Elizabeth E. McGinn
Partner
Biography
Elizabeth McGinn, a Partner at Buckley LLP, focuses her practice on assisting clients in identifying, evaluating, and managing the risks associated with cybersecurity, internal privacy, and information security practices, as well as those of third-party vendors. Ms. McGinn advises clients on the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act (FCRA), the General Data Protection Regulation (GDPR), the Telephone Consumer Protection Act (TCPA), the Telemarketing Sales Rule (TSR), the Health Insurance Portability and Accountability Act (HIPAA), security breach notification laws, and other U.S. state and federal privacy and data security requirements. In conjunction with this work, she develops policies and procedures, records retention schedules, and training materials. A significant part of her practice involves addressing data security breaches, working proactively with clients to prevent such breaches from occurring, and advising clients in responding to regulatory inquiries, investigations, and enforcement actions related to privacy, information security, and cybersecurity issues. She also assists numerous professional sports teams comply with data privacy concerns, consumer financing laws, and payment system issues.
Ms. McGinn also represents financial institutions, corporations, and individuals in a wide range of matters. She advises clients in investigations, examinations, and litigation initiated by the Consumer Financial Protection Bureau (CFPB), the New York Department of Financial Services (NYDFS), the Department of Justice (DOJ), the Federal Trade Commission (FTC), state attorneys general, and bank regulatory agencies. She has represented financial institutions in class action litigation concerning federal and state fair lending laws, mortgage fraud, unfair and deceptive trade practices statutes, consumer fraud statutes, and consumer privacy laws. As Co-chair of the firm's eDiscovery Committee, Ms. McGinn has extensive experience counseling clients in response to federal and state subpoenas, and handling all aspects of eDiscovery.
Over the course of her career, Ms. McGinn has represented clients in matters involving simultaneous criminal, civil administrative, and congressional proceedings. She has defended clients in matters relating to money laundering compliance issues and investigations and litigation by the U.S. Attorney’s Office for the Southern District of New York (SDNY), the Manhattan District Attorney’s Office, the Department of Treasury, the Securities and Exchange Commission (SEC), and various congressional committees, including the U.S. Committee on Homeland Security and Government Affairs Permanent Subcommittee on Investigations, the U.S. House Financial Services Committee and the U.S. House Committee on Oversight and Government Reform.
Representative work includes:
- Assisting clients in addressing data security incidents including interactions with federal and state agencies, oversight of forensic investigations, consumer notifications, and remedial steps following incidents
- Advising clients on proactive cybersecurity readiness, including developing policies and procedures, and counseling clients on data collection and sharing issues
- Advising clients in responding to regulatory inquiries, investigations, and enforcement actions related to privacy, information security, and cybersecurity issues
- Advising fintech companies and financial services institutions regarding the application of privacy and security safeguards to new technologies
- Representing and advising a variety of clients, including banks, student lenders, mortgage servicers, and other financial services companies, during regulatory investigations and enforcement matters by state and federal agencies, including the CFPB, FTC, DOJ, NYDFS, and state attorneys general
- Represented two major lenders in a suit brought by the DOJ alleging violations of the Servicemembers Civil Relief Act (SCRA); multiple cases were settled collectively, without admission of fault, for a negotiated settlement
- Negotiated a settlement with the Nevada Attorney General on behalf of a mortgage company accused of violating the Nevada Deceptive Trade Practices Act
- Represented a major financial institution in a Federal Reserve Board (FRB) investigation alleging unfair and deceptive mortgage origination practices
- Represented a financial institution in a nationwide borrower class action alleging discrimination on the part of the bank’s mortgage lending practices in violation of the Fair Housing Act (FHA) and the Equal Credit Opportunity Act (ECOA)
Ms. McGinn has published and spoken on a variety of topics, including privacy, electronic discovery, vendor management, and consumer financial services litigation, and authored the chapter on “Oversight of Compliance and Control Responsibilities” for Navigating the Digital Age – The Definitive Cybersecurity Guide for Directors and Officers. She has been recognized with the firm's Cyber Law (Data Protection and Privacy) practice group in Legal 500 (2013-2019), which describes her as an attorney who "'exceeds expectations on response and turnaround times,' has 'strong industry knowledge in data security and privacy,' and is 'able to walk the fine line between operational efficiency and regulatory compliance' when developing IT policies.'"
Ms. McGinn received her J.D. from The American University, Washington College of Law in 2000 (cum laude) and received the Mooers Trial Practice Award. She was the Senior Articles Editor for the International Law Review and a Marshall-Brennan Fellow. Ms. McGinn received a B.S. from St. Lawrence University. Following law school, she clerked for Federal Magistrate Judge P. Trevor Sharp of the United States District Court for the Middle District of North Carolina.
