• Member, American Bar Association Section of Business Law (Privacy and Data Security Committee and Committee on Electronic Commerce)
• Member, American Bar Association Section of Science and Technology Law (E-Privacy Law Committee and Information Security Committee)
• Member, Washington State Bar Association

• Named to Washington Super Lawyers' list of "Rising Stars" in 2011-2018

Select Matters

• Counseled clients on laws, regulations, industry standards, self-regulatory requirements, and best practices relating to privacy, data protection, and cybersecurity in numerous industries, including autonomous vehicles, artificial intelligence (AI), electronic gaming, fintech, payments, adtech, Internet of Things (IoT), software-as-a-service (SaaS), the metaverse, cloud computing, pharmaceuticals, and others
• Counseled clients regarding compliance with cybersecurity requirements imposed by numerous legal regimes, including the California Consumer Privacy Act, as modified by the California Privacy Rights and Enforcement Act, compressive privacy statutes in several other states, the enforcement activity of the Federal Trade Commission, sector-specific federal legislation, and other state laws, including biometrics legislation
• Prepared terms of service, privacy policies, and other forms of privacy notices for various online services and consumer-facing offerings
• Coordinated and conducted due diligence; negotiated representations, warranties, and covenants; and addressed transition and integration matters relating to privacy, data protection, and cybersecurity in connection with hundreds of mergers, acquisitions, spin-offs, and other significant corporate transactions
• Counseled numerous clients regarding the acquisition, use, transfer, and other processing of data, including cross-border data transfers, in connection with mergers, acquisitions, asset sales, and other business transfers, including the design of practical solutions to permit the value of key data sets to be maintained while mitigating associated risks
• Assisted several clients in the drafting and negotiation of cybersecurity and data processing provisions in the context of outsourcing, other types of services arrangements, and numerous other commercial arrangements
• Assisted numerous clients with preparing appropriate risk factor disclosures, MD&A, and other contents of securities filings relating to data processing, AI, privacy, data protection, and cybersecurity
• Advised numerous companies on legal issues and risks, and strategies for managing the same, relating to the acquisition, use, and disclosure of data from third-party sources
• Counseled advertising technology companies regarding compliance with relevant laws, regulations, standards, and best practices
• Counseled developers of platform software, mobile device applications, connected devices, autonomous vehicles, and other consumer-facing services and interfaces regarding privacy, cybersecurity, and data processing issues
• Counseled clients regarding the CAN-SPAM Act, Telephone Consumer Protection Act, Telephone Sales Rule, junk fax legislation, mobile spam regulations, and other state and federal laws bearing upon email, text messaging and SMS, push messaging, and other forms of consumer communications in numerous jurisdictions
• Assisted several clients, including several large public companies, regarding the mitigation of, and other responses relating to, cybersecurity breaches and incidents, including the coordination of nationwide reporting to consumers, and making other required notifications and taking other required compliance steps, in compliance with security breach notification laws
• Counseled numerous clients regarding the Children's Online Privacy Protection Act, numerous laws in California and other states, seal program requirements, and other industry initiatives relating to the collection, use, and other processing of data relating to children within and outside of the educational context
• Counseled educational technology and other companies on laws, regulations, and other requirements applicable to the collection, use, and other handling of student records and other data collected and processed in the educational context
• Counseled companies on the application of the Video Privacy Protection Act in the context of online and mobile streaming
• Counseled wireless telecommunications carriers regarding location-based privacy and other issues pertaining to access to, and use and disclosure of, customer proprietary network information
• Counseled clients regarding compliance with the Payment Card Industry Data Security Standard and other security requirements relating to their acceptance, storage, and handling of cardholder data

Select Publications

Matt has authored or co-authored numerous publications, including the following:

