (PLS) designations from the International Association of Privacy Professionals (IAPP).
Michaela helps clients build global privacy programs and advises on United States (U.S.) state and federal consumer privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), and the Colorado Privacy Act. Her work also includes counseling on compliance with the General Data Protection Regulation (GDPR).
Thomas's practice sits at the intersections of two of his passions: legal advocacy and data. He helps companies facing issues involving data privacy and security to translate the complex issues they face into a message that is persuasive and understandable to courts and regulators. Prior to joining Orrick, Thomas served as a law clerk for Justice Elena Kagan of the U.S Supreme Court and Judge Merrick B. Garland of the U.S. Court of Appeals for the D.C. Circuit. Before that, Thomas received his J.D. and Masters in Mechanical Engineering from Stanford, where he helped teach and develop material for undergraduate computer science courses.
As innovation pushes the limits of technology, those ideas challenge the boundaries of what is considered “personally identifiable information.” Sulina answers the question - how can we create tomorrow’s technology with yesterday’s privacy and consumer protection laws? Sulina works closely with innovators at all levels of a business – executives, engineers, marketing and product, HR and customer service teams – to gain a true understanding of their goals and the data they’re collecting, using and sharing. She places herself in her client’s shoes as well as in consumers’ mindset to devise creative privacy-by-design solutions, ensuring her client’s business and data innovation strategies withstand multi-national rules, government regulations, industry standards and consumer scrutiny.
With experience in both data privacy and consumer protection, Sulina utilizes a comprehensive approach to counsel clients on a myriad of issues affecting consumers and businesses. She routinely guides companies of all sizes through the existing patchwork of laws, self-regulatory standards and industry practice impacting data privacy and security. She advises clients subject to regulatory investigations and litigation involving a spectrum of federal and state laws, including:
California Online Privacy Protection Act (CalOPPA)
Children’s Online Privacy Protection Act (COPPA)
Family Educational Rights and Privacy Act (FERPA) and related state student data privacy laws
Fair Credit Reporting Act (FCRA)
Gramm-Leach-Bliley Act (GLBA)
Illinois’ Biometric Information Privacy Act (BIPA) and other biometric privacy laws
Section 5 of the Federal Trade Commission Act (FTC Act)
U.S. state privacy laws in California, Colorado, Connecticut, Utah, Virginia and other states
Sulina advises companies of all sizes on the development and deployment of cutting-edge technologies and services, including ad-tech, AI and machine learning, biometric tools, social media, robotics and IoT devices, marketing and promotions and more. Sulina began her legal career focusing on consumer protection. She continues to counsel clients on marketing and promotional issues, including interest-based ads; sweepstakes and promotions; automatic renewal and subscriptions; advertising substantiation; influencer programs and social media; SMS text messaging and telemarketing (including matters involving the Telemarketing Sales Rule (TSR), the Telephone Consumer Protection Act (TCPA)); and other state and federal consumer protection laws.
Sulina’s practice is industry-agnostic. She has represented clients ranging from start-ups to Fortune 500s, non-profits, academic institutions and city governments across a range of industries from fashion and ecommerce, financial services, retail, food and beverage and technology services. Prior to law school, Sulina worked in the highly interactive fields of journalism, entertainment and digital media. This well-rounded background helps her connect with clients on a personal level, and ensure her advice integrates legal solutions with business practicality.
Before joining Orrick, Sulina was a member of the Privacy & Data Security Group; Entertainment & Media Group; and IP, Information & Innovation Group at Reed Smith, LLP in New York and Washington, D.C.
Please do not include any confidential, secret or otherwise sensitive information concerning any potential or actual legal matter in this e-mail message. Unsolicited e-mails do not create an attorney-client relationship and confidential or secret information included in such e-mails cannot be protected from disclosure. Orrick does not have a duty or a legal obligation to keep confidential any information that you provide to us. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.
By clicking "OK" below, you understand and agree that Orrick will have no duty to keep confidential any information you provide.