MATTHEW STAPLES

Partner
Privacy and Data Protection

Matthew Staples is a partner in the Austin office of Wilson Sonsini Goodrich & Rosati. Matt advises companies in a number of industries regarding privacy, data protection, cybersecurity, and other information security issues. Having worked extensively on privacy and data security matters since 2004, Matt possesses a depth of experience that allows him to help clients comply with numerous laws, regulations, self-regulatory requirements, industry standards, and best practices applicable to their collection, use, disclosure, transfer, and other processing of data. He helps clients navigate issues arising from novel and innovative data practices by offering practical risk assessments and pragmatic advice.

Matt's experience as a transactional lawyer allows him to address privacy, data security, and other matters relating to data in the context of various transactions. He helps our clients address these issues in the context of mergers, acquisitions, spin-offs, securities offerings, outsourcing transactions, strategic alliances, and other corporate transactions, as well as in outsourcing agreements, services arrangements, vendor agreements, and other commercial transactions.

Matt's experience includes representation of companies ranging in size from newly formed start-ups to large, multinational public companies in numerous industries.

The International Association of Privacy Professionals has designated Matt as a Certified Information Privacy Professional.

• Counseled numerous clients on laws, regulations, industry standards, self-regulatory requirements, and best practices relating to privacy and data protection in numerous industries
• Counseled clients regarding compliance with data security requirements imposed by numerous legal regimes, including the enforcement activity of the Federal Trade Commission, sector-specific federal legislation, and state laws
• Prepared terms of service, privacy policies, and other forms of privacy notices for websites, mobile applications, and other services
• Coordinated and conducted due diligence; negotiated representations, warranties, and covenants; and addressed transition and integration matters relating to privacy, data protection, and information security in connection with mergers, acquisitions, spin-offs, and other business transactions
• Counseled numerous clients regarding the processing and transfer of data, including cross-border data transfers, in connection with mergers, acquisitions, asset sales, and other business transfers, including the design of practical solutions to permit the value of data to be conveyed while mitigating associated risks
• Assisted several clients in the drafting and negotiation of data handling and data security provisions in the context of outsourcing, other types of services arrangements, and other commercial arrangements
• Assisted numerous clients with preparing appropriate disclosures in securities filings relating to privacy, data protection, and data security
• Advised numerous companies on legal issues relating to the acquisition, use, and disclosure of data from third-party platforms and other third-party sources
• Assisted companies with cross-border data transfers
• Counseled advertising technology companies regarding compliance with relevant laws, regulations, standards, and best practices
• Counseled developers of platform software, mobile device applications, and web-based services regarding privacy, data security, and e-commerce issues
• Counseled clients regarding the CAN-SPAM Act, Telephone Consumer Protection Act, Telephone Sales Rule, junk fax legislation, mobile spam regulations, and other state and federal laws bearing upon marketing communications in numerous jurisdictions
• Assisted several clients, including a number of large public companies, regarding the mitigation of, and other responses relating to, cybersecurity breaches and other data security breaches, including the coordination of nationwide reporting to consumers, and making other required notifications and taking other required compliance steps, in compliance with security breach notification laws
• Counseled numerous clients regarding the Children's Online Privacy Protection Act, laws in California and other states, seal program requirements, and other industry initiatives relating to the collection, use, and other processing of data relating to children
• Counseled educational technology and other companies on laws, regulations, and other requirements applicable to the collection, use, and other handling of student records and other data collected and processed in the educational context
• Counseled clients regarding compliance with state and federal restrictions on the collection and use of Social Security numbers and other personally identifiable information at the point of sale
• Counseled companies on the application of the Video Privacy Protection Act in the context of online and mobile streaming
• Counseled wireless telecommunications carriers regarding location-based privacy and other issues pertaining to access to, and use and disclosure of, customer proprietary network information
• Counseled clients regarding compliance with the Payment Card Industry Data Security Standard and other security requirements relating to their acceptance, storage, and handling of cardholder data

