
Outstanding on privacy and e-discovery issues. Able to advise both on the regulatory and litigation sides of problems. Top notch, incredibly responsive, thoughtful, and provides advice that is both practical and efficient.Legal 500
Elizabeth E. McGinn
Partner
Biography
Beth McGinn focuses her practice on assisting clients in identifying, evaluating and managing the risks associated with cybersecurity, internal privacy and information security practices, as well as those of third-party vendors. She advises clients on the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the General Data Protection Regulation (GDPR), the Telephone Consumer Protection Act (TCPA), the Telemarketing Sales Rule (TSR), the Health Insurance Portability and Accountability Act (HIPAA), security breach notification laws and other U.S. state and federal privacy and data security requirements.
Outstanding on privacy and e-discovery issues. Able to advise both on the regulatory and litigation sides of problems. Top notch, incredibly responsive, thoughtful, and provides advice that is both practical and efficient.Legal 500
In The News
Elizabeth E. McGinn quoted in Cybersecurity Law Report article, “SEC cyber rules: How to prepare for the new 10-K disclosure mandates”
The Cybersecurity Law Report article, “SEC cyber rules: How to prepare for the new 10-K disclosure mandates,” examined the second of two SEC proposed cybersecurity rules. The new mandate provides insight on how companies can comply with the proposed 10-K filing standards for annual reporting that...
In The NewsElizabeth E. McGinn quoted in a CSO article, “FTC begins sweeping commercial surveillance and lax data security rulemaking process”
The CSO article, “FTC begins sweeping commercial surveillance and lax data security rulemaking process,” discussed the persistence of data breaches exposing consumers’ sensitive information even as organizations are selling troves of consumers’ personal, financial, and location data to a thriving...
In The NewsElizabeth E. McGinn extensively quoted in Cybersecurity Law Report article, “SEC cyber rules: How to prepare for the new 8-K incident mandate”
The Cybersecurity Law Report article, “SEC cyber rules: How to prepare for the new 8-K incident mandate,” examined the SEC’s proposed rules to give investors a better view of how public companies are tackling risks around cybersecurity and better compare companies’ cyber efforts. The new mandate...
In The NewsLegal 500 2022 recognizes 18 Buckley attorneys in five practice areas
“They treat their clients better than any other law firm I’ve experienced,” is what one respondent said about Buckley LLP to Legal 500, which ranked the firm as a top law firm in five categories and recognized 18 of its attorneys for its 2022 edition.
The publication recognized...
AnnouncementsElizabeth E. McGinn quoted in Inside Mortgage Finance article, “Mortgage companies put on alert for Russian cyberattacks”
The Inside Mortgage Finance article, “Mortgage companies put on alert for Russian cyberattacks,” discussed the warnings from government agencies and trade associations of possible cyberattacks against the mortgage industry following Russia’s invasion of Ukraine. According to the New York State...
In The NewsElizabeth E. McGinn quoted in Cyberscoop article, “FTC wants to know when financial data is compromised, will require encryption”
Elizabeth E. McGinn was quoted in a Cyberscoop article, “FTC wants to know when financial data is compromised, will require encryption,” which examined updated rules the Federal Trade Commission is considering that would require financial institutions to report within 30 days any security incidents...
In The NewsLegal 500 2021 recognizes 17 Buckley attorneys in six practice areas
“While some firms will provide lengthy and expensive legal analysis, Buckley’s team relies on their depth and breadth of expertise to provide useful guidance from various team members quickly and efficiently,” a respondent told Legal 500, which ranked Buckley LLP as a top law firm and...
AnnouncementsElizabeth E. McGinn quoted in Bloomberg Law article, “New FTC leadership likely to put consumer privacy in crosshairs”
Elizabeth E. McGinn was quoted in a Bloomberg Law article, “New FTC leadership likely to put consumer privacy in crosshairs,” which examined how the agency will now approach privacy enforcement. “There were significant settlements related to data security issues under Trump, but we’re likely to see...
In The NewsLegal 500 2020 recognizes 21 Buckley attorneys in six practice areas
“Buckley attorneys are incredibly responsive while providing top quality legal services,” is how respondents described the firm in the 2020 edition of Legal 500, which ranked Buckley as a top law firm and recognized it in six categories:
- Corporate Investigations and White ...
Elizabeth E. McGinn extensively quoted in three-part series in Cybersecurity Law Report, “The Rise of Facial Recognition Technology”
Elizabeth E. McGinn was extensively quoted in a three-part series in Cybersecurity Law Report, “The Rise of Facial Recognition Technology,” which discussed the uses, risks, and legal framework governing FRT. McGinn noted “If a company experiences a breach and has biometric data customers residing...
