MATTHEW STAPLES

Of Counsel
Privacy and Data Protection

Matthew Staples is Of Counsel in the Seattle office of Wilson Sonsini Goodrich & Rosati. Matt's practice focuses on addressing matters relating to consumer data, including privacy and data security matters, in the context of mergers, acquisitions, spin-offs, securities offerings, outsourcing transactions, strategic alliances, services arrangements, and other corporate- and intellectual property-related transactions. He also advises companies on privacy, data security, and other issues relating to the acquisition, use, monetization, and disclosure of consumer data. His experience includes representation of companies ranging in size from privately funded companies to large, multinational public companies in numerous industries.

The International Association of Privacy Professionals has designated Matt as a Certified Information Privacy Professional.

• Conducted due diligence, and negotiated representations, warranties, and covenants, relating to privacy, data security, and other matters relating to consumer data in connection with mergers, acquisitions, spin-offs, and other business transactions
• Counseled numerous clients regarding practical issues relating to the processing and transfer of consumer data in connection with mergers, acquisitions, asset sales, and other business transfers
• Assisted several clients in the negotiation of data handling and data security provisions in the context of outsourcing and other services arrangements
• Counseled numerous clients regarding COPPA and other federal and state privacy laws
• Counseled clients regarding compliance with data security requirements imposed by the Gramm-Leach-Bliley Act (GLB), Sarbanes-Oxley (SOX), and laws in California and numerous other states, including Massachusetts CMR 17.00
• Counseled clients regarding the CAN-SPAM Act, Telephone Consumer Protection Act, Telephone Sales Rule, junk fax legislation, mobile spam regulations, and other state and federal laws bearing upon marketing communications
• Assisted several clients, including a number of large public companies, regarding the mitigation of, and other responses relating to, cybersecurity breaches and other data security breaches, including the coordination of nationwide reporting to consumers in compliance with state security breach notification laws
• Counseled wireless telecommunications carriers regarding location-based privacy, "pretexting," and other issues pertaining to access to, and use and disclosure of, customer proprietary network information (CPNI)
• Counseled clients regarding compliance with the Payment Card Industry Data Security Standard and other security requirements relating to the acceptance of debit and credit cards
• Prepared website privacy policies and terms of use for several clients
• Assisted companies with restrictions on cross-border data transfers
• Counseled developers of platform software, mobile-device applications, and Web-based services regarding privacy, data security, and e-commerce issues
• Counseled clients regarding compliance with state and federal restrictions on the collection and use of Social Security numbers (SSNs) and other personally identifiable information at the point of sale
• Counseled mobile payment processing company regarding the development of privacy and security policies and its agreements with merchants and consumers
• Represented wireless telecommunications carrier in the drafting and negotiation of call center outsourcing agreements with service providers in the U.S. and Canada
• Assisted online behavioral advertising (OBA) technology provider in the development of internal privacy guidelines relating to its OBA preferences directory, its guidelines for behavioral targeting, and its privacy policy, and with the drafting and negotiation of its inbound and outbound data license agreements
• Counseled online social network platform provider regarding the development of its privacy management functionality and its public-facing privacy policy
• Counseled online social networking platform provider regarding privacy and consumer protection issues relating to its targeted advertising offerings
• Counseled wireless hardware manufacturer regarding the collection and use of location information from wireless devices

• J.D., University of California, Berkeley, Boalt Hall School of Law
  Executive Editor, California Law Review; Senior Executive Editor, Berkeley Business Law Journal; Managing Editor, Berkeley Technology Law Journal; Fellow, Berkeley Center for Law and Technology
• B.S., Biology, Washington State University
  Summa Cum Laude; Recipient, Presidential Scholarship; Recipient, S. Town Stephenson Award, University Honors College; Member, Phi Beta Kappa, Phi Eta Sigma, and Phi Kappa Phi honor societies

• Member, American Bar Association Section of Business Law (Privacy and Data Security Committee and Committee on Electronic Commerce)
• Member, American Bar Association Section of Science and Technology Law (E-Privacy Law Committee and Information Security Committee)
• Member, Washington State Bar Association

• Named to Washington Super Lawyers' list of "Rising Stars" in 2011-2017

Matt has authored or co-authored numerous publications, including the following:

