Download vCard

+1 202 637 6833

+1 202 637 5910

Timothy P. Tobin
Partner, Washington, D.C.
Share on Facebook Share on LinkedIn Share on Twitter Bookmark this page Email This Page Print This Page Export to Word

Tim Tobin concentrates on consumer protection matters with a particular focus on privacy and data security law. Tim also counsels businesses on various Internet and e-commerce issues.

Tim has extensive experience counseling and representing clients from all industry sectors for their privacy and data security obligations. Tim advises clients on a wide array of state and federal privacy laws and regulations, such as those arising under the Gramm-Leach Bliley Act (GLBA); the Fair Credit Reporting Act (FCRA), including amendments to FCRA under the Fair and Accurate Credit Transactions Act (FACTA) that require Red Flags programs to detect identity theft, address affiliate marketing, and address disposal of certain records; the Cable Act; the Telecommunications Act of 1996, including the FCC's CPNI rules; the Children's Online Privacy Protection Act (COPPA); Section 5 of the Federal Trade Commission Act; the Electronic Communications Privacy Act (ECPA); and others. Internationally, Tim advises clients on appropriate mechanisms for the legal cross-border transfer of personal information world-wide. As to transfers from the European Union, Tim has helped clients obtain certifications under the Department of Commerce's safe harbor program and to select from other alternatives such as model contractual clauses or binding corporate rules. Tim has written and lectured on cross-border data transfer issues in the United States and abroad, including on the unique issues presented by e-discovery of data held abroad in U.S.-based litigation.

Tim also regularly counsels clients on data breach incidents, both large and small. He has represented clients in multiple data breaches that have affected millions of individuals. Tim has litigated class action lawsuits and has represented clients in investigations before the Federal Trade Commission and state Attorneys General arising from data breaches. Tim regularly conducts legal privacy assessments for clients to determine the scope of a company's legal obligations regarding personally identifiable information under its control and the company's compliance with those obligations, and helps clients develop appropriate policies applicable to both online and offline data, including comprehensive written information security programs.

Tim's practice also encompasses a broad array of marketing and consumer protection issues surrounding privacy including online and mobile behavioral advertising. He regularly counsels clients on state and federal telemarketing and "Do Not Call" laws, commercial email restrictions under the CAN-SPAM Act, and restrictions on faxing under the Junk Fax Act. Tim has litigated on behalf of clients on these issues. He has represented clients in rulemakings and other proceedings relating to "Do Not Call", CAN-SPAM, and other issues before both the Federal Trade Commission and the Federal Communications Commission.

Prior to joining Hogan & Hartson, Tim was an associate in a large, international law firm where he focused on privacy and data security law counseling and litigation.

  • Counseled numerous companies on data breaches, including various well-publicized data breaches and has represented companies in litigation and state and federal investigations arising from those breaches.*
  • Represented a media company in a COPPA investigation before the FTC that included negotiation of a consent decree.*
  • Helped multiple companies obtain safe harbor certification or enter into model contracts to facilitate cross-border transfer of personal information from the European Union*
  • Assisted numerous companies with in-depth legal privacy assessments.*

*Matters handled prior to joining our legal practice.

May 2011
Panelist, "Future of Privacy Forum." Atlanta Interactive Media Association Forum

May 2011
Panelist, "Online Privacy in the U.S. and Europe." Thomson Reuters Audio Conference

March 2011
Panelist, 'What to Expect from Washington in Privacy Law 2011." BNA LegalEdge Webinar

January 2011
Panelist, "Privacy and Security of Consumer and Employee Information." American Conference Institute

November 2010
Panelist, "Cloud Computing." ARMA/LIT-CON 10 Conference, San Francisco, CA

October 2010
Moderator, "Online Privacy." Telecommunications Policy Research Conference (TPRC), Arlington, VA

September 2010
Panelist, "The Evolution of FTC Enforcement Actions." IAPP Web Conference

June 2010
Panelist, "Online Behavioral Advertising." DigiDay: Target Conference, New York, NY

June 2010
Panelist, "International Privacy Issues." Federal Communications Bar Association, International Telecommunications and Data Security Committees' Brown Bag Luncheon, Washington, D.C.

