Elizabeth E. McGinn
Partner
Biography
Elizabeth McGinn, a Partner at Buckley LLP, focuses her practice on assisting clients in identifying, evaluating, and managing the risks associated with cybersecurity, internal privacy, and information security practices, as well as those of third-party vendors. Ms. McGinn advises clients on the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act (FCRA), the General Data Protection Regulation (GDPR), the Telephone Consumer Protection Act (TCPA), the Telemarketing Sales Rule (TSR), the Health Insurance Portability and Accountability Act (HIPAA), security breach notification laws, and other U.S. state and federal privacy and data security requirements. In conjunction with this work, she develops policies and procedures, records retention schedules, and training materials. A significant part of her practice involves addressing data security breaches, working proactively with clients to prevent such breaches from occurring, and advising clients in responding to regulatory inquiries, investigations, and enforcement actions related to privacy, information security, and cybersecurity issues. She also assists numerous professional sports teams comply with data privacy concerns, consumer financing laws, and payment system issues.
Ms. McGinn also represents financial institutions, corporations, and individuals in a wide range of matters. She advises clients in investigations, examinations, and litigation initiated by the Consumer Financial Protection Bureau (CFPB), the New York Department of Financial Services (NYDFS), the Department of Justice (DOJ), the Federal Trade Commission (FTC), state attorneys general, and bank regulatory agencies. She has represented financial institutions in class action litigation concerning federal and state fair lending laws, mortgage fraud, unfair and deceptive trade practices statutes, consumer fraud statutes, and consumer privacy laws. As Co-chair of the firm's eDiscovery Committee, Ms. McGinn has extensive experience counseling clients in response to federal and state subpoenas, and handling all aspects of eDiscovery.
Over the course of her career, Ms. McGinn has represented clients in matters involving simultaneous criminal, civil administrative, and congressional proceedings. She has defended clients in matters relating to money laundering compliance issues and investigations and litigation by the U.S. Attorney’s Office for the Southern District of New York (SDNY), the Manhattan District Attorney’s Office, the Department of Treasury, the Securities and Exchange Commission (SEC), and various congressional committees, including the U.S. Committee on Homeland Security and Government Affairs Permanent Subcommittee on Investigations, the U.S. House Financial Services Committee and the U.S. House Committee on Oversight and Government Reform.
Representative work includes:
- Assisting clients in addressing data security incidents including interactions with federal and state agencies, oversight of forensic investigations, consumer notifications, and remedial steps following incidents
- Advising clients on proactive cybersecurity readiness, including developing policies and procedures, and counseling clients on data collection and sharing issues
- Advising clients in responding to regulatory inquiries, investigations, and enforcement actions related to privacy, information security, and cybersecurity issues
- Advising fintech companies and financial services institutions regarding the application of privacy and security safeguards to new technologies
- Representing and advising a variety of clients, including banks, student lenders, mortgage servicers, and other financial services companies, during regulatory investigations and enforcement matters by state and federal agencies, including the CFPB, FTC, DOJ, NYDFS, and state attorneys general
- Represented two major lenders in a suit brought by the DOJ alleging violations of the Servicemembers Civil Relief Act (SCRA); multiple cases were settled collectively, without admission of fault, for a negotiated settlement
- Negotiated a settlement with the Nevada Attorney General on behalf of a mortgage company accused of violating the Nevada Deceptive Trade Practices Act
- Represented a major financial institution in a Federal Reserve Board (FRB) investigation alleging unfair and deceptive mortgage origination practices
- Represented a financial institution in a nationwide borrower class action alleging discrimination on the part of the bank’s mortgage lending practices in violation of the Fair Housing Act (FHA) and the Equal Credit Opportunity Act (ECOA)
Ms. McGinn has published and spoken on a variety of topics, including privacy, electronic discovery, vendor management, and consumer financial services litigation, and authored the chapter on “Oversight of Compliance and Control Responsibilities” for Navigating the Digital Age – The Definitive Cybersecurity Guide for Directors and Officers. She has been recognized with the firm's Cyber Law (Data Protection and Privacy) practice group in Legal 500 (2013-2018), which describes her as an attorney who "'exceeds expectations on response and turnaround times,' has 'strong industry knowledge in data security and privacy,' and is 'able to walk the fine line between operational efficiency and regulatory compliance' when developing IT policies.'"