In The NewsThe Legal 500 2019 recognizes 17 Buckley attorneys in five practice areas
The Legal 500 once again ranked Buckley as a top law firm and recognized it in five categories:
- Corporate Investigations and White Collar Criminal Defense: Corporate – Tier 4
- Corporate Investigations and White Collar Criminal Defense: Individuals – Tier 2 ...
Publications
"How Cos. can ease risk amid 'dark pattern' regulatory focus" by Elizabeth E. McGinn, Sherry-Maria Safchuk, and Melina W. Montellanos (Law360)
Federal and state regulators, legislators, and courts have increased their focus on dark patterns — web and mobile design elements that shepherd users to make decisions, often not in their best interest. To avoid consumer dissatisfaction, as well as legal and regulatory risk, companies should...
Articles"U.S., E.U. announce Trans-Atlantic data privacy framework: What companies can do now" by Elizabeth E. McGinn, Sasha Leonhardt, and Lauren Bomberger (CSLR)
The White House and European Commission in late March 2022 announced a new agreement in principle for trans-Atlantic data flows – the Trans-Atlantic Data Privacy Framework – that would replace the E.U.- U.S. Privacy Shield. The United States and European Union began negotiations on a new framework...
Articles"No end in sight: Biometrics litigation trends" by Elizabeth E. McGinn, Amanda R. Lawrence, Scott T. Sakiyama and Michael Rosenberg (CSLR)
Modern biometrics applications are myriad with more continually being developed. They allow users to unlock devices, make payments, detect theft, track time and much more. These applications are not overlooked by the plaintiffs’ bar. Since 2019, more than 1,000 class action lawsuits have been filed...
Articles"FTC updates data security expectations for nonbanks" by Elizabeth E. McGinn, Amanda R. Lawrence, Sherry-Maria Safchuk, Lauren Bomberger (Bloomberg Law)
Persistent cyberbreaches are compelling government responses to protect consumer data, particularly consumer financial information. Laws passed in California, Colorado, and Virginia are among the most influential at the state level, but federal regulators are also moving to implement additional...
Articles"Shedding light on dark patterns: What financial institutions need to know" by Elizabeth E. McGinn, Amanda R. Lawrence, and Sherry-Maria Safchuk (Cybersecurity Law Report)
Regulators, legislators and private litigants are increasingly looking at how companies attract and conduct business with consumers in online settings, and particularly whether these companies are designing user experiences to manipulate behavior in a way that can prove harmful to the consumer. The...
Articles"Empire state of privacy: Recent developments in New York’s privacy and cybersecurity laws" by Elizabeth E. McGinn, Amanda R. Lawrence, Sasha Leonhardt, and Magda Gathani (New York Law Journal)
New York over the past few years has steadily raised the bar on privacy and cybersecurity standards for commercial enterprises, and, along with the European Union and California, is increasingly seen as a pacesetter in this fast-developing area of law. Proposed legislation before its General...
Articles"Force majeure in the Covid era – What now?" by Elizabeth E. McGinn, Ryan S. Pollard, and Anthony Carral (Sports Litigation Alert)
The Covid-19 pandemic has significantly impacted all aspects of the global economy, and sports is among the many industries that moved quickly to minimize the disruption. Very early on, members of the sports industry scrambled to analyze their force majeure clauses as customers, vendors, and key...
Articles"Implementing the CCPA regulations: Are you ready?" by Amanda R. Lawrence, Elizabeth E. McGinn, and Sherry-Maria Safchuk (Cybersecurity Law Report)
The final regulations under the California Consumer Privacy Act, introduced by the California Attorney General last October, became effective on August 14, 2020. The AG has already implemented many of the changes suggested in the public comments, but there are still several open questions that...
Articles"Reopening well: Balancing employee privacy with employee safety" by Elizabeth E. McGinn, Amanda R. Lawrence, and James C. Chou (Corporate Compliance Insights)
Consumer privacy has been a key area of focus over the past several years, but as companies begin return-to-work operations, they discover that employee privacy looms large as well. Well-intentioned companies seeking to keep employees safe risk incurring penalties from a variety of agencies based...
Articles"Confusion surrounding the Privacy Shield rollback" by Amanda R. Lawrence, Elizabeth E. McGinn, and Magda Gathani
The Court of Justice of the European Union (CJEU) last month invalidated the EU-U.S. Privacy Shield, which over 5,000 companies have relied on as a legal mechanism of transferring data from the EU to the United States.