In The News
The Legal 500 2019 recognizes 17 Buckley attorneys in five practice areas
The Legal 500 once again ranked Buckley as a top law firm and recognized it in five categories:
- Corporate Investigations and White Collar Criminal Defense: Corporate – Tier 4
- Corporate Investigations and White Collar Criminal Defense: Individuals – Tier 2 ...
The Legal 500 2018 recognizes five practice areas and 17 attorneys at Buckley Sandler
Buckley Sandler LLP again has been noted as one of the nation’s top law firms by The Legal 500 in its 2018 rankings, with recognition in five practice areas:
- Financial Services: Litigation
- Financial Services: Regulation
- Corporate ...
Elizabeth E. McGinn Quoted in Bloomberg BNA Article, “FTC Blogs Help Define Reasonable Data Security, Attorneys Say”
Elizabeth E. McGinn was quoted on August 25, 2017 in Bloomberg BNA article, “FTC Blogs Help Define Reasonable Data Security, Attorneys Say,” which discussed the new FTC weekly data security blog and the information it can provide to create best practices for companies. The article stated, “The FTC...
In The NewsElizabeth E. McGinn Quoted in Bloomberg BNA Article, “Trump’s Possible FTC Pick Likely to Uphold Data Security Agenda”
Elizabeth E. McGinn was quoted on August 14, 2017 in a Bloomberg BNA article, “Trump’s Possible FTC Pick Likely to Uphold Data Security Agenda,” which said President Trump is poised to bypass Federal Trade Commission Acting Chairman Maureen K. Ohlhausen and tap antitrust attorney Joseph Simons to...
In The NewsThe Legal 500 2017 Recognizes Four Practice Areas and 20 Attorneys at Buckley Sandler
Buckley Sandler has again been cited as one of the nation’s top law firms by The Legal 500 in its 2017 rankings, with the recognition of four practice areas:
- Financial Services: Litigation
- Financial Services: Regulatory
- Cyber Law (Data Protection and ...
Elizabeth E. McGinn Quoted in MLex Article, "FTC Likely to Demand Evidence of Harm, Rely Less on 'Unfairness' Claims Under GOP Leadership"
Elizabeth E. McGinn was quoted on January 27, 2017 in a MLex article regarding the FTC’s plan to “demand evidence that there has been a concrete harm to consumers before it brings privacy and data security enforcement actions.” The article also noted, “The end result is that the FTC will focus more...
In The NewsElizabeth McGinn Quoted in Law360 Article, "NY Cybersecurity Rules Could Push Other Regulators"
Elizabeth McGinn was quoted in Law360 on September 13, 2016, regarding the impact of New York’s newly proposed cybersecurity rules, pertaining to financial institutions and their protection against data breaches. Law360 reported that these first-of-their-kind rules “would require banks, insurers,...
In The NewsElizabeth McGinn Quoted in Legaltech News Article, "Lessons Companies Can Learn from the FTC's LabMD Decision on Data Security"
Elizabeth McGinn was quoted in Ed Silverstein's Legaltech News article, "Lessons Companies Can Learn from the FTC's LabMD Decision on Data Security," on August 5, 2016. There is a good chance that the Federal Trade Commission's recent reversal of a decision by an administrative law judge on LabMD's...
In The NewsLegal 500 Recognizes Four Practice Areas and 14 Attorneys at Buckley Sandler in 2016 Rankings
Buckley Sandler LLP has again been noted as one of the nation’s top law firms, with recognition of four practice areas by The Legal 500 in its 2016 rankings: Financial Services: Litigation Financial Services: Regulatory Technology: Data Protection and Privacy White-Collar Criminal Defense In...
In The NewsLegal 500 Recognizes Four Practice Areas and 11 Attorneys at Buckley Sandler LLP
Buckley Sandler LLP is pleased to announce that The Legal 500 United States 2015 has recognized the firm and its attorneys in four practice areas. The firm has been recognized in the following practice areas: • Finance - Financial Services: Litigation • Finance - Financial Services: Regulatory •...
Press Releases
Articles & Special Alerts
"Wearables present new realm of legal risks for teams" by Elizabeth E. McGinn, Jonathan D. Jerison, and John B. Williams, III (Sports Business Journal)
Reaching peak athletic performance is an increasingly scientific and quantitative pursuit, and professional sports franchises, which have tremendous financial and emotional motivation to be the best, are at the forefront in gathering as much data about their assets as possible. FitBits, Apple...
Articles"3 key areas where the NYDFS ups the ante on cybersecurity" by Elizabeth E. McGinn and David Rivera (Westlaw Journal)
On March 1, the two-year transitional period under the New York State Department of Financial Services’ “Cybersecurity Requirements for Financial Services Companies” regulation expired, making all requirements effective. The cybersecurity regulation marks a shift in the governance of cybersecurity...