Ms. McGinn received her J.D. from The American University, Washington College of Law in 2000 (cum laude) and received the Mooers Trial Practice Award. She was the Senior Articles Editor for the International Law Review and a Marshall-Brennan Fellow. Ms. McGinn received a B.S. from St. Lawrence University. Following law school, she clerked for Federal Magistrate Judge P. Trevor Sharp of the United States District Court for the Middle District of North Carolina.
Webcasts & Speaking Engagements
DC Bar Webinar: W-2 Fraud – A Privacy Risk for Employees and an Often Uninsured Risk for Companies
Elizabeth E. McGinn discussed "W-2 Fraud – A Privacy Risk for Employees and an Often Uninsured Risk for Companies" at the DC Bar Webinar on Friday, March 3, 2017.
WebcastBuckley Sandler Webcast: W-2 Fraud – A Privacy Risk for Employees and an Often Uninsured Risk for Companies
Elizabeth E. McGinn discussed "W-2 Fraud – A Privacy Risk for Employees and an Often Uninsured Risk for Companies" at a Buckley Sandler Webcast on Thursday, February 9, 2017.
WebcastThe Knowledge Group: eDiscovery Insourcing vs. Outsourcing: Complex and Critically Important Decisions You Need to Understand in 2017
Elizabeth McGinn spoke during The Knowledge Group webinar, "E-Discovery Insourcing vs. Outsourcing: Complex and Critically Important Decisions You Need to Understand in 2017," on Wednesday, January 25, 2017 from 12:00 - 2:00 pm ET.
Speaking EngagementC4CM Webinar: Evaluating & Addressing Risk in Third Party Contracts
Elizabeth McGinn spoke on the C4CM webinar, "Evaluating & Addressing Risk in Third Party Contracts," on Thursday, December 8, 2016 from 2:00 - 3:15 pm ET. Click here to learn more about the event.
Speaking EngagementThe Knowledge Group: Identity Theft and Data Security: Raising the Bar
Elizabeth McGinn spoke on The Knowledge Group webinar, "Identity Theft and Data Security: Raising the Bar," on Wednesday, November 16, 2016 from 3:00 - 5:00 pm ET.
Speaking EngagementThe Knowledge Group: Identifying and Mitigating Data Security Risks From File Sharing & Cloud Storage
Elizabeth McGinn spoke on The Knowledge Group webinar, "Identifying and Mitigating Data Security Risks From File Sharing & Cloud Storage," on Friday, October 14, 2016 from 12:00 - 2:00 pm ET.
Speaking EngagementDC Bar Pro Bono Webinar: Cybersecurity for Small Businesses - What You Need to Know
Elizabeth McGinn spoke on the DC Bar Pro Bono Webinar: Cybersecurity for Small Businesses - What You Need to Know on Wednesday, September 7, 2016.
Speaking EngagementBuckley Sandler Webcast: The CFPB in Privacy & Data Security: Examining the Agency's Role, Authority, and Direction
Under the Dodd-Frank Act, the CFPB inherited authority over the privacy provisions, including privacy notices, of the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act. The Dwolla enforcement action announced earlier this year showed that the CFPB also intends to be involved in data security...
WebcastBuckley Sandler Webcast: eDiscovery Challenges in Government Investigations
Government investigations are high stakes and often involve significant risk—both financial and reputational—for companies. These investigations often pose significant eDiscovery challenges insofar as the motivations of the parties and the rules of the road are not quite the same as in a typical...
WebcastBuckley Sandler Webcast: Data Risk in the Third-Party Ecosystem - Issues and Concerns Raised by the Ponemon Survey
When it comes to data security, US companies have serious concerns about their third-party vendors—and with good reason. According to a recent survey “ Data Risk in the Third-Party Ecosystem ,” commissioned by Buckley Sandler and Treliant Risk Advisors, and conducted by the renowned Ponemon...
WebcastBuckley Sandler Webcast: Avoiding Vendor Management Pitfalls for Lenders, AMCs, and Appraisers
Join Buckley Sandler attorneys Jon Langlois, Beth McGinn, and Moorari Shah for a discussion on navigating the tension between appraiser independence requirements and vendor management principles. We will review the inherent conflicts among Real Estate Lenders, Appraisal Management Companies (AMCs)...
