Michael (Mike) Morgan is recognized as one of the nation’s leading lawyers in cybersecurity and data privacy. He has guided clients through some of the largest and most complex data breaches, breaches involving more than 50 million records, incidents affecting persons in over 100 countries around the world, and incidents involving sensitive defense-related information. He counsels clients on compliance with US and international regulations relating to cybersecurity and data privacy, including compliance with the California Consumer Privacy Act (CCPA), the EU’s General Data Protection Regulation (GDPR) and China’s Network Security Law. Mike leads the firm's Data, Privacy & Cybersecurity Group.
Mike has particular experience on complex legal issues arising from advanced technologies. He represents companies on privacy and cybersecurity issues arising from vehicle autonomy and connectivity and is an expert on the fast-changing regulatory environment relating to autonomous vehicles and in the US and around the world. He also advises clients on matters relating to international data transfers (e.g., EU model clauses and Privacy Shield), cryptocurrency, e-commerce security and blockchain applications. He represents clients in a range of industries, including financial services, big data, automotive, telecommunications, healthcare, insurance and automotive, as well as defense contractors and subcontractors subject to requirements under DFARS and the CMMC Framework.
Mike has handled scores of privacy and cybersecurity-related cases, including more than one hundred lawsuits involving claims under the Fair Credit Reporting Act (FCRA); unfair, deceptive or abusive acts and practice (UDAAP) statutes; and consumer protection statutes. He has particular expertise in the defense of cases involving claims for statutory damages and advises clients on mitigation of legal risks arising from the CCPA’s statutory damages provisions applicable to data breaches. He has defended against government investigations by the Federal Trade Commission, Consumer Financial Protection Bureau, Federal Communications Commission and state attorneys general. Mike is a Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals (IAPP).