April 2010
Moderator, "Social Media and the Workplace." IAPP Global Privacy Summit: Pre-Conference, Washington, D.C.

October 2009
Panelist, "Social Media in Health Care." Strafford Publishing Webinar

September 2009
Presenter, "Privacy and Data Security Law in the Web 2.0 World." BrightTALK Webinar

June 2009
Presenter, "Cross Border E-Discovery, How to Manage the Conflict Between U.S. Procedural and E.U. Data Protection Rules." Hogan & Hartson Webinar

April 2009
Presenter, ABA Privacy and Data Security Briefing

Hogan Lovells Publications
21 May 2014 "EU High Court Grants "Right to Be Forgotten" and Expands Privacy Jurisdiction Over Foreign Companies: What Should Businesses Operating Outside of Europe Do Now?" Privacy Alert, Hogan Lovells

05 May 2014 "Marco Civil da Internet: Brazil's New Internet Law Could Broadly Impact Online Companies’ Privacy and Data Handling Practices." Brazil Client Alert, Hogan Lovells

13 March 2014 "TCPA Alert." TCPA Alert, Hogan Lovells

25 February 2014 "New U.S. Cybersecurity Framework Issued: In Wake of Cyberattacks and Lawsuits, How Should Organizations Respond?" Cybersecurity Alert, Hogan Lovells

24 February 2014 "New U.S. Cybersecurity Framework Issued: In Wake of Cyber Attacks and Lawsuits, How Should Organizations Respond?" Cybersecurity Alert, Hogan Lovells

11 July 2013 "USA: FTC mobile payments report will impact social media-based offerings." Global Media and Communications Quarterly: social media, Hogan Lovells

05 July 2013 "Global Media and Communications Quarterly: Focus on Social Media." GMC Quarterly, Hogan Lovells

25 January 2013 "FFIEC proposes social media compliance guidance; comments due March 25, 2013." Financial Institutions Group Alert, Hogan Lovells

18 October 2011 "Proposed FAR rule would require privacy training for government contractors." Government Contracts and Privacy and Information Management Alert, Hogan Lovells

25 January 2011 "Red Flag Program Clarification Act exempts certain creditors from Red Flag Rules." Privacy Alert, Hogan Lovells

27 August 2009 "Businesses May be Facing Last Chance to Comply with FTC Identity Theft Red Flags Rule: Extension of Compliance Deadline to 11-1-09." Privacy Update, Hogan & Hartson LLP

18 June 2009 "Privacy & Data Security Briefing: Issue 9." Privacy & Data Security Briefing, Hogan & Hartson LLP

Published Works
July 2011 "The Changing Landscape of US Privacy Law Enforcement: The FTC Leads the Way." Privacy Laws & Business

May 2010 "Practice Note, Privacy and Data Security: Breach Notification." Practical Law Company

May 2008 "Consumer Advocates and Government Target Online Behavioural Advertising: Debate Emerges Between Self-Regulation and Rigid Regulatory Controls." World Data Protection Report, BNA International

18 April 2008 "Behavioral Targeted Advertising: Industry Self-Regulation is the Most Sensible Approach." Cybercrime Law Report

12 November 2007 "As Social Networking Soars, Privacy Issues Proliferate." Privacy & Security Law Report, BNA, Inc.

Privacy and Data Protection
Antitrust, Competition and Economic Regulation
Technology, Media and Telecoms
Chronicle of Data Protection
J.D., Magna Cum Laude, George Mason University School of Law, 2001 B.A., Michigan State University, 1991
  • Member, International Association of Privacy Professionals (IAPP)
  • Member, Federal Communications Bar Association
  • Member, American Bar Association
  • Legal 500 US, Technology: Data Protection and Privacy, 2013
BAR ADMISSIONS / QUALIFICATIONS District of Columbia Virginia
COURT ADMISSIONS U.S. District Court, District of Columbia U.S. District Court, Eastern District of Virginia U.S. Court of Appeals, Fourth Circuit