+1 202 637 6833
+1 202 637 5910
Partner, Washington, D.C.
Tim Tobin concentrates on consumer protection matters with a particular focus on privacy and data security law. Tim also counsels businesses on various Internet and e-commerce issues.
Tim has extensive experience counseling and representing clients from all industry sectors for their privacy and data security obligations. Tim advises clients on a wide array of state and federal privacy laws and regulations, such as those arising under the Gramm-Leach Bliley Act (GLBA); the Fair Credit Reporting Act (FCRA), including amendments to FCRA under the Fair and Accurate Credit Transactions Act (FACTA) that require Red Flags programs to detect identity theft, address affiliate marketing, and address disposal of certain records; the Cable Act; the Telecommunications Act of 1996, including the FCC's CPNI rules; the Children's Online Privacy Protection Act (COPPA); Section 5 of the Federal Trade Commission Act; the Electronic Communications Privacy Act (ECPA); and others. Internationally, Tim advises clients on appropriate mechanisms for the legal cross-border transfer of personal information world-wide. As to transfers from the European Union, Tim has helped clients obtain certifications under the Department of Commerce's safe harbor program and to select from other alternatives such as model contractual clauses or binding corporate rules. Tim has written and lectured on cross-border data transfer issues in the United States and abroad, including on the unique issues presented by e-discovery of data held abroad in U.S.-based litigation.
Tim also regularly counsels clients on data breach incidents, both large and small. He has represented clients in multiple data breaches that have affected millions of individuals. Tim has litigated class action lawsuits and has represented clients in investigations before the Federal Trade Commission and state Attorneys General arising from data breaches. Tim regularly conducts legal privacy assessments for clients to determine the scope of a company's legal obligations regarding personally identifiable information under its control and the company's compliance with those obligations, and helps clients develop appropriate policies applicable to both online and offline data, including comprehensive written information security programs.
Tim's practice also encompasses a broad array of marketing and consumer protection issues surrounding privacy including online and mobile behavioral advertising. He regularly counsels clients on state and federal telemarketing and "Do Not Call" laws, commercial email restrictions under the CAN-SPAM Act, and restrictions on faxing under the Junk Fax Act. Tim has litigated on behalf of clients on these issues. He has represented clients in rulemakings and other proceedings relating to "Do Not Call", CAN-SPAM, and other issues before both the Federal Trade Commission and the Federal Communications Commission.
Prior to joining Hogan & Hartson, Tim was an associate in a large, international law firm where he focused on privacy and data security law counseling and litigation.
- Counseled numerous companies on data breaches, including various well-publicized data breaches and has represented companies in litigation and state and federal investigations arising from those breaches.*
- Represented a media company in a COPPA investigation before the FTC that included negotiation of a consent decree.*
- Helped multiple companies obtain safe harbor certification or enter into model contracts to facilitate cross-border transfer of personal information from the European Union*
- Assisted numerous companies with in-depth legal privacy assessments.*
*Matters handled prior to joining our legal practice.
Panelist, "Future of Privacy Forum." Atlanta Interactive Media Association Forum
Panelist, "Online Privacy in the U.S. and Europe." Thomson Reuters Audio Conference
Panelist, 'What to Expect from Washington in Privacy Law 2011." BNA LegalEdge Webinar
Panelist, "Privacy and Security of Consumer and Employee Information." American Conference Institute
Panelist, "Cloud Computing." ARMA/LIT-CON 10 Conference, San Francisco, CA
Moderator, "Online Privacy." Telecommunications Policy Research Conference (TPRC), Arlington, VA
Panelist, "The Evolution of FTC Enforcement Actions." IAPP Web Conference
Panelist, "Online Behavioral Advertising." DigiDay: Target Conference, New York, NY
Panelist, "International Privacy Issues." Federal Communications Bar Association, International Telecommunications and Data Security Committees' Brown Bag Luncheon, Washington, D.C.
Moderator, "Social Media and the Workplace." IAPP Global Privacy Summit: Pre-Conference, Washington, D.C.
Panelist, "Social Media in Health Care." Strafford Publishing Webinar
Presenter, "Privacy and Data Security Law in the Web 2.0 World." BrightTALK Webinar
Presenter, "Cross Border E-Discovery, How to Manage the Conflict Between U.S. Procedural and E.U. Data Protection Rules." Hogan & Hartson Webinar
Presenter, ABA Privacy and Data Security Briefing
Hogan Lovells Publications
25 January 2013
"FFIEC proposes social media compliance guidance; comments due March 25, 2013." Financial Institutions Group Alert, Hogan Lovells
18 October 2011
"Proposed FAR rule would require privacy training for government contractors." Government Contracts and Privacy and Information Management Alert, Hogan Lovells
25 January 2011
"Red Flag Program Clarification Act exempts certain creditors from Red Flag Rules." Privacy Alert, Hogan Lovells
27 August 2009
"Businesses May be Facing Last Chance to Comply with FTC Identity Theft Red Flags Rule: Extension of Compliance Deadline to 11-1-09." Privacy Update, Hogan & Hartson LLP
18 June 2009
"Privacy & Data Security Briefing: Issue 9." Privacy & Data Security Briefing, Hogan & Hartson LLP
"The Changing Landscape of US Privacy Law Enforcement: The FTC Leads the Way." Privacy Laws & Business
"Practice Note, Privacy and Data Security: Breach Notification." Practical Law Company
"Consumer Advocates and Government Target Online Behavioural Advertising: Debate Emerges Between Self-Regulation and Rigid Regulatory Controls." World Data Protection Report, BNA International
18 April 2008
"Behavioral Targeted Advertising: Industry Self-Regulation is the Most Sensible Approach." Cybercrime Law Report
12 November 2007
"As Social Networking Soars, Privacy Issues Proliferate." Privacy & Security Law Report, BNA, Inc.