Michael Egan

Michael has focused on cyber/data/privacy issues in the areas of technology, innovation, retail and consumer solutions, life sciences, manufacturing, financial services, and healthcare since 2007. He advises clients on all legal aspects of global privacy and data protection, data security, data breach, information technology, and related restrictions on data collection and transfer. He has represented companies before numerous government agencies and bodies, including the US Federal Trade Commission, the US Department of Justice, and the US Securities and Exchange Commission, as well as data protection authorities around the world, regarding disclosure of data security compliance issues, internal investigation findings, remediation measures and settlement terms.

Michael’s practice focuses primarily on the ever-changing privacy and security regulatory landscape faced by companies in the US and globally. He also advises companies on how best to address the requirements related to personal data, consumer protection, data security and breach preparation and response, cookies and marketing, cross-border data flows, e-monitoring, eDiscovery procedures, outsourcing, social media, and other privacy-related issues. 

Michael’s notable representative matters include:

• Global privacy law compliance – Advising clients on compliance with the European Union’s General Data Protection Regulation, the California Consumer Privacy Act, China’s Personal Information Protection Law, Brazil’s General Personal Data Protection Law, and other US and global data privacy and protection laws in the development of new consumer products, adtech solutions, blockchain services and financial services*
• Global privacy program development – Advising clients regarding all aspects of privacy program creation, development and enhancement to comply with rapidly developing regulatory requirements globally in a commercially practicable manner*
• Data security law compliance – Advising clients on compliance with US and other data security and breach notification laws, including the development of data security incident response policies and procedures, as well as accompanying tabletop exercises*
• Data breach response – Advising an entertainment company in connection with a nation-state attack that caused one of the largest data breaches in US history; an international travel provider in relation to a global ransomware attack; a financial services company in connection with the publication of internal documents; and a consumer technology company in relation to a large ransomware attack*
• Health Insurance Portability and Accountability Act (HIPAA) – Providing legal advice to covered entities under the Health Insurance Portability and Accountability Act with respect to compliance with the HIPAA Privacy and Security Rules, managing data security incidents, and responding to inquiries from and investigations by the US Department of Health and Human Services’ Office for Civil Rights*

*Representation handled prior to joining Cooley