Articles"Navigating today’s biometric landscape" by Elizabeth E. McGinn, Scott T. Sakiyama, Magda Gathani, and Garylene D. Javier (Cybersecurity Law Report)
Biometrics-based authentication of payments and other transactions has been on the rise for the past several years, promising unparalleled convenience and security for consumers. However, the distinctive nature of biometric features that confers its advantages is also the source of the technology’s...
Articles"FTC v. D-Link Systems and the internet of things" by Elizabeth E. McGinn, John B. Williams, and Christopher M. Walczyszyn (Westlaw)
As businesses expand the availability of internet-connected devices, Buckley Sandler LLP attorneys Elizabeth McGinn, John Williams and Christopher Walczyszyn address the Federal Trade Commission’s role in regulating and enforcing “internet of things” device security to protect consumers’ data...
Articles"The devil is in the details: LabMD imposes limitations on the FTC’s enforcement authority" by Elizabeth E. McGinn and Sasha Leonhardt, (Cybersecurity Law Report)
In the latest data security case with significant implications for all enforcement actions, the United States Court of Appeals for the Eleventh Circuit struck down a cease-and-desist order as impermissibly vague. By ruling against the FTC in its long-running and contentious dispute with LabMD, the...
Articles"‘Reasonable security’: A moving target" by Elizabeth E. McGinn (Cyber Security)
The concept of ‘reasonable security’ for personal information maintained by financial institutions began with the Gramm-Leach-Bliley Act (GLBA). On 12th November, 1999, Congress enacted GLBA, a landmark privacy and data security law which required the federal financial regulatory agencies to...
Articles“Social media in the current enforcement landscape,” by Elizabeth E. McGinn, John B. Williams, and Timothy Coley (Banking Exchange)
Perhaps no aspect of the internet has grown so broadly in the past decade as social media. From its infancy at sites like MySpace, Friendster, and “TheFacebook” (originally open only to students at select colleges), to the current industry leaders of Facebook (now open to all, and touting more than...
Articles"Practical considerations for litigating proportionality" by Elizabeth E. McGinn, Scott T. Sakiyama, and Brian W. Bartholomay (Law360)
After years of discussion regarding how the rules of discovery might be improved, amendments to the Federal Rules of Civil Procedure became effective on Dec. 1, 2015. One of the more prominent amendments involved FRCP 26(b)(1), which was updated to allow discovery of relevant, nonprivileged...
ArticlesElizabeth E. McGinn and Jessica M. Shannon Authored a Bloomberg BNA Article, "Consumer Privacy Should Be Top-of-Mind for FinTech Firms to Avoid Scrutiny"
With many people underserved by traditional lending institutions, including the close to 45 million adults in the U.S. who the Consumer Financial Protection Bureau estimates are “credit invisible” or have had past credit challenges, emerging FinTech lenders and online lending platforms (FinTech...
ArticlesElizabeth E. McGinn Authored a Westlaw Journal Article, "Data Security Breach Litigation Post-Spokeo"
California enacted the nation’s first data security breach notification law 15 years ago. Following a few high-profile incidents in 2005, other states rapidly began enacting breach-notice requirements based largely on the California model. This proliferation of laws — and the constant news of...
ArticlesValidating the Validation Set
Predictive coding is becoming increasingly prevalent in fulfilling discovery obligations in litigation and in response to regulatory inquiries. As the process gains acceptance, parties, regulators and courts debate whether producing parties should be required to disclose documents and coding...
ArticlesGuarding Against Privilege Waiver in Federal Investigations
It has been well over a year since Judge Andrew Peck gently excoriated the legal community for underusing the not-so-new privilege waiver protections of Federal Rule of Evidence 502(d). He has fondly referred to it as the “Get Out of Jail Free Card” and offered that “it is akin to malpractice not...
ArticlesSpecial Alert: NYDFS Stakes Claim on Cybersecurity Regulation
On September 13, the New York Department of Financial Services (DFS) issued a proposed rule establishing cybersecurity requirements for financial services companies, and has thus ventured into new territory for state regulators. In the words of Governor Cuomo, “New York, the financial capital of...
ArticlesMortgage Industry Struggles to Avoid Vendor Management Land Mines
October 3, 2015, marked the official effective date of the long-anticipated, and widely dreaded, TILA-RESPA Integrated Disclosure (TRID) rule. Mortgage professionals have learned from a half-decade deluge of regulation that their TRID fate, along with almost every other aspect of the industry’s...
ArticlesData Risk in the Third-Party Ecosystem - Ponemon Survey Results
Data breaches are on the rise and the percentage of those data breaches caused by third-party relationships is also expected to rise. In our recent survey, “Data Risk in the Third-Party Ecosystem,” conducted by the Ponemon Institute, 49% of respondents indicated their company had experienced a data...
