Elizabeth McGinn, a Partner at Buckley LLP, focuses her practice on assisting clients in identifying, evaluating, and managing the risks associated with cybersecurity, internal privacy, and information security practices, as well as those of third-party vendors. Ms. McGinn advises clients on the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act (FCRA), the General Data Protection Regulation (GDPR), the Telephone Consumer Protection Act (TCPA), the Telemarketing Sales Rule (TSR), the Health Insurance Portability and Accountability Act (HIPAA), security breach notification laws, and other U.S. state and federal privacy and data security requirements. In conjunction with this work, she develops policies and procedures, records retention schedules, and training materials. A significant part of her practice involves addressing data security breaches, working proactively with clients to prevent such breaches from occurring, and advising clients in responding to regulatory inquiries, investigations, and enforcement actions related to privacy, information security, and cybersecurity issues. She also assists numerous professional sports teams comply with data privacy concerns, consumer financing laws, and payment system issues.
Ms. McGinn also represents financial institutions, corporations, and individuals in a wide range of matters. She advises clients in investigations, examinations, and litigation initiated by the Consumer Financial Protection Bureau (CFPB), the New York Department of Financial Services (NYDFS), the Department of Justice (DOJ), the Federal Trade Commission (FTC), state attorneys general, and bank regulatory agencies. She has represented financial institutions in class action litigation concerning federal and state fair lending laws, mortgage fraud, unfair and deceptive trade practices statutes, consumer fraud statutes, and consumer privacy laws. As Co-chair of the firm's eDiscovery Committee, Ms. McGinn has extensive experience counseling clients in response to federal and state subpoenas, and handling all aspects of eDiscovery.
Over the course of her career, Ms. McGinn has represented clients in matters involving simultaneous criminal, civil administrative, and congressional proceedings. She has defended clients in matters relating to money laundering compliance issues and investigations and litigation by the U.S. Attorney’s Office for the Southern District of New York (SDNY), the Manhattan District Attorney’s Office, the Department of Treasury, the Securities and Exchange Commission (SEC), and various congressional committees, including the U.S. Committee on Homeland Security and Government Affairs Permanent Subcommittee on Investigations, the U.S. House Financial Services Committee and the U.S. House Committee on Oversight and Government Reform.
Representative work includes:
- Assisting clients in addressing data security incidents including interactions with federal and state agencies, oversight of forensic investigations, consumer notifications, and remedial steps following incidents
- Advising clients on proactive cybersecurity readiness, including developing policies and procedures, and counseling clients on data collection and sharing issues
- Advising clients in responding to regulatory inquiries, investigations, and enforcement actions related to privacy, information security, and cybersecurity issues
- Advising fintech companies and financial services institutions regarding the application of privacy and security safeguards to new technologies
- Representing and advising a variety of clients, including banks, student lenders, mortgage servicers, and other financial services companies, during regulatory investigations and enforcement matters by state and federal agencies, including the CFPB, FTC, DOJ, NYDFS, and state attorneys general
- Represented two major lenders in a suit brought by the DOJ alleging violations of the Servicemembers Civil Relief Act (SCRA); multiple cases were settled collectively, without admission of fault, for a negotiated settlement
- Negotiated a settlement with the Nevada Attorney General on behalf of a mortgage company accused of violating the Nevada Deceptive Trade Practices Act
- Represented a major financial institution in a Federal Reserve Board (FRB) investigation alleging unfair and deceptive mortgage origination practices
- Represented a financial institution in a nationwide borrower class action alleging discrimination on the part of the bank’s mortgage lending practices in violation of the Fair Housing Act (FHA) and the Equal Credit Opportunity Act (ECOA)
Ms. McGinn has published and spoken on a variety of topics, including privacy, electronic discovery, vendor management, and consumer financial services litigation, and authored the chapter on “Oversight of Compliance and Control Responsibilities” for Navigating the Digital Age – The Definitive Cybersecurity Guide for Directors and Officers. She has been recognized for her work in Cyber Law (Data Protection and Privacy) by Legal 500 since 2013, which describes her as “outstanding on privacy and e-discovery issues,” “able to advise both on the regulatory and litigation sides of problems,” an attorney who "'exceeds expectations on response and turnaround times,' has 'strong industry knowledge in data security and privacy,' and is 'able to walk the fine line between operational efficiency and regulatory compliance' when developing IT policies.'"
Ms. McGinn received her J.D. from The American University, Washington College of Law in 2000 (cum laude) and received the Mooers Trial Practice Award. She was the Senior Articles Editor for the International Law Review and a Marshall-Brennan Fellow. Ms. McGinn received a B.S. from St. Lawrence University. Following law school, she clerked for Federal Magistrate Judge P. Trevor Sharp of the United States District Court for the Middle District of North Carolina.