WebcastThe Knowledge Group: Mobile Privacy and Security Issues in 2015: Practical Guidance to Mitigate Data Breaches Webcast
Elizabeth McGinn spoke on The Knowledge Group's webcast, Mobile Privacy and Security Issues in 2015: Practical Guidance to Mitigate Data Breaches, on Tuesday, August 25, 2015.
Speaking EngagementBloomberg BNA Webinar: CFPB Guidance: Enforcement Actions Signal Focus on Vendor Mangement
Elizabeth McGinn and Moorari Shah spoke on the Bloomberg BNA webinar, "CFPB Guidance: Enforcement Actions Signal Expanding Focus on Vendor Management," on Thursday, July 9, 2015.
Speaking EngagementBuckley Sandler Webcast: Answers to the Most Common Vendor Management Questions
Following our May 6, 2015 webcast, Navigating Vendor Management Issues in Today’s Regulatory Environment , we received numerous questions and requests for further information. This follow-up webcast will address a number of these questions and requests covering various aspects of vendor management...
WebcastBuckley Sandler Webcast: Navigating Vendor Management Issues in Today's Regulatory Environment
The CFPB and numerous agencies – including the OCC, FRB, and FDIC – have identified vendor management as a key component of their upcoming examinations with several issuing Bulletins ( here , here , here , and here ). These Bulletins set forth their high-level regulatory expectations related to the...
WebcastALI-CLE Webinar: Email for Lawyers: Ethical and Common Sense Considerations Before Sending Electronic Communication
Elizabeth McGinn spoke on the ALI-CLE webinar, "Email for Lawyers: Ethical and Common Sense Considerations Before Sending Electronic Communication," on Wednesday, April 29, 2015. Click here to learn more about this event .
Speaking EngagementALI-CLE Seminar: Cyberfraud Risks to Financial Institutions
Elizabeth McGinn spoke on the faculty of the ALI-CLE seminar/webcast, "Cyberfraud Risks to Financial Institutions," on December 3, 2014. Seminar summary: Cyberattacks are a growing risk for financial institutions of all sizes. What is the liability for financial institutions when a customer suffers...
Speaking Engagement
In The News
The Legal 500 2018 recognizes five practice areas and 17 attorneys at Buckley Sandler
WASHINGTON, DC (June 6, 2018) — Buckley Sandler LLP again has been noted as one of the nation’s top law firms by The Legal 500 in its 2018 rankings, with recognition in five practice areas: Financial Services: Litigation Financial Services: Regulation Corporate Investigations and White Collar...
Press ReleasesThe Legal 500 2018 recognizes five practice areas and 17 attorneys at Buckley Sandler
Buckley Sandler LLP again has been noted as one of the nation’s top law firms by The Legal 500 in its 2018 rankings, with recognition in five practice areas:
- Financial Services: Litigation
- Financial Services: Regulation
- Corporate ...
Elizabeth E. McGinn Quoted in Bloomberg BNA Article, “FTC Blogs Help Define Reasonable Data Security, Attorneys Say”
Elizabeth E. McGinn was quoted on August 25, 2017 in Bloomberg BNA article, “FTC Blogs Help Define Reasonable Data Security, Attorneys Say,” which discussed the new FTC weekly data security blog and the information it can provide to create best practices for companies. The article stated, “The FTC...
In The NewsElizabeth E. McGinn Quoted in Bloomberg BNA Article, “Trump’s Possible FTC Pick Likely to Uphold Data Security Agenda”
Elizabeth E. McGinn was quoted on August 14, 2017 in a Bloomberg BNA article, “Trump’s Possible FTC Pick Likely to Uphold Data Security Agenda,” which said President Trump is poised to bypass Federal Trade Commission Acting Chairman Maureen K. Ohlhausen and tap antitrust attorney Joseph Simons to...
In The NewsThe Legal 500 2017 Recognizes Four Practice Areas and 20 Attorneys at Buckley Sandler
Buckley Sandler has again been cited as one of the nation’s top law firms by The Legal 500 in its 2017 rankings, with the recognition of four practice areas: Financial Services: Litigation Financial Services: Regulatory Cyber Law (Data Protection and Privacy) Corporate Investigations and White...
