Download vCard

+1 202 637 6833

+1 202 637 5910

Timothy P. Tobin
Partner, Washington, D.C.
Share on Facebook Share on LinkedIn Share on Twitter Bookmark this page Email This Page Print This Page Export to Word

Tim Tobin concentrates on consumer protection matters with a particular focus on privacy and data security law, including data breach preparedness and response. Tim also counsels businesses on various Internet, e-commerce, and marketing issues.

Tim has extensive experience counseling and representing clients as to their privacy and data security obligations in the financial, automotive, educational, retail, communications, tech, and other sectors. Tim advises clients on a wide array of state and federal privacy laws and regulations, such as those arising under the Gramm-Leach Bliley Act (GLBA); the Fair Credit Reporting Act (FCRA); the Cable Act; the Telecommunications Act of 1996, including the FCC's CPNI rules; the Children's Online Privacy Protection Act (COPPA); Section 5 of the Federal Trade Commission Act; the Electronic Communications Privacy Act (ECPA); and others. Internationally, Tim advises clients on appropriate mechanisms for the legal cross-border transfer of personal information worldwide. As to transfers from the European Union, Tim has helped clients obtain certifications under the Department of Commerce's safe harbor program and select from other alternatives such as model contractual clauses or binding corporate rules. Tim has written and lectured on cross-border data transfer issues in the United States and abroad, including on the unique issues presented by e-discovery of data held abroad in U.S.-based litigation.

Tim regularly counsels clients on data breach incidents, both large and small, in all industry sectors. He has represented clients in multiple data breaches that have affected millions of individuals. Tim has litigated class action lawsuits and has represented clients in investigations before the Federal Trade Commission and state Attorneys General arising from data breaches. Tim also regularly conducts legal privacy and security assessments for clients to determine the scope of a company's legal obligations regarding personally identifiable information under its control and the company's compliance with those obligations, and helps clients develop appropriate policies applicable to both online and offline data, including comprehensive written information security programs.

Tim's practice also encompasses a broad array of marketing, advertising, and consumer protection issues surrounding privacy including online and mobile behavioral advertising. He regularly counsels clients on privacy policies, sweepstakes promotions and contests, deceptive advertising issues including, for example, the appropriate use of endorsements and testimonials, as well as federal telemarketing and text marketing regulations under the Telephone Consumer Protection Act (TCPA), the FTC's Telephone Sales Rule (TSR) and state laws, and commercial email restrictions under the CAN-SPAM Act and restrictions on faxing under the Junk Fax Act. He has represented clients in rulemakings and investigations relating to deceptive advertising and endorsements, TCPA, CAN-SPAM, and related issues before both the Federal Trade Commission and the Federal Communications Commission.

Prior to joining Hogan & Hartson (now Hogan Lovells), Tim was an associate in a large, international law firm where he focused on privacy and data security law counseling and litigation.

  • Counseled numerous companies on data breaches, including multiple well-publicized data breaches affecting millions of individuals.
  • Represented companies in federal investigations arising from data breaches, advertising, and other consumer protection matters, including a data breach investigation by the FTC that the FTC dropped without action.
  • Helped multiple companies obtain safe harbor certification or enter into model contracts to facilitate cross-border transfer of personal information from the European Union.
  • Assisted numerous companies with in-depth legal privacy assessments.
  • Litigated a putative class action arising from a data breach.*
  • Represented a media company in a COPPA investigation before the FTC that included negotiation of a consent decree.*

*Matters handled prior to joining our legal practice.

October 2015
Panelist, "Understanding the FTC: Lessons from FTC Investigations and Other Experiences, Privacy + Security Forum." Washington, D.C.

October 2015
Panelist, "The Automobile Industry's Lead in Self-Regulation." Internet of Things Global Summit, Washington, D.C.

September 2015
Discussion Moderator, "Privacy Law Salon: Policymaker Roundtable." Washington, D.C.

June 2015
Panelist, "Data Privacy and Security – Global Concerns, A Look at the United States, European Union, and China." National Association of College and University Attorneys (NACUA) Annual Conference, Washington, D.C.

