V-CARD
Download vCard


PHONE
+1 202 637 6833

FAX
+1 202 637 5910

Timothy P. Tobin
Partner, Washington, D.C.
Share on Facebook Share on LinkedIn Share on Twitter Bookmark this page Email This Page Print This Page Export to Word
tim.tobin@hoganlovells.com

Tim Tobin concentrates on consumer protection matters with a particular focus on privacy and data security law, including data breach preparedness and response. Tim also counsels businesses on various Internet, e-commerce, and marketing issues.

Tim has extensive experience counseling and representing clients as to their privacy and data security obligations in the financial, automotive, educational, retail, communications, tech, and other sectors. Tim advises clients on a wide array of state and federal privacy laws and regulations, such as those arising under the Gramm-Leach Bliley Act (GLBA); the Fair Credit Reporting Act (FCRA); the Cable Act; the Telecommunications Act of 1996, including the FCC's CPNI rules; the Children's Online Privacy Protection Act (COPPA); Section 5 of the Federal Trade Commission Act; the Electronic Communications Privacy Act (ECPA); and others. Internationally, Tim advises clients on appropriate mechanisms for the legal cross-border transfer of personal information worldwide. As to transfers from the European Union, Tim has helped clients obtain certifications under the Department of Commerce's safe harbor program and select from other alternatives such as model contractual clauses or binding corporate rules. Tim has written and lectured on cross-border data transfer issues in the United States and abroad, including on the unique issues presented by e-discovery of data held abroad in U.S.-based litigation.

Tim regularly counsels clients on data breach incidents, both large and small, in all industry sectors. He has represented clients in multiple data breaches that have affected millions of individuals. Tim has litigated class action lawsuits and has represented clients in investigations before the Federal Trade Commission and state Attorneys General arising from data breaches. Tim also regularly conducts legal privacy and security assessments for clients to determine the scope of a company's legal obligations regarding personally identifiable information under its control and the company's compliance with those obligations, and helps clients develop appropriate policies applicable to both online and offline data, including comprehensive written information security programs.

Tim's practice also encompasses a broad array of marketing, advertising, and consumer protection issues surrounding privacy including online and mobile behavioral advertising. He regularly counsels clients on privacy policies, sweepstakes promotions and contests, deceptive advertising issues including, for example, the appropriate use of endorsements and testimonials, as well as federal telemarketing and text marketing regulations under the Telephone Consumer Protection Act (TCPA), the FTC's Telephone Sales Rule (TSR) and state laws, and commercial email restrictions under the CAN-SPAM Act and restrictions on faxing under the Junk Fax Act. He has represented clients in rulemakings and investigations relating to deceptive advertising and endorsements, TCPA, CAN-SPAM, and related issues before both the Federal Trade Commission and the Federal Communications Commission.

Prior to joining Hogan & Hartson (now Hogan Lovells), Tim was an associate in a large, international law firm where he focused on privacy and data security law counseling and litigation.

REPRESENTATIVE EXPERIENCE
  • Counseled numerous companies on data breaches, including multiple well-publicized data breaches affecting millions of individuals.
  • Represented companies in federal investigations arising from data breaches, advertising, and other consumer protection matters, including a data breach investigation by the FTC that the FTC dropped without action.
  • Helped multiple companies obtain safe harbor certification or enter into model contracts to facilitate cross-border transfer of personal information from the European Union.
  • Assisted numerous companies with in-depth legal privacy assessments.
  • Litigated a putative class action arising from a data breach.*
  • Represented a media company in a COPPA investigation before the FTC that included negotiation of a consent decree.*

*Matters handled prior to joining our legal practice.

RECENT PRESENTATIONS
May 2014
Panelist, "Internet of Things, Federal Communications Bar Association (FCBA)." The Homestead, VA
March 2014
Panelist, "Data Breaches: Time for High Alert, Avoiding and Managing the Legal Risks of Cybersecurity Incidents." Hogan Lovells Webcast

December 2013
Speaker, "Connected Cars, Privacy, and Security: A Path Forward." International Conference on Connected Vehicles and Expo (ICCVE), Las Vegas, NV

November 2013
Discussion Moderator, "VIP Interactive Lunch." Connected Car Expo, Los Angeles Auto Show

November 2013
Speaker, "Privacy and Removing the Fear Attached to Connected Car Ownership." Connected Cars North America, Dallas, TX 

October 2013
Panelist, "Keeping Up With Emerging Standards for Mobile Privacy." IAPP Academy, Belleview, WA

June 2013
Panelist, "Payments, Managing Privacy and Security on a Global Scale." ACI 2nd Advanced Forum on International & Cross-Border Payments, San Francisco, CA

June 2013
Panelist, "Privacy and Cloud Computing." National Association of Colleges and University Attorneys (NACUA) Annual Meeting, Philadelphia, PA

May 2013
Panelist, "Big Data, Big Risk: Emerging Challenges in Data Privacy, Cyber Security & Informational Risk Management in 2013." University Risk Management and Insurance Association (URMIA), Midatlantic Regional Conference, Baltimore, MD
 
April 2013
Panelist, Hogan Lovells Global Payments Development Conference

January 2013
Panelist with FTC Staff: "COPPA Update: A Close Look at the New Amendments." IAPP Web Conference 

June 2012
Panelist, "U.S. Mobile Payments Developments." Hogan Lovells Webinar

March 2012
Panelist, "Pro Bono Privacy Initiative." IAPP Annual Summit, Washington, D.C.

