F. Paul Pittman

Some representative matters include:

• Advise industry leading global e-commerce technology company on developing data privacy, advertising and marketing strategy and compliance program under applicable data privacy laws including the California Privacy Rights Act.
• Guided over a dozen companies, including retail, technology, social media, hospitality and electronic device companies through assessing applicability and compliance obligations, and directing implementation activities, under the California Consumer Privacy Action.
• Advised global social media company on data privacy issues relating to the development and introduction of virtual wallet.
• Advised global online marketplace on permissible collection, use and disclosure of personal health information pursuant to HIPAA in emerging business line.
• Counseled an online advertising provider on permissible data collection and usage, and on development of a privacy notice to comply with online and mobile data industry standards such as DAA and NAI.
• Guided over 50 companies in the financial, e-commerce healthcare, retail and banking industries in responding to data security incidents and data breaches, including directing forensic investigations and navigating notification obligations under state, federal and international laws following cyberattacks, including:
  • a global cybersecurity company through incident response efforts, including law enforcement interface, to successfully resolve software supply chain attack that resulted in the infection of millions of customer computers with malware.
  • a global hotelier through a data breach involving millions of potentially impacted individuals at hundreds of locations spanning 50 countries.
  • an online retailer through responding to, and investigating, a data breach involving the alteration of webpage code that enabled the collection of credentials and other personal information entered into the webpage.
  • a historic entertainment complex through data breach impacting the payment card information of half a million visitors.
• Conducted numerous “tabletop” exercises with company executives and information technology teams to assess preparedness, and advise on implementation of incident response plan.
• Represented companies on privacy and data security matters in corporate transactions, including mergers, acquisitions, securitizations, financings and securities offerings, including:
  • Saudi Arabian Oil Company (Saudi Aramco) on its US$25.6 billion IPO—the world’s largest IPO to date.
  • Jack in the Box, in connection with a US$1.3 billion initial issuance and sale of asset-backed notes under a whole business securitization.
  • Guggenheim Securities, in its US$1.9 billion initial issuance and sale of asset-back certificates of Domino’s under a whole business securitization.
  • Brookfield Infrastructure, a global infrastructure company, in connection with the US$2.6 billion acquisition of Cincinnati Bell Inc. (CBB).
  • Tufin Software Technologies Ltd. (NYSE:  TUFN), a provider of policy management software, in its US$108 million initial public offering on the New York Stock Exchange.
  • Brookfield Infrastructure, a global infrastructure company, in connection with the US$8.4 billion acquisition of Genesee & Wyoming, Inc.
  • Guggenheim Securities, in its US$1.2 billion initial issuance and sale of asset-backed notes of Planet Fitness under a whole business securitization.