June 2015
Panelist, "How the Automobile Industry Took the Lead in Industry Self-Regulation." TRUSTe Internet of Things Privacy Summit, Menlo Park, CA

May 2015
Panelist, "Internet Communications for Employers, Employees and Students - Social Media, Text Messaging, and “Bring Your Own Device” Policies." IAPP/FCBA Florida Privacy and Cybrsecurity Law Symposium, Jacksonville, FL

April 2015
Panelist, "UAS Privacy." Hogan Lovells UAS Workshop, Menlo Park, CA

March 2015
Panelist, "UAS Privacy, Data Protection, and Property Rights Issues." Lawline CLE Program, New York

March 2015
Moderator, "Driving Privacy Forward (The Automobile Industry's Privacy Principles)." IAPP Global Privacy Summit, Washington, D.C.

February 2015
Panelist, "UAS Privacy, Security, and Property Rights." Association of Unmanned Aircraft Systems in the U.S. and Around the World (AUVSI) UAS Workshop,  Washington, D.C.

May 2014
Panelist, "Internet of Things, Federal Communications Bar Association (FCBA)." The Homestead, VA

March 2014
Panelist, "Data Breaches: Time for High Alert, Avoiding and Managing the Legal Risks of Cybersecurity Incidents." Hogan Lovells Webcast

December 2013
Speaker, "Connected Cars, Privacy, and Security: A Path Forward." International Conference on Connected Vehicles and Expo (ICCVE), Las Vegas, NV

November 2013
Discussion Moderator, "VIP Interactive Lunch." Connected Car Expo, Los Angeles Auto Show

November 2013
Speaker, "Privacy and Removing the Fear Attached to Connected Car Ownership." Connected Cars North America, Dallas, TX

October 2013
Panelist, "Keeping Up With Emerging Standards for Mobile Privacy." IAPP Academy, Belleview, WA

June 2013
Panelist, "Payments, Managing Privacy and Security on a Global Scale." ACI 2nd Advanced Forum on International & Cross-Border Payments, San Francisco, CA

June 2013
Panelist, "Privacy and Cloud Computing." National Association of Colleges and University Attorneys (NACUA) Annual Meeting, Philadelphia, PA

May 2013
Panelist, "Big Data, Big Risk: Emerging Challenges in Data Privacy, Cyber Security & Informational Risk Management in 2013." University Risk Management and Insurance Association (URMIA), Midatlantic Regional Conference, Baltimore, MD

April 2013
Panelist, Hogan Lovells Global Payments Development Conference

January 2013
Panelist with FTC Staff: "COPPA Update: A Close Look at the New Amendments." IAPP Web Conference

June 2012
Panelist, "U.S. Mobile Payments Developments." Hogan Lovells Webinar

March 2012
Panelist, "Pro Bono Privacy Initiative." IAPP Annual Summit, Washington, D.C.

November 2011
Panelist, "Automotive Legal and Compliance Share Forum: Privacy in the Automobile Industry." Los Angeles Auto Show

May 2011
Panelist, "Future of Privacy Forum." Atlanta Interactive Media Association Forum

May 2011
Panelist, "Online Privacy in the U.S. and Europe." Thomson Reuters Audio Conference

March 2011
Panelist, 'What to Expect from Washington in Privacy Law 2011." BNA LegalEdge Webinar

January 2011
Panelist, "Privacy and Security of Consumer and Employee Information." American Conference Institute

November 2010
Panelist, "Cloud Computing." ARMA/LIT-CON 10 Conference, San Francisco, CA

October 2010
Moderator, "Online Privacy." Telecommunications Policy Research Conference (TPRC), Arlington, VA

September 2010
Panelist, "The Evolution of FTC Enforcement Actions." IAPP Web Conference

June 2010
Panelist, "Online Behavioral Advertising." DigiDay: Target Conference, New York, NY

June 2010
Panelist, "International Privacy Issues." Federal Communications Bar Association, International Telecommunications and Data Security Committees' Brown Bag Luncheon, Washington, D.C.

April 2010
Moderator, "Social Media and the Workplace." IAPP Global Privacy Summit: Pre-Conference, Washington, D.C.

October 2009
Panelist, "Social Media in Health Care." Strafford Publishing Webinar

September 2009
Presenter, "Privacy and Data Security Law in the Web 2.0 World." BrightTALK Webinar

June 2009
Presenter, "Cross Border E-Discovery, How to Manage the Conflict Between U.S. Procedural and E.U. Data Protection Rules." Hogan & Hartson Webinar

April 2009
Presenter, ABA Privacy and Data Security Briefing

Hogan Lovells Publications
18 November 2015 "New York Department of Financial Services Previews Rigorous Cybersecurity Rules for Financial Sector." Cybersecurity Alert, Hogan Lovells