Outstanding on privacy and e-discovery issues. Able to advise both on the regulatory and litigation sides of problems.Legal 500
Elizabeth E. McGinn quoted in Bloomberg Law article, “New FTC leadership likely to put consumer privacy in crosshairs”
Elizabeth E. McGinn was quoted in a Bloomberg Law article, “New FTC leadership likely to put consumer privacy in crosshairs,” which examined how the agency will now approach privacy enforcement. “There were significant settlements related to data security issues under Trump, but we’re likely to see...In The News
“Buckley attorneys are incredibly responsive while providing top quality legal services,” is how respondents described the firm in the 2020 edition of Legal 500, which ranked Buckley as a top law firm and recognized it in six categories:
- Corporate Investigations and White ...
Elizabeth E. McGinn extensively quoted in three-part series in Cybersecurity Law Report, “The Rise of Facial Recognition Technology”
Elizabeth E. McGinn was extensively quoted in a three-part series in Cybersecurity Law Report, “The Rise of Facial Recognition Technology,” which discussed the uses, risks, and legal framework governing FRT. McGinn noted “If a company experiences a breach and has biometric data customers residing...In The News
The Legal 500 once again ranked Buckley as a top law firm and recognized it in five categories:
- Corporate Investigations and White Collar Criminal Defense: Corporate – Tier 4
- Corporate Investigations and White Collar Criminal Defense: Individuals – Tier 2 ...
Buckley Sandler LLP again has been noted as one of the nation’s top law firms by The Legal 500 in its 2018 rankings, with recognition in five practice areas:
- Financial Services: Litigation
- Financial Services: Regulation
- Corporate ...
Elizabeth E. McGinn Quoted in Bloomberg BNA Article, “FTC Blogs Help Define Reasonable Data Security, Attorneys Say”
Elizabeth E. McGinn was quoted on August 25, 2017 in Bloomberg BNA article, “FTC Blogs Help Define Reasonable Data Security, Attorneys Say,” which discussed the new FTC weekly data security blog and the information it can provide to create best practices for companies. The article stated, “The FTC...In The News
Elizabeth E. McGinn Quoted in Bloomberg BNA Article, “Trump’s Possible FTC Pick Likely to Uphold Data Security Agenda”
Elizabeth E. McGinn was quoted on August 14, 2017 in a Bloomberg BNA article, “Trump’s Possible FTC Pick Likely to Uphold Data Security Agenda,” which said President Trump is poised to bypass Federal Trade Commission Acting Chairman Maureen K. Ohlhausen and tap antitrust attorney Joseph Simons to...In The News
Buckley Sandler has again been cited as one of the nation’s top law firms by The Legal 500 in its 2017 rankings, with the recognition of four practice areas:
- Financial Services: Litigation
- Financial Services: Regulatory
- Cyber Law (Data Protection and ...
Elizabeth E. McGinn Quoted in MLex Article, "FTC Likely to Demand Evidence of Harm, Rely Less on 'Unfairness' Claims Under GOP Leadership"
Elizabeth E. McGinn was quoted on January 27, 2017 in a MLex article regarding the FTC’s plan to “demand evidence that there has been a concrete harm to consumers before it brings privacy and data security enforcement actions.” The article also noted, “The end result is that the FTC will focus more...In The News
Elizabeth McGinn was quoted in Law360 on September 13, 2016, regarding the impact of New York’s newly proposed cybersecurity rules, pertaining to financial institutions and their protection against data breaches. Law360 reported that these first-of-their-kind rules “would require banks, insurers,...In The News
Elizabeth McGinn Quoted in Legaltech News Article, "Lessons Companies Can Learn from the FTC's LabMD Decision on Data Security"
Elizabeth McGinn was quoted in Ed Silverstein's Legaltech News article, "Lessons Companies Can Learn from the FTC's LabMD Decision on Data Security," on August 5, 2016. There is a good chance that the Federal Trade Commission's recent reversal of a decision by an administrative law judge on LabMD's...In The News
Buckley Sandler LLP has again been noted as one of the nation’s top law firms, with recognition of four practice areas by The Legal 500 in its 2016 rankings: Financial Services: Litigation Financial Services: Regulatory Technology: Data Protection and Privacy White-Collar Criminal Defense In...In The News
"Empire state of privacy: Recent developments in New York’s privacy and cybersecurity laws" by Elizabeth E. McGinn, Amanda R. Lawrence, Sasha Leonhardt, and Magda Gathani (New York Law Journal)
New York over the past few years has steadily raised the bar on privacy and cybersecurity standards for commercial enterprises, and, along with the European Union and California, is increasingly seen as a pacesetter in this fast-developing area of law. Proposed legislation before its General...Articles
"Force majeure in the Covid era – What now?" by Elizabeth E. McGinn, Ryan S. Pollard, and Anthony Carral (Sports Litigation Alert)