• Co-author with C. Readhead, "FTC Cracks Down on Lead Generation Company's Indiscriminate Sharing of Consumers' Sensitive Data," The WSGR Data Advisor, September 1, 2017
• Contributing Author, Guide to Cybersecurity Due Diligence in M&A Transactions, American Bar Association Business Law Section, ABA Publishing, 2017
• Co-author with J. Adams, "FAST Act Eases GLBA Compliance Burdens for Many Companies, Addresses Transportation and Infrastructure Privacy and Cybersecurity Issues," The WSGR Data Advisor, February 4, 2016
• "Privacy and Data Security Due Diligence," The WSGR Data Advisor, November 2015
• "Navigating Public Company Cybersecurity Obligations: Advising Boards and Disclosing to Investors," The WSGR Data Advisor, July 2015
• "Privacy and Data Security in Transactions: What's the Deal?" Eye on Privacy, February 2015
• "Proposed California Law Would Impose Data Breach Liability on Retailers and Create More Stringent Data Security Requirements for Businesses," Eye on Privacy, July 2014
• "Kaiser Foundation Health Plan Settles California Attorney General Charges over Delayed Data Breach Notification," Eye on Privacy, March 2014
• "California Extends Security Breach Notification Requirements to Online Account Credentials," Eye on Privacy, November 2013
• "Important Changes to the FCC’s Telephone Consumer Protection Act Rules Take Effect On October 16, 2013," WSGR Alert, October 15, 2013
• "Digital Advertising Alliance Releases Guidance on the Application of Its Self-Regulatory Principles to the Mobile Environment," Eye on Privacy, September 2013
• "FTC Recommends Consumer Protections for Mobile Payment Industry," Intellectual Property and Technology Law Journal, June 2013
• "California Supreme Court Holds Song-Beverly Act Inapplicable to Online Businesses Selling Downloadable Products," Eye on Privacy, March 2013
• "Social Networking Mobile App Developer Agrees to Pay $800,000 and Implement Comprehensive Privacy Program to Settle Claims for COPPA Violations and Deceptive Privacy Practices," WSGR Alert, February 5, 2013
• "FTC Releases Final Amendments to Children's Online Privacy Protection Rule," Eye on Privacy, January 2013
• "Mobile Apps Face Heightened Privacy Enforcement: Policies and Practices Scrutinized," WSGR Alert, December 21, 2012
• "FTC Announces $1 Million Penalty for Children's Privacy Violations by Fan-Club Website Operator," Eye on Privacy, November 2012
• "FTC Proposes Additional Revisions to Children's Online Privacy Protection Rule," Eye on Privacy, September 2012
• "FTC Releases Marketing and Privacy Guide for Mobile App Developers," WSGR Alert, September 18, 2012
• "Myspace Reaches Consent Agreement with FTC over Misrepresentations in Privacy Policy," Eye on Privacy, May 2012
• "FTC Releases Final Privacy Report, Sets Forth Best Practices, and Calls for Federal Privacy, Data Security, and Breach Notification Legislation," Eye on Privacy, May 2012
• "White House Proposes Consumer Privacy Bill of Rights, Seeks Adoption of Private Codes of Conduct, and Pushes Federal Privacy Legislation," WSGR Alert, February 28, 2012
• "New Principles for the Collection of Data Online Released," Law360, November 23, 2011
• "Federal Trade Commission Announces Settlement with Skidekids.com: Company Did Not Obtain Verifiable Parental Consent before Collecting Children's Personal Information," WSGR Alert, November 14, 2011
• "FTC Proposes Significant Revisions to Children's Online Privacy Protection Rule," WSGR Alert, September 20, 2011
• "Federal Court Approves the Application of the CAN-SPAM Act to Messages Sent within Social Networking Platforms," WSGR Alert, April 19, 2011
• "Ninth Circuit Holds that Increased Risk of Identity Theft Is Sufficient for Article III Standing: Privacy Class Actions Likely Tougher to Dismiss," WSGR Alert, January 24, 2011
• "FTC Releases Latest Privacy Report, Proposes New 'Do Not Track' Mechanism," WSGR Alert, December 13, 2010
• "New Washington State Data Security Law Effective July 1, 2010; Companies Should Assess Compliance with Several New State Data Security Laws," WSGR Alert, May 19, 2010
• "Red Flags Rules: Financial Institutions and Creditors with Covered Accounts Must Implement ID Theft Prevention Programs," American Bar Association Section of Antitrust Law, Insurance and Financial Services Committee Newsletter, Fall 2009
• "FTC Settlement with Sears Signals Increased Enforcement Risks for Privacy Missteps," WSGR Alert, June 15, 2009
• "FTC Extends Delayed Enforcement of Red Flags Rule until August 1, 2009; Provides Guided Template to Assist Companies in Developing Identity Theft Prevention Programs," WSGR Alert, May 18, 2009
• "FTC Issues New Guidelines for Online Behavioral Advertising," WSGR Alert, February 17, 2009
• "Children's Privacy Violations Lead to $1 Million Penalty," WSGR Alert, December 17, 2008
• "New CAN-SPAM Rules Clarify Online Marketing Requirements," WSGR Alert, May 27, 2008
• "Security Breach Notification," 1 Privacy and Data Security Law Journal 391, 2006
• Contributor, American Bar Association E-Privacy Law Database

• Panelist, "Cybersecurity Due Diligence in Mergers and Acquisitions," ABA Section of Business Law Annual Meeting, September 14, 2017
• Panelist, "Dealing in Data: Privacy and Security in Commercial Transactions and M&A," IAPP Global Privacy Summit, Washington, D.C., April 20, 2017
• Panelist, "Cybersecurity Due Diligence in M&A Transactions," American Bar Association, Business Law Section Spring Meeting, April 2016
• "Current Privacy Issues: Big Data Analytics and Machine Learning," The Cloud and Big Data 2015, Law Seminars International, April 2015

• State Bar of Washington
• U.S. Patent and Trademark Office

Contact Information

701 Fifth Avenue
Suite 5100
Seattle, WA 98104
Phone | 206-883-2583

Email | Matthew Staplesmstaples@wsgr.com

Areas of Expertise

Privacy and Data Protection

Print to PDF

Attorney Advertising  |  Privacy Policy  |  Terms of Use  |  Contact Us  |  Mailing List Signup  |  Copyright © 2017 WSGR