+1 202 637 6833
+1 202 637 5910
Partner, Washington, D.C.
Tim Tobin concentrates on consumer protection matters with a particular focus on privacy and data security law, including data breach preparedness and response. Tim also counsels businesses on various Internet, e-commerce, and marketing issues.
Tim has extensive experience counseling and representing clients as to their privacy and data security obligations in the financial, automotive, educational, retail, communications, tech, and other sectors. Tim advises clients on a wide array of state and federal privacy laws and regulations, such as those arising under the Gramm-Leach Bliley Act (GLBA); the Fair Credit Reporting Act (FCRA); the Cable Act; the Telecommunications Act of 1996, including the FCC's CPNI rules; the Children's Online Privacy Protection Act (COPPA); Section 5 of the Federal Trade Commission Act; the Electronic Communications Privacy Act (ECPA); and others. Internationally, Tim advises clients on appropriate mechanisms for the legal cross-border transfer of personal information worldwide. As to transfers from the European Union, Tim has helped clients obtain certifications under the Department of Commerce's safe harbor program and select from other alternatives such as model contractual clauses or binding corporate rules. Tim has written and lectured on cross-border data transfer issues in the United States and abroad, including on the unique issues presented by e-discovery of data held abroad in U.S.-based litigation.
Tim regularly counsels clients on data breach incidents, both large and small, in all industry sectors. He has represented clients in multiple data breaches that have affected millions of individuals. Tim has litigated class action lawsuits and has represented clients in investigations before the Federal Trade Commission and state Attorneys General arising from data breaches. Tim also regularly conducts legal privacy and security assessments for clients to determine the scope of a company's legal obligations regarding personally identifiable information under its control and the company's compliance with those obligations, and helps clients develop appropriate policies applicable to both online and offline data, including comprehensive written information security programs.
Tim's practice also encompasses a broad array of marketing, advertising, and consumer protection issues surrounding privacy including online and mobile behavioral advertising. He regularly counsels clients on privacy policies, sweepstakes promotions and contests, deceptive advertising issues including, for example, the appropriate use of endorsements and testimonials, as well as federal telemarketing and text marketing regulations under the Telephone Consumer Protection Act (TCPA), the FTC's Telephone Sales Rule (TSR) and state laws, and commercial email restrictions under the CAN-SPAM Act and restrictions on faxing under the Junk Fax Act. He has represented clients in rulemakings and investigations relating to deceptive advertising and endorsements, TCPA, CAN-SPAM, and related issues before both the Federal Trade Commission and the Federal Communications Commission.
Prior to joining Hogan & Hartson (now Hogan Lovells), Tim was an associate in a large, international law firm where he focused on privacy and data security law counseling and litigation.
- Counseled numerous companies on data breaches, including multiple well-publicized data breaches affecting millions of individuals.
- Represented companies in federal investigations arising from data breaches, advertising, and other consumer protection matters, including a data breach investigation by the FTC that the FTC dropped without action.
- Helped multiple companies obtain safe harbor certification or enter into model contracts to facilitate cross-border transfer of personal information from the European Union.
- Assisted numerous companies with in-depth legal privacy assessments.
- Litigated a putative class action arising from a data breach.*
- Represented a media company in a COPPA investigation before the FTC that included negotiation of a consent decree.*
*Matters handled prior to joining our legal practice.
Panelist, "Internet of Things, Federal Communications Bar Association (FCBA)." The Homestead, VA
Panelist, "Data Breaches: Time for High Alert, Avoiding and Managing the Legal Risks of Cybersecurity Incidents." Hogan Lovells Webcast
Speaker, "Connected Cars, Privacy, and Security: A Path Forward." International Conference on Connected Vehicles and Expo (ICCVE), Las Vegas, NV
Discussion Moderator, "VIP Interactive Lunch." Connected Car Expo, Los Angeles Auto Show
Speaker, "Privacy and Removing the Fear Attached to Connected Car Ownership." Connected Cars North America, Dallas, TX
Panelist, "Keeping Up With Emerging Standards for Mobile Privacy." IAPP Academy, Belleview, WA
Panelist, "Payments, Managing Privacy and Security on a Global Scale." ACI 2nd Advanced Forum on International & Cross-Border Payments, San Francisco, CA
Panelist, "Privacy and Cloud Computing." National Association of Colleges and University Attorneys (NACUA) Annual Meeting, Philadelphia, PA
Panelist, "Big Data, Big Risk: Emerging Challenges in Data Privacy, Cyber Security & Informational Risk Management in 2013." University Risk Management and Insurance Association (URMIA), Midatlantic Regional Conference, Baltimore, MD
Panelist, Hogan Lovells Global Payments Development Conference
Panelist with FTC Staff: "COPPA Update: A Close Look at the New Amendments." IAPP Web Conference
Panelist, "U.S. Mobile Payments Developments." Hogan Lovells Webinar
Panelist, "Pro Bono Privacy Initiative." IAPP Annual Summit, Washington, D.C.