• J.D., University of California, Berkeley, Boalt Hall School of Law
  Executive Editor, California Law Review; Senior Executive Editor, Berkeley Business Law Journal; Managing Editor, Berkeley Technology Law Journal; Fellow, Berkeley Center for Law and Technology
• B.S., Biology, Washington State University
  Summa Cum Laude; Recipient, Presidential Scholarship; Recipient, S. Town Stephenson Award, University Honors College; Member, Phi Beta Kappa, Phi Eta Sigma, and Phi Kappa Phi honor societies

• Member, American Bar Association Section of Business Law (Privacy and Data Security Committee and Committee on Electronic Commerce)
• Member, American Bar Association Section of Science and Technology Law (E-Privacy Law Committee and Information Security Committee)
• Member, Washington State Bar Association

• Named to Washington Super Lawyers' list of "Rising Stars" in 2011-2018

Matt has authored or co-authored numerous publications, including the following:

• "California Consumer Privacy Act: Industry, Advocate, and Enforcement Concerns and Legislative Amendments," The WSGR Data Advisor, October 8, 2018
• "California Enacts Sweeping Privacy Law to Avert Potential Ballot Measure," The WSGR Data Advisor, July 3, 2018
• "New FTC Report Recommends Steps to Improve Mobile Security Updates," The WSGR Data Advisor, May 23, 2018
• "NAI Issues 2018 Update to Its Code of Conduct," The WSGR Data Advisor, January 24, 2018
• "Post-Spokeo Jurisdictional Divide Continues as Northern District of California Rejects TransUnion's Lack of Standing Argument," The WSGR Data Advisor, November 15, 2017
• Co-author with C. Readhead, "FTC Cracks Down on Lead Generation Company's Indiscriminate Sharing of Consumers' Sensitive Data," The WSGR Data Advisor, September 1, 2017
• Contributing Author, Guide to Cybersecurity Due Diligence in M&A Transactions, American Bar Association Business Law Section, ABA Publishing, 2017
• Co-author with J. Adams, "FAST Act Eases GLBA Compliance Burdens for Many Companies, Addresses Transportation and Infrastructure Privacy and Cybersecurity Issues," The WSGR Data Advisor, February 4, 2016
• "Privacy and Data Security Due Diligence," The WSGR Data Advisor, November 2015
• "Navigating Public Company Cybersecurity Obligations: Advising Boards and Disclosing to Investors," The WSGR Data Advisor, July 2015
• "Privacy and Data Security in Transactions: What's the Deal?" Eye on Privacy, February 2015
• "Proposed California Law Would Impose Data Breach Liability on Retailers and Create More Stringent Data Security Requirements for Businesses," Eye on Privacy, July 2014
• "Kaiser Foundation Health Plan Settles California Attorney General Charges over Delayed Data Breach Notification," Eye on Privacy, March 2014
• "California Extends Security Breach Notification Requirements to Online Account Credentials," Eye on Privacy, November 2013
• "Important Changes to the FCC’s Telephone Consumer Protection Act Rules Take Effect On October 16, 2013," WSGR Alert, October 15, 2013
• "Digital Advertising Alliance Releases Guidance on the Application of Its Self-Regulatory Principles to the Mobile Environment," Eye on Privacy, September 2013
• "FTC Recommends Consumer Protections for Mobile Payment Industry," Intellectual Property and Technology Law Journal, June 2013
• "California Supreme Court Holds Song-Beverly Act Inapplicable to Online Businesses Selling Downloadable Products," Eye on Privacy, March 2013
• "Social Networking Mobile App Developer Agrees to Pay $800,000 and Implement Comprehensive Privacy Program to Settle Claims for COPPA Violations and Deceptive Privacy Practices," WSGR Alert, February 5, 2013
• "FTC Releases Final Amendments to Children's Online Privacy Protection Rule," Eye on Privacy, January 2013
• "Mobile Apps Face Heightened Privacy Enforcement: Policies and Practices Scrutinized," WSGR Alert, December 21, 2012
• "FTC Announces $1 Million Penalty for Children's Privacy Violations by Fan-Club Website Operator," Eye on Privacy, November 2012
• "FTC Proposes Additional Revisions to Children's Online Privacy Protection Rule," Eye on Privacy, September 2012
• "FTC Releases Marketing and Privacy Guide for Mobile App Developers," WSGR Alert, September 18, 2012
• "Myspace Reaches Consent Agreement with FTC over Misrepresentations in Privacy Policy," Eye on Privacy, May 2012
• "FTC Releases Final Privacy Report, Sets Forth Best Practices, and Calls for Federal Privacy, Data Security, and Breach Notification Legislation," Eye on Privacy, May 2012
• "White House Proposes Consumer Privacy Bill of Rights, Seeks Adoption of Private Codes of Conduct, and Pushes Federal Privacy Legislation," WSGR Alert, February 28, 2012
• "New Principles for the Collection of Data Online Released," Law360, November 23, 2011
• "Federal Trade Commission Announces Settlement with Skidekids.com: Company Did Not Obtain Verifiable Parental Consent before Collecting Children's Personal Information," WSGR Alert, November 14, 2011
• "FTC Proposes Significant Revisions to Children's Online Privacy Protection Rule," WSGR Alert, September 20, 2011
• "Federal Court Approves the Application of the CAN-SPAM Act to Messages Sent within Social Networking Platforms," WSGR Alert, April 19, 2011
• "Ninth Circuit Holds that Increased Risk of Identity Theft Is Sufficient for Article III Standing: Privacy Class Actions Likely Tougher to Dismiss," WSGR Alert, January 24, 2011
• "FTC Releases Latest Privacy Report, Proposes New 'Do Not Track' Mechanism," WSGR Alert, December 13, 2010
• "New Washington State Data Security Law Effective July 1, 2010; Companies Should Assess Compliance with Several New State Data Security Laws," WSGR Alert, May 19, 2010
• "Red Flags Rules: Financial Institutions and Creditors with Covered Accounts Must Implement ID Theft Prevention Programs," American Bar Association Section of Antitrust Law, Insurance and Financial Services Committee Newsletter, Fall 2009
• "FTC Settlement with Sears Signals Increased Enforcement Risks for Privacy Missteps," WSGR Alert, June 15, 2009
• "FTC Extends Delayed Enforcement of Red Flags Rule until August 1, 2009; Provides Guided Template to Assist Companies in Developing Identity Theft Prevention Programs," WSGR Alert, May 18, 2009
• "FTC Issues New Guidelines for Online Behavioral Advertising," WSGR Alert, February 17, 2009
• "Children's Privacy Violations Lead to $1 Million Penalty," WSGR Alert, December 17, 2008
• "New CAN-SPAM Rules Clarify Online Marketing Requirements," WSGR Alert, May 27, 2008
• "Security Breach Notification," 1 Privacy and Data Security Law Journal 391, 2006
• Contributor, American Bar Association E-Privacy Law Database