Press ReleasesElizabeth E. McGinn Quoted in MLex Article, "FTC Likely to Demand Evidence of Harm, Rely Less on 'Unfairness' Claims Under GOP Leadership"
Elizabeth E. McGinn was quoted on January 27, 2017 in a MLex article regarding the FTC’s plan to “demand evidence that there has been a concrete harm to consumers before it brings privacy and data security enforcement actions.” The article also noted, “The end result is that the FTC will focus more...
In The NewsElizabeth McGinn Quoted in Law360 Article, "NY Cybersecurity Rules Could Push Other Regulators"
Elizabeth McGinn was quoted in Law360 on September 13, 2016, regarding the impact of New York’s newly proposed cybersecurity rules, pertaining to financial institutions and their protection against data breaches. Law360 reported that these first-of-their-kind rules “would require banks, insurers,...
In The NewsElizabeth McGinn Quoted in Legaltech News Article, "Lessons Companies Can Learn from the FTC's LabMD Decision on Data Security"
Elizabeth McGinn was quoted in Ed Silverstein's Legaltech News article, "Lessons Companies Can Learn from the FTC's LabMD Decision on Data Security," on August 5, 2016. There is a good chance that the Federal Trade Commission's recent reversal of a decision by an administrative law judge on LabMD's...
In The NewsLegal 500 Recognizes Four Practice Areas and 14 Attorneys at Buckley Sandler in 2016 Rankings
Buckley Sandler LLP has again been noted as one of the nation’s top law firms, with recognition of four practice areas by The Legal 500 in its 2016 rankings: Financial Services: Litigation Financial Services: Regulatory Technology: Data Protection and Privacy White-Collar Criminal Defense In...
In The NewsLegal 500 Recognizes Four Practice Areas and 11 Attorneys at Buckley Sandler LLP
Buckley Sandler LLP is pleased to announce that The Legal 500 United States 2015 has recognized the firm and its attorneys in four practice areas. The firm has been recognized in the following practice areas: • Finance - Financial Services: Litigation • Finance - Financial Services: Regulatory •...
Press ReleasesElizabeth McGinn Quoted in MLex Article "Comment: California Judge's Ruling in Adobe Case Resonates Across US Data-Security Litigation"
Elizabeth McGinn was quoted in Mike Swift's MLex Market Insight article "Comment: California Judge's Ruling in Adobe Case Resonates Across US Data-Security Litigation" on October 13, 2014. Elizabeth E. McGinn, co-head of Buckley Sandler's Privacy, Cyber Risk & Data Security Group in Washington...
In The News
Articles & Special Alerts
"FTC v. D-Link Systems and the internet of things" by Elizabeth E. McGinn, John B. Williams, and Christopher M. Walczyszyn (Westlaw)
As businesses expand the availability of internet-connected devices, Buckley Sandler LLP attorneys Elizabeth McGinn, John Williams and Christopher Walczyszyn address the Federal Trade Commission’s role in regulating and enforcing “internet of things” device security to protect consumers’ data...
Articles"‘Reasonable security’: A moving target" by Elizabeth E. McGinn (Cyber Security)
The concept of ‘reasonable security’ for personal information maintained by financial institutions began with the Gramm-Leach-Bliley Act (GLBA). On 12th November, 1999, Congress enacted GLBA, a landmark privacy and data security law which required the federal financial regulatory agencies to...
Articles"The devil is in the details: LabMD imposes limitations on the FTC’s enforcement authority" by Elizabeth E. McGinn and Sasha Leonhardt, (Cybersecurity Law Report)
In the latest data security case with significant implications for all enforcement actions, the United States Court of Appeals for the Eleventh Circuit struck down a cease-and-desist order as impermissibly vague. By ruling against the FTC in its long-running and contentious dispute with LabMD, the...
Articles“Social media in the current enforcement landscape,” by Elizabeth E. McGinn, John B. Williams, and Timothy Coley (Banking Exchange)
Perhaps no aspect of the internet has grown so broadly in the past decade as social media. From its infancy at sites like MySpace, Friendster, and “TheFacebook” (originally open only to students at select colleges), to the current industry leaders of Facebook (now open to all, and touting more than...