ArticlesSpecial Alert: CFPB Enters into First Consent Order with Online Payment Platform for Misrepresenting Data Security Practices
On March 2, the CFPB took action against an Iowa-based online payment platform and entered into a Consent Order for deceptive acts and practices relating to false representations regarding the company’s data security practices in violation of 1031(a) and 1036 (a)(1) of the Consumer Financial...
ArticlesConsumer Financial Services Answer Book 2016
The fifth edition of the Practising Law Institute’s Consumer Financial Services Answer Book was published this month, with 29 Buckley Sandler attorneys contributing to this leading desk reference. The 2016 edition of the Consumer Financial Services Answer Book continues to provide practitioners...
ArticlesSpecial Alert: Cross-Border Data Transfers Significantly Impacted by EU Court Decision Invalidating Adequacy of U.S.- EU Data Protection Safe Harbor Framework
On October 6, 2015, the Court of Justice of the European Union (CJEU) in Schrems v. Data Protection Commissioner (“Schrems”) declared “invalid” a decision of the European Commission that the United States-European Union Safe Harbor framework (Safe Harbor) provides adequate protection for personal...
ArticlesRegulators Turn Up Heat on Vendor Management
The vendor landscape for companies in the mortgage industry has shifted significantly in recent years. State and federal regulators have levied hefty and often unprecedented fines against a number of supervised institutions because of inadequate vendor-management policies and ineffective vendor...
ArticlesSpotlight on Vendor Management: Mortgage Industry Continues to Bear Brunt of CFPB Regulatory Burdens
Mortgage industry players have had to adapt quickly in recent years to the evolving regulatory environment, and the latest scramble for mortgage lenders includes the various downstream effects of pending rule changes set to take effect on August 1, 2015, related to disclosures required under the...
ArticlesMortgage Industry Continues to Bear Brunt of CFPB Regulatory Burdens
In recent years, mortgage industry players have had to quickly adapt to the evolving regulatory environment. The latest scramble for mortgage lenders includes the downstream effects of pending rule changes related to disclosures required in implementing regulations of the Truth-in-Lending Act ("...
ArticlesSpotlight on Vendor Management: "Brother's Keeper" Enforcement Pattern Becoming the Norm
Two regulatory enforcement matters announced in April offer a view into the current mindset of regulators in the ever-evolving world of vendor management. First, the Federal Communications Commission (FCC) announced a $25 million settlement with a telecommunications carrier related to the...
ArticlesSpotlight on Electronic Discovery: Challenges Presented by the Internet of Things
E-discovery is poised to enter a new revolution as the Internet of Things (“IoT”) continues its seemingly exponential growth. IoT is the ecosystem of interconnected sensory devices that perform coordinated, pre-programmed – and even learned – tasks without the need for...
ArticlesTreading Beyond the Iota of Fear: eDiscovery of the Internet of Things
The first difficulty to preservation concerns the primary question of control of the cloud data, which is not unique to IoT. Businesses are investing billions into IoT not only because of their profit expectations from the one-time sale of an IoT device, but also from having unfettered access to...
ArticlesSpotlight on Vendor Management: Interpreting CFPB Guidance and Enforcement Actions
In April 2012, the Consumer Protection Financial Bureau issued Bulletin 2012-03, a guidance document setting forth the CFPB’s high-level expectations related to the engagement of third party service providers by supervised financial institutions. Since then, the Bureau has often referenced...
ArticlesRegulatory Blue Pencil: CFPB Guidance, Enforcement Actions Signal Expanding Focus on Vendor Management
In April 2012, the Consumer Protection Financial Bureau (the ‘‘CFPB’’ or ‘‘Bureau’’) issued Bulletin 2012-03 (the ‘‘Service Provider Bulletin’’), a guidance document setting forth the CFPB’s high-level expectations related to the engagement of third party service providers by supervised financial...
Articles
Awards and Recognitions
Awards & Recognitions
- Recognized in Legal 500: Technology - Cyber Law (Data Protection and Privacy) (2013-2019)
- Recognized in Irish Legal 100 (2018-2019)
Practice Areas
- Bank Secrecy Act/Anti-Money Laundering & Sanctions
- Class Actions
- Complex Civil Litigation
- Consumer Finance
- Consumer Financial Protection Bureau
- E-discovery
- Enforcement Actions & Investigations
- Federal Trade Commission
- Fintech
- Military Lending
- Mortgages
- Privacy, Cyber Risk & Data Security
- State Attorneys General
- Student Lending
- Unfair, Deceptive, or Abusive Acts or Practices
- Vendor Management
Education
- J.D., American University, 2000 (cum laude)
- B.S., St. Lawrence University
Admissions
- District of Columbia
- Maryland
- New York
Government Service
- Law Clerk, Hon. P. Trevor Sharp, U.S. District Court, Middle District of North Carolina