The European Data Protection Board (EDPB) did not provide a grace...
Buckley Commentary & Analysis"Adjusting information security for long-term telework" by Amanda R. Lawrence, Elizabeth E. McGinn, and James C. Chou (Bloomberg Law)
Amid a fast-moving pandemic in the spring of 2020, many companies were forced to adopt remote-work operations almost overnight to maintain critical business functions. This approach initially seemed like a temporary and imperfect solution to maintaining workforce safety while continuing essential...
Articles"Privacy and cybersecurity issues in 2020 – What to expect" by Amanda R. Lawrence, Elizabeth E. McGinn, and James C. Chou (Journal of Banking and Finance Law and Practice)
A steady drumbeat of data breaches and growing concern among consumers about how companies are using their personal information will keep regulators, policy-makers and private litigants focused on cybersecurity and privacy in 2020 and beyond. While Congress tentatively explores comprehensive...
Articles"Don’t let your shield down—FTC gets tough on EU-U.S. privacy shield framework" by Elizabeth E. McGinn and Magda Gathani (Bloomberg Law)
The Federal Trade Commission took more enforcement actions related to the EU-U.S. Privacy Shield Framework in 2019 and the beginning of 2020 than it did in the prior three years combined. The FTC also has alleged deception in many cases where there was no indication that any misrepresentations...
Articles"Wearables present new realm of legal risks for teams" by Elizabeth E. McGinn and John B. Williams, III (Sports Business Journal)
Reaching peak athletic performance is an increasingly scientific and quantitative pursuit, and professional sports franchises, which have tremendous financial and emotional motivation to be the best, are at the forefront in gathering as much data about their assets as possible. FitBits, Apple...
Articles"3 key areas where the NYDFS ups the ante on cybersecurity" by Elizabeth E. McGinn (Westlaw Journal)
On March 1, the two-year transitional period under the New York State Department of Financial Services’ “Cybersecurity Requirements for Financial Services Companies” regulation expired, making all requirements effective. The cybersecurity regulation marks a shift in the governance of cybersecurity...
Articles"Navigating today’s biometric landscape" by Elizabeth E. McGinn, Scott T. Sakiyama, Magda Gathani, and Garylene D. Javier (Cybersecurity Law Report)
Biometrics-based authentication of payments and other transactions has been on the rise for the past several years, promising unparalleled convenience and security for consumers. However, the distinctive nature of biometric features that confers its advantages is also the source of the technology’s...
Articles"FTC v. D-Link Systems and the internet of things" by Elizabeth E. McGinn, and John B. Williams (Westlaw)
As businesses expand the availability of internet-connected devices, Buckley Sandler LLP attorneys Elizabeth McGinn, John Williams and Christopher Walczyszyn address the Federal Trade Commission’s role in regulating and enforcing “internet of things” device security to protect consumers’ data...
Articles"The devil is in the details: LabMD imposes limitations on the FTC’s enforcement authority" by Elizabeth E. McGinn and Sasha Leonhardt, (Cybersecurity Law Report)
In the latest data security case with significant implications for all enforcement actions, the United States Court of Appeals for the Eleventh Circuit struck down a cease-and-desist order as impermissibly vague. By ruling against the FTC in its long-running and contentious dispute with LabMD, the...
Articles"‘Reasonable security’: A moving target" by Elizabeth E. McGinn (Cyber Security)
The concept of ‘reasonable security’ for personal information maintained by financial institutions began with the Gramm-Leach-Bliley Act (GLBA). On 12th November, 1999, Congress enacted GLBA, a landmark privacy and data security law which required the federal financial regulatory agencies to...
Articles“Social media in the current enforcement landscape,” by Elizabeth E. McGinn, John B. Williams, and Timothy Coley (Banking Exchange)
Perhaps no aspect of the internet has grown so broadly in the past decade as social media. From its infancy at sites like MySpace, Friendster, and “TheFacebook” (originally open only to students at select colleges), to the current industry leaders of Facebook (now open to all, and touting more than...
Articles"Practical considerations for litigating proportionality" by Elizabeth E. McGinn, Scott T. Sakiyama, and Brian W. Bartholomay (Law360)
After years of discussion regarding how the rules of discovery might be improved, amendments to the Federal Rules of Civil Procedure became effective on Dec. 1, 2015. One of the more prominent amendments involved FRCP 26(b)(1), which was updated to allow discovery of relevant, nonprivileged...