November 2011
Panelist, "Automotive Legal and Compliance Share Forum: Privacy in the Automobile Industry." Los Angeles Auto Show

May 2011
Panelist, "Future of Privacy Forum." Atlanta Interactive Media Association Forum

May 2011
Panelist, "Online Privacy in the U.S. and Europe." Thomson Reuters Audio Conference

March 2011
Panelist, 'What to Expect from Washington in Privacy Law 2011." BNA LegalEdge Webinar

January 2011
Panelist, "Privacy and Security of Consumer and Employee Information." American Conference Institute

November 2010
Panelist, "Cloud Computing." ARMA/LIT-CON 10 Conference, San Francisco, CA

October 2010
Moderator, "Online Privacy." Telecommunications Policy Research Conference (TPRC), Arlington, VA

September 2010
Panelist, "The Evolution of FTC Enforcement Actions." IAPP Web Conference

June 2010
Panelist, "Online Behavioral Advertising." DigiDay: Target Conference, New York, NY

June 2010
Panelist, "International Privacy Issues." Federal Communications Bar Association, International Telecommunications and Data Security Committees' Brown Bag Luncheon, Washington, D.C.

April 2010
Moderator, "Social Media and the Workplace." IAPP Global Privacy Summit: Pre-Conference, Washington, D.C.

October 2009
Panelist, "Social Media in Health Care." Strafford Publishing Webinar

September 2009
Presenter, "Privacy and Data Security Law in the Web 2.0 World." BrightTALK Webinar

June 2009
Presenter, "Cross Border E-Discovery, How to Manage the Conflict Between U.S. Procedural and E.U. Data Protection Rules." Hogan & Hartson Webinar

April 2009
Presenter, ABA Privacy and Data Security Briefing

Hogan Lovells Publications
21 May 2014 "EU High Court Grants "Right to Be Forgotten" and Expands Privacy Jurisdiction Over Foreign Companies: What Should Businesses Operating Outside of Europe Do Now?" Privacy Alert, Hogan Lovells

05 May 2014 "Marco Civil da Internet: Brazil's New Internet Law Could Broadly Impact Online Companies’ Privacy and Data Handling Practices." Brazil Client Alert, Hogan Lovells

13 March 2014 "TCPA Alert." TCPA Alert, Hogan Lovells

25 February 2014 "New U.S. Cybersecurity Framework Issued: In Wake of Cyberattacks and Lawsuits, How Should Organizations Respond?" Cybersecurity Alert, Hogan Lovells

24 February 2014 "New U.S. Cybersecurity Framework Issued: In Wake of Cyber Attacks and Lawsuits, How Should Organizations Respond?" Cybersecurity Alert, Hogan Lovells

11 July 2013 "USA: FTC mobile payments report will impact social media-based offerings." Global Media and Communications Quarterly: social media, Hogan Lovells

05 July 2013 "Global Media and Communications Quarterly: Focus on Social Media." GMC Quarterly, Hogan Lovells

25 January 2013 "FFIEC proposes social media compliance guidance; comments due March 25, 2013." Financial Institutions Group Alert, Hogan Lovells

18 October 2011 "Proposed FAR rule would require privacy training for government contractors." Government Contracts and Privacy and Information Management Alert, Hogan Lovells

25 January 2011 "Red Flag Program Clarification Act exempts certain creditors from Red Flag Rules." Privacy Alert, Hogan Lovells

27 August 2009 "Businesses May be Facing Last Chance to Comply with FTC Identity Theft Red Flags Rule: Extension of Compliance Deadline to 11-1-09." Privacy Update, Hogan & Hartson LLP

18 June 2009 "Privacy & Data Security Briefing: Issue 9." Privacy & Data Security Briefing, Hogan & Hartson LLP

Published Works
2014 "Privacy and Data Security." Financial Institutions Answer Book 2014, Practising Law Institute

July 2011 "The Changing Landscape of US Privacy Law Enforcement: The FTC Leads the Way." Privacy Laws & Business

May 2010 "Practice Note, Privacy and Data Security: Breach Notification." Practical Law Company

May 2008 "Consumer Advocates and Government Target Online Behavioural Advertising: Debate Emerges Between Self-Regulation and Rigid Regulatory Controls." World Data Protection Report, BNA International

18 April 2008 "Behavioral Targeted Advertising: Industry Self-Regulation is the Most Sensible Approach." Cybercrime Law Report

12 November 2007 "As Social Networking Soars, Privacy Issues Proliferate." Privacy & Security Law Report, BNA, Inc.

PRACTICES
Antitrust, Competition and Economic Regulation
Technology, Media and Telecoms
Privacy and Information Management
AREAS OF FOCUS
  • Unmanned Aircraft Systems
  • BLOGS
    Chronicle of Data Protection
    EDUCATION
    J.D., Magna Cum Laude, George Mason University School of Law, 2001 B.A., Michigan State University, 1991
    MEMBERSHIPS
    • Member, International Association of Privacy Professionals (IAPP)
    • Member, Federal Communications Bar Association
    • Member, American Bar Association
    AWARDS / RANKINGS
    • Legal 500 U.S., Technology: Data Protection and Privacy, 2013-2014
    BAR ADMISSIONS / QUALIFICATIONS District of Columbia Virginia
    COURT ADMISSIONS U.S. District Court, District of Columbia U.S. District Court, Eastern District of Virginia U.S. Court of Appeals, Fourth Circuit