Susan Lyon, Special Counsel

Susan Lyon is co-chair of Cooley LLP's Privacy practice group.  Ms. Lyon counsels clients from small start-ups to major Internet, technology, advertising and telecommunications companies on a wide range of U.S. and international privacy and data security issues.  Representative areas of expertise include CAN-SPAM, FTC Act, Children's Online Privacy Protections Act (COPPA), telemarketing laws, data security and data breach notice obligations, behavioral targeting and advertising, online and mobile tracking and monitoring using automatic tracking technology, facial recognition and biometrics, cloud computing strategy, and legislative and regulatory policy and outreach.

Ms. Lyon formerly served as an in-house privacy counsel with Microsoft Corp., where she was the lead attorney responsible for U.S. and international privacy law compliance for all sales and marketing activities and legislative policy in the area of privacy, data security, and online safety.  Prior to Microsoft she was privacy counsel at Dell, Inc.

Ms. Lyon graduated from the University of Texas School of Law and earned her Bachelor of Arts degree from the University of Texas at Austin.  She is a member of the International Association of Privacy Professionals and recent Academic Advisory Board Member.

Representative Experience

• Defends companies from start-ups to large corporations in privacy and security investigations brought by the Federal Trade Commission (FTC), state attorneys general and consumer agencies, and international data protection authorities, including representation of HTC in FTC investigation, settlement, and order compliance of alleged mobile security vulnerabilities and AdMob in FTC privacy investigation relating to Google acquisition.
• Represented clients in CAN-SPAM, FTC Act and Children's Online Privacy Protection Act federal regulatory investigations.
• Drafted comments to FTC and Department of Commerce privacy reports on behalf of CTIA, the Wireless Association.
• Develops employee and customer privacy and security policies, programs and training, including safe harbor programs, for numerous technology and retail clients.
• Conducts privacy due diligence for mergers and acquisitions.
• Guides clients through data security breach response remediation and notification obligations.
• Advises clients on cloud computing data protection issues and strategy.
• Counsels clients on privacy issues relating to behavioral targeting and advertising, online and mobile tracking and monitoring using automatic tracking technology such as IP address, cookies, Web beacons, location-based services and the like and on related issues of anonymization, aggregation and de-identification. 
• Provide frequent counsel on global strategy for privacy compliance in the area of marketing and sales and regarding EU data transfers.

Presentations

• Privacy Law Update, Silicon Valley Association of General Counsel – All Hands Meeting, December 2012
• Champagne Privacy on a Beer Budget for Start-Ups, Rocketspace Breakfast Series, December 2012
• Saying "I Do": Data Protection Vows in Your Attorney-Client Relationship, International Association of Privacy Professionals Academy, October 2012
• Data Privacy Inside Scoop You Need to Know, General Counsel Forum, September 2012
• Overview of Data Privacy Law Landscape, The Seminar Group, Data Protection Conference, June 2012
• What the Regulatory Environment Means for Industry (Moderator), Privacy Identity Innovation 2012 Seattle, May 2012
• 2012 Berkeley Consumer Privacy Survey, Berkeley Law Privacy Forum, Berkeley Center for Law and Technology, April 2012
• "Champagne Privacy on a Beer Budget," IAPP Privacy Summit, March 2011
• "Mobile Privacy:  Is There an App for That?" Moderator, IAPP Privacy Academy, September 2010
• "Email Messaging and Social Media Marketing," Online Trust Alliance Email Compliance and Deliverability Academy, September 2010
• "The Smart Grid: How Smart is Too Smart," Panelist, The 2010 Santa Clara Computer and High Technology Law Journal Symposium, January 2010
• "The Balance of Privacy and Social Networking," Panelist, Avvocating Conference, 2010
• "Champagne Privacy on a Beer Budget," IAPP Privacy Academy, September 2009
• "Privacy Issues Regarding Smart Grid Technology," ITech Law Conference, 2009
• "Survival Guide to E-mail Marketing Database and Delivery System Reviews," IAPP Privacy Summit, March 2009
•  "Building Your Privacy Dream House," IAPP Privacy Conference, March 2008
• "Internet Safety and Security," California Legislative Caucus Retreat, November 2006
• "Online Safety," AeA State Policy Network Discussion, August 2006
• "New Domestic Information Privacy and Security Legislation and Policy:  The Last Twelve Months," Practicing Law Institute (PLI) Privacy and Security Law Conference, Chicago, July 2006
• "Industry Privacy Issues:  Marketing," IAPP Privacy Academy, October 2005
• "Privacy and Technology: Striking a Legal Balance - Arthur Miller Event," Panelist, Austin Bar Association August 2005
• "Update on U.S. Privacy Issues," University of Texas Computer & Technology Law Conference, June 2005

Publications

• "An Overview of Significant U.S. Data Breach Cases and Enforcement Actions," Chapter of Cybercrime and Security Treatise, 2010
• "Personal Information Security," Chapter of Washington Nonprofit Handbook: How to Form and Maintain a Nonprofit Corporation in Washington State, 2009
• Privacy Challenges to Smart Grid," Sustainable Industries, May 27, 2009
• "US: Sony Music:  $1 million FTC COPPA settlement," Data Protection Law & Policy, January 2009
• "Prior to Data Loss, Check That Contract," Digital Transactions, December 2008
• "New PCI Data Security Standards Expand Obligations," Privacy Advisor, November 2008

Press Coverage

Quoted in:

• "FTC's 2nd Privacy Report Turns Up Heat On Kids' Apps," Law360, December 10, 2012
• "FTC proposes an update to ancient online law, COPPA," Marketplace, August 2, 2012
• "Burning Question: Why Do Emails Contain Legal Warnings?," Wired, December 27, 2010 
• "Web Marketers Wary of FTC's 'Do Not Track' Initiative," eWeek, December 2, 2010
• "Build Privacy, Security in Electric Smart Grid Now to Fend Off Breaches, Attorney Advises," BNA Privacy & Security Law Report February 8, 2010
• "Resiliency: Spring Back; Don't Fall Forward," Security Magazine, December 2009
• "States' Weapon of Choice against ID Theft: Transparency," Creditcard.com, October 1, 2009
• "Watching Out for a National Cyberdisaster" Inside Counsel, September 2009
• "Utilities' Smart Meters Save Money, but Erode Privacy," Philadelphia Inquirer, September 6, 2009
• "Privacy Powerbrokers," Inside Counsel, September 2006
• "Privacy Issues Pop Up for Microsoft, Dell," Inside 1to1 Privacy, November 10, 2005

Education

• University of Texas School of Law
  JD, 1998
• Texas, Univ of
  BA, 1995

Memberships

• American Bar Association