• "California Consumer Privacy Act: Industry, Advocate, and Enforcement Concerns and Legislative Amendments," The WSGR Data Advisor, October 8, 2018
• "California Enacts Sweeping Privacy Law to Avert Potential Ballot Measure," The WSGR Data Advisor, July 3, 2018
• "New FTC Report Recommends Steps to Improve Mobile Security Updates," The WSGR Data Advisor, May 23, 2018
• "NAI Issues 2018 Update to Its Code of Conduct," The WSGR Data Advisor, January 24, 2018
• "Post-Spokeo Jurisdictional Divide Continues as Northern District of California Rejects TransUnion's Lack of Standing Argument," The WSGR Data Advisor, November 15, 2017
• Co-author with C. Readhead, "FTC Cracks Down on Lead Generation Company's Indiscriminate Sharing of Consumers' Sensitive Data," The WSGR Data Advisor, September 1, 2017
• Contributing Author, Guide to Cybersecurity Due Diligence in M&A Transactions, American Bar Association Business Law Section, ABA Publishing, 2017
• Co-author with J. Adams, "FAST Act Eases GLBA Compliance Burdens for Many Companies, Addresses Transportation and Infrastructure Privacy and Cybersecurity Issues," The WSGR Data Advisor, February 4, 2016
• "Privacy and Data Security Due Diligence," The WSGR Data Advisor, November 2015
• "Navigating Public Company Cybersecurity Obligations: Advising Boards and Disclosing to Investors," The WSGR Data Advisor, July 2015
• "Privacy and Data Security in Transactions: What's the Deal?" Eye on Privacy, February 2015
• "Proposed California Law Would Impose Data Breach Liability on Retailers and Create More Stringent Data Security Requirements for Businesses," Eye on Privacy, July 2014
• "Kaiser Foundation Health Plan Settles California Attorney General Charges over Delayed Data Breach Notification," Eye on Privacy, March 2014
• "California Extends Security Breach Notification Requirements to Online Account Credentials," Eye on Privacy, November 2013
• "Important Changes to the FCC’s Telephone Consumer Protection Act Rules Take Effect On October 16, 2013," WSGR Alert, October 15, 2013
• "Digital Advertising Alliance Releases Guidance on the Application of Its Self-Regulatory Principles to the Mobile Environment," Eye on Privacy, September 2013
• "FTC Recommends Consumer Protections for Mobile Payment Industry," Intellectual Property and Technology Law Journal, June 2013
• "California Supreme Court Holds Song-Beverly Act Inapplicable to Online Businesses Selling Downloadable Products," Eye on Privacy, March 2013
• "Social Networking Mobile App Developer Agrees to Pay $800,000 and Implement Comprehensive Privacy Program to Settle Claims for COPPA Violations and Deceptive Privacy Practices," WSGR Alert, February 5, 2013
• "FTC Releases Final Amendments to Children's Online Privacy Protection Rule," Eye on Privacy, January 2013
• "Mobile Apps Face Heightened Privacy Enforcement: Policies and Practices Scrutinized," WSGR Alert, December 21, 2012
• "FTC Announces $1 Million Penalty for Children's Privacy Violations by Fan-Club Website Operator," Eye on Privacy, November 2012
• "FTC Proposes Additional Revisions to Children's Online Privacy Protection Rule," Eye on Privacy, September 2012
• "FTC Releases Marketing and Privacy Guide for Mobile App Developers," WSGR Alert, September 18, 2012
• "Myspace Reaches Consent Agreement with FTC over Misrepresentations in Privacy Policy," Eye on Privacy, May 2012
• "FTC Releases Final Privacy Report, Sets Forth Best Practices, and Calls for Federal Privacy, Data Security, and Breach Notification Legislation," Eye on Privacy, May 2012
• "White House Proposes Consumer Privacy Bill of Rights, Seeks Adoption of Private Codes of Conduct, and Pushes Federal Privacy Legislation," WSGR Alert, February 28, 2012
• "New Principles for the Collection of Data Online Released," Law360, November 23, 2011
• "Federal Trade Commission Announces Settlement with Skidekids.com: Company Did Not Obtain Verifiable Parental Consent before Collecting Children's Personal Information," WSGR Alert, November 14, 2011
• "FTC Proposes Significant Revisions to Children's Online Privacy Protection Rule," WSGR Alert, September 20, 2011
• "Federal Court Approves the Application of the CAN-SPAM Act to Messages Sent within Social Networking Platforms," WSGR Alert, April 19, 2011
• "Ninth Circuit Holds that Increased Risk of Identity Theft Is Sufficient for Article III Standing: Privacy Class Actions Likely Tougher to Dismiss," WSGR Alert, January 24, 2011
• "FTC Releases Latest Privacy Report, Proposes New 'Do Not Track' Mechanism," WSGR Alert, December 13, 2010
• "New Washington State Data Security Law Effective July 1, 2010; Companies Should Assess Compliance with Several New State Data Security Laws," WSGR Alert, May 19, 2010
• "Red Flags Rules: Financial Institutions and Creditors with Covered Accounts Must Implement ID Theft Prevention Programs," American Bar Association Section of Antitrust Law, Insurance and Financial Services Committee Newsletter, Fall 2009
• "FTC Settlement with Sears Signals Increased Enforcement Risks for Privacy Missteps," WSGR Alert, June 15, 2009
• "FTC Extends Delayed Enforcement of Red Flags Rule until August 1, 2009; Provides Guided Template to Assist Companies in Developing Identity Theft Prevention Programs," WSGR Alert, May 18, 2009
• "FTC Issues New Guidelines for Online Behavioral Advertising," WSGR Alert, February 17, 2009
• "Children's Privacy Violations Lead to $1 Million Penalty," WSGR Alert, December 17, 2008
• "New CAN-SPAM Rules Clarify Online Marketing Requirements," WSGR Alert, May 27, 2008
• "Security Breach Notification," 1 Privacy and Data Security Law Journal 391, 2006
• Contributor, American Bar Association E-Privacy Law Database

Select Speaking Engagements

• "Privacy and Cybersecurity: Hot Topics," Association of Corporate Counsel—Austin, Austin, Texas, June 28, 2018
• Panelist, "Cybersecurity Due Diligence and Cyber Risks in M&A Transactions," 2018 Investment Arbitration & Trans-Pacific Transactions Conference, ABA Section of International Law, Singapore, May 11, 2018
• Panelist, "Cybersecurity Due Diligence in Mergers and Acquisitions," ABA Section of Business Law Annual Meeting, September 14, 2017
• Panelist, "Dealing in Data: Privacy and Security in Commercial Transactions and M&A," IAPP Global Privacy Summit, Washington, D.C., April 20, 2017
• Panelist, "Cybersecurity Due Diligence in M&A Transactions," American Bar Association, Business Law Section Spring Meeting, April 2016
• "Current Privacy Issues: Big Data Analytics and Machine Learning," The Cloud and Big Data 2015, Law Seminars International, April 2015