Privacy and Data Protection


Matthew Staples is a partner in the Austin office of Wilson Sonsini Goodrich & Rosati. Matt advises companies in a number of industries regarding privacy, data protection, cybersecurity, and other information security issues. Having worked extensively on privacy and data security matters since 2004, Matt possesses a depth of experience that allows him to help clients comply with numerous laws, regulations, self-regulatory requirements, industry standards, and best practices applicable to their collection, use, disclosure, transfer, and other processing of data. He helps clients navigate issues arising from novel and innovative data practices by offering practical risk assessments and pragmatic advice.

Matt's experience as a transactional lawyer allows him to address privacy, data security, and other matters relating to data in the context of various transactions. He helps our clients address these issues in the context of mergers, acquisitions, spin-offs, securities offerings, outsourcing transactions, strategic alliances, and other corporate transactions, as well as in outsourcing agreements, services arrangements, vendor agreements, and other commercial transactions.

Matt's experience includes representation of companies ranging in size from newly formed start-ups to large, multinational public companies in numerous industries.

The International Association of Privacy Professionals has designated Matt as a Certified Information Privacy Professional.

  • Counseled numerous clients on laws, regulations, industry standards, self-regulatory requirements, and best practices relating to privacy and data protection in numerous industries
  • Counseled clients regarding compliance with data security requirements imposed by numerous legal regimes, including the enforcement activity of the Federal Trade Commission, sector-specific federal legislation, and state laws
  • Prepared terms of service, privacy policies, and other forms of privacy notices for websites, mobile applications, and other services
  • Coordinated and conducted due diligence; negotiated representations, warranties, and covenants; and addressed transition and integration matters relating to privacy, data protection, and information security in connection with mergers, acquisitions, spin-offs, and other business transactions
  • Counseled numerous clients regarding the processing and transfer of data, including cross-border data transfers, in connection with mergers, acquisitions, asset sales, and other business transfers, including the design of practical solutions to permit the value of data to be conveyed while mitigating associated risks
  • Assisted several clients in the drafting and negotiation of data handling and data security provisions in the context of outsourcing, other types of services arrangements, and other commercial arrangements
  • Assisted numerous clients with preparing appropriate disclosures in securities filings relating to privacy, data protection, and data security
  • Advised numerous companies on legal issues relating to the acquisition, use, and disclosure of data from third-party platforms and other third-party sources
  • Assisted companies with cross-border data transfers
  • Counseled advertising technology companies regarding compliance with relevant laws, regulations, standards, and best practices
  • Counseled developers of platform software, mobile device applications, and web-based services regarding privacy, data security, and e-commerce issues
  • Counseled clients regarding the CAN-SPAM Act, Telephone Consumer Protection Act, Telephone Sales Rule, junk fax legislation, mobile spam regulations, and other state and federal laws bearing upon marketing communications in numerous jurisdictions
  • Assisted several clients, including a number of large public companies, regarding the mitigation of, and other responses relating to, cybersecurity breaches and other data security breaches, including the coordination of nationwide reporting to consumers, and making other required notifications and taking other required compliance steps, in compliance with security breach notification laws
  • Counseled numerous clients regarding the Children's Online Privacy Protection Act, laws in California and other states, seal program requirements, and other industry initiatives relating to the collection, use, and other processing of data relating to children
  • Counseled educational technology and other companies on laws, regulations, and other requirements applicable to the collection, use, and other handling of student records and other data collected and processed in the educational context
  • Counseled clients regarding compliance with state and federal restrictions on the collection and use of Social Security numbers and other personally identifiable information at the point of sale
  • Counseled companies on the application of the Video Privacy Protection Act in the context of online and mobile streaming
  • Counseled wireless telecommunications carriers regarding location-based privacy and other issues pertaining to access to, and use and disclosure of, customer proprietary network information
  • Counseled clients regarding compliance with the Payment Card Industry Data Security Standard and other security requirements relating to their acceptance, storage, and handling of cardholder data
  • J.D., University of California, Berkeley, Boalt Hall School of Law
    Executive Editor, California Law Review; Senior Executive Editor, Berkeley Business Law Journal; Managing Editor, Berkeley Technology Law Journal; Fellow, Berkeley Center for Law and Technology
  • B.S., Biology, Washington State University
    Summa Cum Laude; Recipient, Presidential Scholarship; Recipient, S. Town Stephenson Award, University Honors College; Member, Phi Beta Kappa, Phi Eta Sigma, and Phi Kappa Phi honor societies
  • Member, American Bar Association Section of Business Law (Privacy and Data Security Committee and Committee on Electronic Commerce)
  • Member, American Bar Association Section of Science and Technology Law (E-Privacy Law Committee and Information Security Committee)
  • Member, Washington State Bar Association
  • Named to Washington Super Lawyers' list of "Rising Stars" in 2011-2018

Matt has authored or co-authored numerous publications, including the following:

  • "Privacy and Cybersecurity: Hot Topics," Association of Corporate Counsel—Austin, Austin, Texas, June 28, 2018
  • Panelist, "Cybersecurity Due Diligence and Cyber Risks in M&A Transactions," 2018 Investment Arbitration & Trans-Pacific Transactions Conference, ABA Section of International Law, Singapore, May 11, 2018
  • Panelist, "Cybersecurity Due Diligence in Mergers and Acquisitions," ABA Section of Business Law Annual Meeting, September 14, 2017
  • Panelist, "Dealing in Data: Privacy and Security in Commercial Transactions and M&A," IAPP Global Privacy Summit, Washington, D.C., April 20, 2017
  • Panelist, "Cybersecurity Due Diligence in M&A Transactions," American Bar Association, Business Law Section Spring Meeting, April 2016
  • "Current Privacy Issues: Big Data Analytics and Machine Learning," The Cloud and Big Data 2015, Law Seminars International, April 2015
  • State Bar of Texas
  • State Bar of Washington
  • U.S. Patent and Trademark Office

Contact Information

900 South Capital of Texas Highway
Las Cimas IV
Fifth Floor
Austin, TX 78746
Phone | 512-338-5420

Email | Matt

Areas of Expertise

Print to PDF