The Covid-19 pandemic has significantly impacted all aspects of the global economy, and sports is among the many industries that moved quickly to minimize the disruption. Very early on, members of the sports industry scrambled to analyze their force majeure clauses as customers, vendors, and key...Articles
"Implementing the CCPA regulations: Are you ready?" by Amanda R. Lawrence, Elizabeth E. McGinn, and Sherry-Maria Safchuk (Cybersecurity Law Report)
The final regulations under the California Consumer Privacy Act, introduced by the California Attorney General last October, became effective on August 14, 2020. The AG has already implemented many of the changes suggested in the public comments, but there are still several open questions that...Articles
"Reopening well: Balancing employee privacy with employee safety" by Elizabeth E. McGinn, Amanda R. Lawrence, James C. Chou, and David Rivera (Corporate Compliance Insights)
Consumer privacy has been a key area of focus over the past several years, but as companies begin return-to-work operations, they discover that employee privacy looms large as well. Well-intentioned companies seeking to keep employees safe risk incurring penalties from a variety of agencies based...Articles
"Confusion surrounding the Privacy Shield rollback" by Amanda R. Lawrence, Elizabeth E. McGinn, and Magda Gathani
The Court of Justice of the European Union (CJEU) last month invalidated the EU-U.S. Privacy Shield, which over 5,000 companies have relied on as a legal mechanism of transferring data from the EU to the United States.
The European Data Protection Board (EDPB) did not provide a grace...Buckley Commentary & Analysis
"Adjusting information security for long-term telework" by Amanda R. Lawrence, Elizabeth E. McGinn, and James C. Chou (Bloomberg Law)
Amid a fast-moving pandemic in the spring of 2020, many companies were forced to adopt remote-work operations almost overnight to maintain critical business functions. This approach initially seemed like a temporary and imperfect solution to maintaining workforce safety while continuing essential...Articles
"Privacy and cybersecurity issues in 2020 – What to expect" by Amanda R. Lawrence, Elizabeth E. McGinn, and James C. Chou (Journal of Banking and Finance Law and Practice)
A steady drumbeat of data breaches and growing concern among consumers about how companies are using their personal information will keep regulators, policy-makers and private litigants focused on cybersecurity and privacy in 2020 and beyond. While Congress tentatively explores comprehensive...Articles
"Don’t let your shield down—FTC gets tough on EU-U.S. privacy shield framework" by Elizabeth E. McGinn and Magda Gathani (Bloomberg Law)
The Federal Trade Commission took more enforcement actions related to the EU-U.S. Privacy Shield Framework in 2019 and the beginning of 2020 than it did in the prior three years combined. The FTC also has alleged deception in many cases where there was no indication that any misrepresentations...Articles
"Wearables present new realm of legal risks for teams" by Elizabeth E. McGinn and John B. Williams, III (Sports Business Journal)
Reaching peak athletic performance is an increasingly scientific and quantitative pursuit, and professional sports franchises, which have tremendous financial and emotional motivation to be the best, are at the forefront in gathering as much data about their assets as possible. FitBits, Apple...Articles
"3 key areas where the NYDFS ups the ante on cybersecurity" by Elizabeth E. McGinn and David Rivera (Westlaw Journal)
On March 1, the two-year transitional period under the New York State Department of Financial Services’ “Cybersecurity Requirements for Financial Services Companies” regulation expired, making all requirements effective. The cybersecurity regulation marks a shift in the governance of cybersecurity...Articles
"Navigating today’s biometric landscape" by Elizabeth E. McGinn, Scott T. Sakiyama, Magda Gathani, and Garylene D. Javier (Cybersecurity Law Report)
Biometrics-based authentication of payments and other transactions has been on the rise for the past several years, promising unparalleled convenience and security for consumers. However, the distinctive nature of biometric features that confers its advantages is also the source of the technology’s...Articles
"FTC v. D-Link Systems and the internet of things" by Elizabeth E. McGinn, John B. Williams, and Christopher M. Walczyszyn (Westlaw)
As businesses expand the availability of internet-connected devices, Buckley Sandler LLP attorneys Elizabeth McGinn, John Williams and Christopher Walczyszyn address the Federal Trade Commission’s role in regulating and enforcing “internet of things” device security to protect consumers’ data...Articles
"The devil is in the details: LabMD imposes limitations on the FTC’s enforcement authority" by Elizabeth E. McGinn and Sasha Leonhardt, (Cybersecurity Law Report)