ArticlesElizabeth E. McGinn Authored a Bloomberg BNA Article, "Consumer Privacy Should Be Top-of-Mind for FinTech Firms to Avoid Scrutiny"
With many people underserved by traditional lending institutions, including the close to 45 million adults in the U.S. who the Consumer Financial Protection Bureau estimates are “credit invisible” or have had past credit challenges, emerging FinTech lenders and online lending platforms (FinTech...
ArticlesElizabeth E. McGinn Authored a Westlaw Journal Article, "Data Security Breach Litigation Post-Spokeo"
California enacted the nation’s first data security breach notification law 15 years ago. Following a few high-profile incidents in 2005, other states rapidly began enacting breach-notice requirements based largely on the California model. This proliferation of laws — and the constant news of...
ArticlesValidating the Validation Set
Predictive coding is becoming increasingly prevalent in fulfilling discovery obligations in litigation and in response to regulatory inquiries. As the process gains acceptance, parties, regulators and courts debate whether producing parties should be required to disclose documents and coding...
ArticlesGuarding Against Privilege Waiver in Federal Investigations
It has been well over a year since Judge Andrew Peck gently excoriated the legal community for underusing the not-so-new privilege waiver protections of Federal Rule of Evidence 502(d). He has fondly referred to it as the “Get Out of Jail Free Card” and offered that “it is akin to malpractice not...
ArticlesSpecial Alert: NYDFS Stakes Claim on Cybersecurity Regulation
On September 13, the New York Department of Financial Services (DFS) issued a proposed rule establishing cybersecurity requirements for financial services companies, and has thus ventured into new territory for state regulators. In the words of Governor Cuomo, “New York, the financial capital of...
ArticlesMortgage Industry Struggles to Avoid Vendor Management Land Mines
October 3, 2015, marked the official effective date of the long-anticipated, and widely dreaded, TILA-RESPA Integrated Disclosure (TRID) rule. Mortgage professionals have learned from a half-decade deluge of regulation that their TRID fate, along with almost every other aspect of the industry’s...
ArticlesData Risk in the Third-Party Ecosystem - Ponemon Survey Results
Data breaches are on the rise and the percentage of those data breaches caused by third-party relationships is also expected to rise. In our recent survey, “Data Risk in the Third-Party Ecosystem,” conducted by the Ponemon Institute, 49% of respondents indicated their company had experienced a data...
ArticlesSpecial Alert: CFPB Enters into First Consent Order with Online Payment Platform for Misrepresenting Data Security Practices
On March 2, the CFPB took action against an Iowa-based online payment platform and entered into a Consent Order for deceptive acts and practices relating to false representations regarding the company’s data security practices in violation of 1031(a) and 1036 (a)(1) of the Consumer Financial...
ArticlesConsumer Financial Services Answer Book 2016
The fifth edition of the Practising Law Institute’s Consumer Financial Services Answer Book was published this month, with 29 Buckley Sandler attorneys contributing to this leading desk reference. The 2016 edition of the Consumer Financial Services Answer Book continues to provide practitioners...
ArticlesSpecial Alert: Cross-Border Data Transfers Significantly Impacted by EU Court Decision Invalidating Adequacy of U.S.- EU Data Protection Safe Harbor Framework
On October 6, 2015, the Court of Justice of the European Union (CJEU) in Schrems v. Data Protection Commissioner (“Schrems”) declared “invalid” a decision of the European Commission that the United States-European Union Safe Harbor framework (Safe Harbor) provides adequate protection for personal...
ArticlesRegulators Turn Up Heat on Vendor Management
The vendor landscape for companies in the mortgage industry has shifted significantly in recent years. State and federal regulators have levied hefty and often unprecedented fines against a number of supervised institutions because of inadequate vendor-management policies and ineffective vendor...
ArticlesMortgage Industry Continues to Bear Brunt of CFPB Regulatory Burdens
In recent years, mortgage industry players have had to quickly adapt to the evolving regulatory environment. The latest scramble for mortgage lenders includes the downstream effects of pending rule changes related to disclosures required in implementing regulations of the Truth-in-Lending Act ("...
ArticlesSpotlight on Vendor Management: Mortgage Industry Continues to Bear Brunt of CFPB Regulatory Burdens
Mortgage industry players have had to adapt quickly in recent years to the evolving regulatory environment, and the latest scramble for mortgage lenders includes the various downstream effects of pending rule changes set to take effect on August 1, 2015, related to disclosures required under the...
ArticlesSpotlight on Vendor Management: "Brother's Keeper" Enforcement Pattern Becoming the Norm
Two regulatory enforcement matters announced in April offer a view into the current mindset of regulators in the ever-evolving world of vendor management. First, the Federal Communications Commission (FCC) announced a $25 million settlement with a telecommunications carrier related to the...