Panelist, "Automotive Legal and Compliance Share Forum: Privacy in the Automobile Industry." Los Angeles Auto Show
Panelist, "Future of Privacy Forum." Atlanta Interactive Media Association Forum
Panelist, "Online Privacy in the U.S. and Europe." Thomson Reuters Audio Conference
Panelist, 'What to Expect from Washington in Privacy Law 2011." BNA LegalEdge Webinar
Panelist, "Privacy and Security of Consumer and Employee Information." American Conference Institute
Panelist, "Cloud Computing." ARMA/LIT-CON 10 Conference, San Francisco, CA
Moderator, "Online Privacy." Telecommunications Policy Research Conference (TPRC), Arlington, VA
Panelist, "The Evolution of FTC Enforcement Actions." IAPP Web Conference
Panelist, "Online Behavioral Advertising." DigiDay: Target Conference, New York, NY
Panelist, "International Privacy Issues." Federal Communications Bar Association, International Telecommunications and Data Security Committees' Brown Bag Luncheon, Washington, D.C.
Moderator, "Social Media and the Workplace." IAPP Global Privacy Summit: Pre-Conference, Washington, D.C.
Panelist, "Social Media in Health Care." Strafford Publishing Webinar
Presenter, "Privacy and Data Security Law in the Web 2.0 World." BrightTALK Webinar
Presenter, "Cross Border E-Discovery, How to Manage the Conflict Between U.S. Procedural and E.U. Data Protection Rules." Hogan & Hartson Webinar
Presenter, ABA Privacy and Data Security Briefing
Hogan Lovells Publications
21 May 2014
"EU High Court Grants "Right to Be Forgotten" and Expands Privacy Jurisdiction Over Foreign Companies: What Should Businesses Operating Outside of Europe Do Now?" Privacy Alert, Hogan Lovells
05 May 2014
"Marco Civil da Internet: Brazil's New Internet Law Could Broadly Impact Online Companies’ Privacy and Data Handling Practices." Brazil Client Alert, Hogan Lovells
13 March 2014
"TCPA Alert." TCPA Alert, Hogan Lovells
25 February 2014
"New U.S. Cybersecurity Framework Issued: In Wake of Cyberattacks and Lawsuits, How Should Organizations Respond?" Cybersecurity Alert, Hogan Lovells
11 July 2013
"USA: FTC mobile payments report will impact social media-based offerings." Global Media and Communications Quarterly: social media, Hogan Lovells
05 July 2013
"Global Media and Communications Quarterly: Focus on Social Media." GMC Quarterly, Hogan Lovells
25 January 2013
"FFIEC proposes social media compliance guidance; comments due March 25, 2013." Financial Institutions Group Alert, Hogan Lovells
18 October 2011
"Proposed FAR rule would require privacy training for government contractors." Government Contracts and Privacy and Information Management Alert, Hogan Lovells
25 January 2011
"Red Flag Program Clarification Act exempts certain creditors from Red Flag Rules." Privacy Alert, Hogan Lovells
27 August 2009
"Businesses May be Facing Last Chance to Comply with FTC Identity Theft Red Flags Rule: Extension of Compliance Deadline to 11-1-09." Privacy Update, Hogan & Hartson LLP
18 June 2009
"Privacy & Data Security Briefing: Issue 9." Privacy & Data Security Briefing, Hogan & Hartson LLP
"Privacy and Data Security." Financial Institutions Answer Book 2014, Practising Law Institute
"The Changing Landscape of US Privacy Law Enforcement: The FTC Leads the Way." Privacy Laws & Business
"Practice Note, Privacy and Data Security: Breach Notification." Practical Law Company
"Consumer Advocates and Government Target Online Behavioural Advertising: Debate Emerges Between Self-Regulation and Rigid Regulatory Controls." World Data Protection Report, BNA International
18 April 2008
"Behavioral Targeted Advertising: Industry Self-Regulation is the Most Sensible Approach." Cybercrime Law Report
12 November 2007
"As Social Networking Soars, Privacy Issues Proliferate." Privacy & Security Law Report, BNA, Inc.