Articles"Practical considerations for litigating proportionality" by Elizabeth E. McGinn, Scott T. Sakiyama, and Brian W. Bartholomay (Law360)
After years of discussion regarding how the rules of discovery might be improved, amendments to the Federal Rules of Civil Procedure became effective on Dec. 1, 2015. One of the more prominent amendments involved FRCP 26(b)(1), which was updated to allow discovery of relevant, nonprivileged...
ArticlesElizabeth E. McGinn, Antonio J. Reynolds, and Jessica M. Shannon Authored a Bloomberg BNA Article, "Consumer Privacy Should Be Top-of-Mind for FinTech Firms to Avoid Scrutiny"
With many people underserved by traditional lending institutions, including the close to 45 million adults in the U.S. who the Consumer Financial Protection Bureau estimates are “credit invisible” or have had past credit challenges, emerging FinTech lenders and online lending platforms (FinTech...
ArticlesElizabeth E. McGinn Authored a Westlaw Journal Article, "Data Security Breach Litigation Post-Spokeo"
California enacted the nation’s first data security breach notification law 15 years ago. Following a few high-profile incidents in 2005, other states rapidly began enacting breach-notice requirements based largely on the California model. This proliferation of laws — and the constant news of...
ArticlesValidating the Validation Set
Predictive coding is becoming increasingly prevalent in fulfilling discovery obligations in litigation and in response to regulatory inquiries. As the process gains acceptance, parties, regulators and courts debate whether producing parties should be required to disclose documents and coding...
ArticlesGuarding Against Privilege Waiver in Federal Investigations
It has been well over a year since Judge Andrew Peck gently excoriated the legal community for underusing the not-so-new privilege waiver protections of Federal Rule of Evidence 502(d). He has fondly referred to it as the “Get Out of Jail Free Card” and offered that “it is akin to malpractice not...
ArticlesSpecial Alert: NYDFS Stakes Claim on Cybersecurity Regulation
On September 13, the New York Department of Financial Services (DFS) issued a proposed rule establishing cybersecurity requirements for financial services companies, and has thus ventured into new territory for state regulators. In the words of Governor Cuomo, “New York, the financial capital of...
ArticlesMortgage Industry Struggles to Avoid Vendor Management Land Mines
October 3, 2015, marked the official effective date of the long-anticipated, and widely dreaded, TILA-RESPA Integrated Disclosure (TRID) rule. Mortgage professionals have learned from a half-decade deluge of regulation that their TRID fate, along with almost every other aspect of the industry’s...
ArticlesData Risk in the Third-Party Ecosystem - Ponemon Survey Results
Data breaches are on the rise and the percentage of those data breaches caused by third-party relationships is also expected to rise. In our recent survey, “Data Risk in the Third-Party Ecosystem,” conducted by the Ponemon Institute, 49% of respondents indicated their company had experienced a data...
ArticlesSpecial Alert: CFPB Enters into First Consent Order with Online Payment Platform for Misrepresenting Data Security Practices
On March 2, the CFPB took action against an Iowa-based online payment platform and entered into a Consent Order for deceptive acts and practices relating to false representations regarding the company’s data security practices in violation of 1031(a) and 1036 (a)(1) of the Consumer Financial...
ArticlesConsumer Financial Services Answer Book 2016
The fifth edition of the Practising Law Institute’s Consumer Financial Services Answer Book was published this month, with 29 Buckley Sandler attorneys contributing to this leading desk reference. The 2016 edition of the Consumer Financial Services Answer Book continues to provide practitioners...
ArticlesSpecial Alert: Cross-Border Data Transfers Significantly Impacted by EU Court Decision Invalidating Adequacy of U.S.- EU Data Protection Safe Harbor Framework
On October 6, 2015, the Court of Justice of the European Union (CJEU) in Schrems v. Data Protection Commissioner (“Schrems”) declared “invalid” a decision of the European Commission that the United States-European Union Safe Harbor framework (Safe Harbor) provides adequate protection for personal...
ArticlesRegulators Turn Up Heat on Vendor Management
The vendor landscape for companies in the mortgage industry has shifted significantly in recent years. State and federal regulators have levied hefty and often unprecedented fines against a number of supervised institutions because of inadequate vendor-management policies and ineffective vendor...
ArticlesMortgage Industry Continues to Bear Brunt of CFPB Regulatory Burdens
In recent years, mortgage industry players have had to quickly adapt to the evolving regulatory environment. The latest scramble for mortgage lenders includes the downstream effects of pending rule changes related to disclosures required in implementing regulations of the Truth-in-Lending Act ("...