29 July 2015 "Vehicle Cybersecurity and Privacy Legislation Introduced." Cybersecurity and Privacy Alert, Hogan Lovells

17 July 2015 "An Important Step Forward in the UAS Privacy Debate: NTIA Announces First Stakeholder Meeting." Hogan Lovells UAS Systems Client Alert, Hogan Lovells

06 March 2015 "NTIA Launches Multistakeholder Process to Develop Privacy Best Practices for Commercial and Private Unmanned Aircraft Systems." Unmanned Aircraft Systems Alert and Privacy Alert, Hogan Lovells

18 February 2015 "White House Releases Memorandum on Safeguarding Privacy, Civil Rights, and Civil Liberties in the Domestic Use of Unmanned Aircraft Systems." Unmanned Aircraft Systems and Privacy Alert, Hogan Lovells

23 December 2014 "Legislative Proposal on Privacy and Commercial Use of Unmanned Aircraft Systems Provides Potential Roadmap for Regulation."

21 May 2014 "EU High Court Grants "Right to Be Forgotten" and Expands Privacy Jurisdiction Over Foreign Companies: What Should Businesses Operating Outside of Europe Do Now?" Privacy Alert, Hogan Lovells

05 May 2014 "Marco Civil da Internet: Brazil's New Internet Law Could Broadly Impact Online Companies’ Privacy and Data Handling Practices." Brazil Client Alert, Hogan Lovells

13 March 2014 "TCPA Alert." TCPA Alert, Hogan Lovells

25 February 2014 "New U.S. Cybersecurity Framework Issued: In Wake of Cyberattacks and Lawsuits, How Should Organizations Respond?" Cybersecurity Alert, Hogan Lovells

11 July 2013 "USA: FTC mobile payments report will impact social media-based offerings." Global Media and Communications Quarterly: social media, Hogan Lovells

05 July 2013 "Global Media and Communications Quarterly: Focus on Social Media." GMC Quarterly, Hogan Lovells

25 January 2013 "FFIEC proposes social media compliance guidance; comments due March 25, 2013." Financial Institutions Group Alert, Hogan Lovells

18 October 2011 "Proposed FAR rule would require privacy training for government contractors." Government Contracts and Privacy and Information Management Alert, Hogan Lovells

25 January 2011 "Red Flag Program Clarification Act exempts certain creditors from Red Flag Rules." Privacy Alert, Hogan Lovells

27 August 2009 "Businesses May be Facing Last Chance to Comply with FTC Identity Theft Red Flags Rule: Extension of Compliance Deadline to 11-1-09." Privacy Update, Hogan & Hartson LLP

18 June 2009 "Privacy & Data Security Briefing: Issue 9." Privacy & Data Security Briefing, Hogan & Hartson LLP

Published Works
01 February 2015 "Breach Notification." Practical Law Intellectual Property and Technology, Thomson Reuters

2015 "Privacy and Data Security." Financial Institutions Answer Book 2015, Practising Law Institute

2014 "Privacy and Data Security." Financial Institutions Answer Book 2014, Practising Law Institute

July 2011 "The Changing Landscape of US Privacy Law Enforcement: The FTC Leads the Way." Privacy Laws & Business

May 2010 "Practice Note, Privacy and Data Security: Breach Notification." Practical Law Company

May 2008 "Consumer Advocates and Government Target Online Behavioural Advertising: Debate Emerges Between Self-Regulation and Rigid Regulatory Controls." World Data Protection Report, BNA International

18 April 2008 "Behavioral Targeted Advertising: Industry Self-Regulation is the Most Sensible Approach." Cybercrime Law Report

12 November 2007 "As Social Networking Soars, Privacy Issues Proliferate." Privacy & Security Law Report, BNA, Inc.

Antitrust, Competition and Economic Regulation
Technology, Media and Telecoms
Privacy and Cybersecurity
  • Unmanned Aircraft Systems
  • Automotive
  • Education
  • Financial Institutions
Chronicle of Data Protection
J.D., Magna Cum Laude, George Mason University School of Law, 2001 B.A., Michigan State University, 1991
  • Member, International Association of Privacy Professionals (IAPP)
  • Member, Federal Communications Bar Association
  • Member, American Bar Association
  • Legal 500 U.S., Technology: Data Protection and Privacy, 2013-2014
BAR ADMISSIONS / QUALIFICATIONS District of Columbia Virginia
COURT ADMISSIONS U.S. District Court, District of Columbia U.S. District Court, Eastern District of Virginia U.S. Court of Appeals, Fourth Circuit