• "Privacy and Cybersecurity: Hot Topics," Association of Corporate Counsel—Austin, Austin, Texas, June 28, 2018
• Panelist, "Cybersecurity Due Diligence and Cyber Risks in M&A Transactions," 2018 Investment Arbitration & Trans-Pacific Transactions Conference, ABA Section of International Law, Singapore, May 11, 2018
• Panelist, "Cybersecurity Due Diligence in Mergers and Acquisitions," ABA Section of Business Law Annual Meeting, September 14, 2017
• Panelist, "Dealing in Data: Privacy and Security in Commercial Transactions and M&A," IAPP Global Privacy Summit, Washington, D.C., April 20, 2017
• Panelist, "Cybersecurity Due Diligence in M&A Transactions," American Bar Association, Business Law Section Spring Meeting, April 2016
• "Current Privacy Issues: Big Data Analytics and Machine Learning," The Cloud and Big Data 2015, Law Seminars International, April 2015

• State Bar of Texas
• State Bar of Washington
• U.S. Patent and Trademark Office

Contact Information

900 South Capital of Texas Highway
Las Cimas IV
Fifth Floor
Austin, TX 78746
Phone | 512-338-5420

Email | Matt Staplesmstaples@wsgr.com

Areas of Expertise

Cybersecurity
Privacy and Data Protection

Print to PDF

Attorney Advertising  |  Privacy Policy  |  Terms of Use  |  Contact Us  |  Mailing List Signup  |  Copyright © 2019 WSGR