ArticlesSpotlight on Vendor Management: Mortgage Industry Continues to Bear Brunt of CFPB Regulatory Burdens
Mortgage industry players have had to adapt quickly in recent years to the evolving regulatory environment, and the latest scramble for mortgage lenders includes the various downstream effects of pending rule changes set to take effect on August 1, 2015, related to disclosures required under the...
ArticlesSpotlight on Vendor Management: "Brother's Keeper" Enforcement Pattern Becoming the Norm
Two regulatory enforcement matters announced in April offer a view into the current mindset of regulators in the ever-evolving world of vendor management. First, the Federal Communications Commission (FCC) announced a $25 million settlement with a telecommunications carrier related to the...
ArticlesSpotlight on Electronic Discovery: Challenges Presented by the Internet of Things
E-discovery is poised to enter a new revolution as the Internet of Things (“IoT”) continues its seemingly exponential growth. IoT is the ecosystem of interconnected sensory devices that perform coordinated, pre-programmed – and even learned – tasks without the need for...
ArticlesTreading Beyond the Iota of Fear: eDiscovery of the Internet of Things
The first difficulty to preservation concerns the primary question of control of the cloud data, which is not unique to IoT. Businesses are investing billions into IoT not only because of their profit expectations from the one-time sale of an IoT device, but also from having unfettered access to...
ArticlesRegulatory Blue Pencil: CFPB Guidance, Enforcement Actions Signal Expanding Focus on Vendor Management
In April 2012, the Consumer Protection Financial Bureau (the ‘‘CFPB’’ or ‘‘Bureau’’) issued Bulletin 2012-03 (the ‘‘Service Provider Bulletin’’), a guidance document setting forth the CFPB’s high-level expectations related to the engagement of third party service providers by supervised financial...
ArticlesSpotlight on Vendor Management: Interpreting CFPB Guidance and Enforcement Actions
In April 2012, the Consumer Protection Financial Bureau issued Bulletin 2012-03, a guidance document setting forth the CFPB’s high-level expectations related to the engagement of third party service providers by supervised financial institutions. Since then, the Bureau has often referenced...
ArticlesConsumer Financial Services Answer Book 2015
Buckley Sandler lawyers played a prominent role in the publication of this leading desk reference on consumer financial services, published by the Practising Law Institute. The 2015 edition of this publication continues to provide practitioners with a core understanding of the laws governing...
ArticlesComment: California Judge's Ruling in Adobe Case Resonates Across US Data-Security
Elizabeth E. McGinn was quoted in a Mlex article, "California Judge's Ruling in Adobe Case Resonates Across US Data-Security" on October 13, 2014.
ArticlesThe Board of Directors and Cybersecurity: Setting up the Right Structure
Because investments in cybersecurity do not generate revenue, they can be a hard sell. At the same time, such investments generally lead to significant cost savings and can help a company avoid the reputational damage associated with a successful attack. In addition to devoting attention to reports...
ArticlesTrust and Transparency in the Era of 'Bring Your Own Device'
Information, including proprietary business information and personally identifiable information, is one of a financial institution’s most precious assets, and protecting this asset is necessary to establishing and maintaining long-standing relationships between a financial institution and its...
Articles
Awards and Recognitions
Awards & Recognitions
- Recognized in Legal 500: Technology - Cyber Law (Data Protection and Privacy) (2013-2018)
Practice Areas
- Bank Secrecy Act/Anti-Money Laundering & Sanctions
- Class Actions
- Complex Civil Litigation
- Consumer Finance
- Consumer Financial Protection Bureau
- E-discovery
- Enforcement Actions & Investigations
- Federal Trade Commission
- Fintech
- Military Lending
- Mortgages
- Privacy, Cyber Risk & Data Security
- State Attorneys General
- Student Lending
- Unfair, Deceptive, or Abusive Acts or Practices
- Vendor Management
Education
- J.D., American University, 2000 (cum laude)
- B.S., St. Lawrence University
Admissions
- District of Columbia
- Maryland
- New York
Government Service
- Law Clerk, Hon. P. Trevor Sharp, U.S. District Court, Middle District of North Carolina