In the latest data security case with significant implications for all enforcement actions, the United States Court of Appeals for the Eleventh Circuit struck down a cease-and-desist order as impermissibly vague. By ruling against the FTC in its long-running and contentious dispute with LabMD, the...Articles
The concept of ‘reasonable security’ for personal information maintained by financial institutions began with the Gramm-Leach-Bliley Act (GLBA). On 12th November, 1999, Congress enacted GLBA, a landmark privacy and data security law which required the federal financial regulatory agencies to...Articles
“Social media in the current enforcement landscape,” by Elizabeth E. McGinn, John B. Williams, and Timothy Coley (Banking Exchange)
Perhaps no aspect of the internet has grown so broadly in the past decade as social media. From its infancy at sites like MySpace, Friendster, and “TheFacebook” (originally open only to students at select colleges), to the current industry leaders of Facebook (now open to all, and touting more than...Articles
"Practical considerations for litigating proportionality" by Elizabeth E. McGinn, Scott T. Sakiyama, and Brian W. Bartholomay (Law360)
After years of discussion regarding how the rules of discovery might be improved, amendments to the Federal Rules of Civil Procedure became effective on Dec. 1, 2015. One of the more prominent amendments involved FRCP 26(b)(1), which was updated to allow discovery of relevant, nonprivileged...Articles
Elizabeth E. McGinn and Jessica M. Shannon Authored a Bloomberg BNA Article, "Consumer Privacy Should Be Top-of-Mind for FinTech Firms to Avoid Scrutiny"
With many people underserved by traditional lending institutions, including the close to 45 million adults in the U.S. who the Consumer Financial Protection Bureau estimates are “credit invisible” or have had past credit challenges, emerging FinTech lenders and online lending platforms (FinTech...Articles
Elizabeth E. McGinn Authored a Westlaw Journal Article, "Data Security Breach Litigation Post-Spokeo"
California enacted the nation’s first data security breach notification law 15 years ago. Following a few high-profile incidents in 2005, other states rapidly began enacting breach-notice requirements based largely on the California model. This proliferation of laws — and the constant news of...Articles
Predictive coding is becoming increasingly prevalent in fulfilling discovery obligations in litigation and in response to regulatory inquiries. As the process gains acceptance, parties, regulators and courts debate whether producing parties should be required to disclose documents and coding...Articles
It has been well over a year since Judge Andrew Peck gently excoriated the legal community for underusing the not-so-new privilege waiver protections of Federal Rule of Evidence 502(d). He has fondly referred to it as the “Get Out of Jail Free Card” and offered that “it is akin to malpractice not...Articles
On September 13, the New York Department of Financial Services (DFS) issued a proposed rule establishing cybersecurity requirements for financial services companies, and has thus ventured into new territory for state regulators. In the words of Governor Cuomo, “New York, the financial capital of...Articles
October 3, 2015, marked the official effective date of the long-anticipated, and widely dreaded, TILA-RESPA Integrated Disclosure (TRID) rule. Mortgage professionals have learned from a half-decade deluge of regulation that their TRID fate, along with almost every other aspect of the industry’s...Articles
Data breaches are on the rise and the percentage of those data breaches caused by third-party relationships is also expected to rise. In our recent survey, “Data Risk in the Third-Party Ecosystem,” conducted by the Ponemon Institute, 49% of respondents indicated their company had experienced a data...Articles
Special Alert: CFPB Enters into First Consent Order with Online Payment Platform for Misrepresenting Data Security Practices
On March 2, the CFPB took action against an Iowa-based online payment platform and entered into a Consent Order for deceptive acts and practices relating to false representations regarding the company’s data security practices in violation of 1031(a) and 1036 (a)(1) of the Consumer Financial...Articles
Awards & Recognitions
- Recognized in Legal 500: Technology - Cyber Law (Data Protection and Privacy) (2013-2020)
- Recognized in Irish Legal 100 (2018-2019)
- Class Actions
- Complex Civil Litigation
- Consumer Finance
- Consumer Financial Protection Bureau
- Enforcement Actions & Investigations
- Federal Trade Commission
- Military Lending
- Privacy, Cyber Risk & Data Security
- State Attorneys General
- Student Lending
- Unfair, Deceptive, or Abusive Acts or Practices
- Vendor Management
- J.D., American University, 2000 (cum laude)
- B.S., St. Lawrence University
- District of Columbia
- New York
- U.S. District Court, District of Columbia
- Law Clerk, Hon. P. Trevor Sharp, U.S. District Court, Middle District of North Carolina