ArticlesSpotlight on Electronic Discovery: Challenges Presented by the Internet of Things
E-discovery is poised to enter a new revolution as the Internet of Things (“IoT”) continues its seemingly exponential growth. IoT is the ecosystem of interconnected sensory devices that perform coordinated, pre-programmed – and even learned – tasks without the need for continuous human input...
ArticlesTreading Beyond the Iota of Fear: eDiscovery of the Internet of Things
The first difficulty to preservation concerns the primary question of control of the cloud data, which is not unique to IoT. Businesses are investing billions into IoT not only because of their profit expectations from the one-time sale of an IoT device, but also from having unfettered access to...
ArticlesRegulatory Blue Pencil: CFPB Guidance, Enforcement Actions Signal Expanding Focus on Vendor Management
In April 2012, the Consumer Protection Financial Bureau (the ‘‘CFPB’’ or ‘‘Bureau’’) issued Bulletin 2012-03 (the ‘‘Service Provider Bulletin’’), a guidance document setting forth the CFPB’s high-level expectations related to the engagement of third party service providers by supervised financial...
ArticlesSpotlight on Vendor Management: Interpreting CFPB Guidance and Enforcement Actions
In April 2012, the Consumer Protection Financial Bureau issued Bulletin 2012-03, a guidance document setting forth the CFPB’s high-level expectations related to the engagement of third party service providers by supervised financial institutions. Since then, the Bureau has often referenced the...
ArticlesConsumer Financial Services Answer Book 2015
Buckley Sandler lawyers played a prominent role in the publication of this leading desk reference on consumer financial services, published by the Practising Law Institute. The 2015 edition of this publication continues to provide practitioners with a core understanding of the laws governing...
ArticlesComment: California Judge's Ruling in Adobe Case Resonates Across US Data-Security
Elizabeth E. McGinn was quoted in a Mlex article, "California Judge's Ruling in Adobe Case Resonates Across US Data-Security" on October 13, 2014.
ArticlesThe Board of Directors and Cybersecurity: Setting up the Right Structure
Because investments in cybersecurity do not generate revenue, they can be a hard sell. At the same time, such investments generally lead to significant cost savings and can help a company avoid the reputational damage associated with a successful attack. In addition to devoting attention to reports...
ArticlesTrust and Transparency in the Era of 'Bring Your Own Device'
Information, including proprietary business information and personally identifiable information, is one of a financial institution’s most precious assets, and protecting this asset is necessary to establishing and maintaining long-standing relationships between a financial institution and its...
ArticlesSpecial Alert: Federal Reserve Board Guidance on Managing Outsourcing Risks Mirrors Recent OCC Guidance
On December 5, 2013, the Federal Reserve Board (FRB or the Fed) issued Supervision and Regulation Letter 13-19 , which details and attaches the Fed’s Guidance on Managing Outsourcing Risk (FRB Guidance). The FRB Guidance sets forth risks arising out of the use of service providers and the...
ArticlesBitcoin, Banks & Billions: Regulatory and Compliance Implications of Bitcoin-Based Consumer Banking
With virtual currencies becoming a fixture of the global economy, it is critical that financial institutions understand these 21st century monetary tools. And, of all the virtual currencies emerging in the dynamic area of e-commerce, none more perfectly demonstrates the technical, regulatory and...
Articles
Awards and Recognitions
Awards & Recognitions
- Recognized in Legal 500: Technology - Cyber Law (Data Protection and Privacy) (2013-2022)
- Recognized in Irish Legal 100 (2018-2019)
Practice Areas
- Class Actions
- Complex Civil Litigation
- Consumer Finance
- Consumer Financial Protection Bureau
- E-discovery
- Enforcement Actions & Investigations
- Federal Trade Commission
- Fintech
- Military Lending
- Mortgages
- Privacy, Cyber Risk & Data Security
- State Attorneys General
- Student Lending
- Unfair, Deceptive, or Abusive Acts or Practices
- Vendor Management
Education
- J.D., American University, 2000 (cum laude)
- B.S., St. Lawrence University, 1990
Admissions
- District of Columbia
- Maryland
- New York
- U.S. District Court, District of Columbia
Government Service
- Law Clerk, Hon. P. Trevor Sharp, U.S. District Court, Middle District of North Carolina
Memberships & Involvements
- Member, ALI-CLE
- Member, Federal Bar Association
- CIPP/US-certified professional, International Association of Privacy Professionals
- Member, Irish Legal 100
- Member, Sedona Conference