Andrew Serwin is an internationally recognized thought leader in the fields of privacy, cybersecurity, information governance, and information sharing. As co-chair of Morrison & Foerster’s market-leading Global Privacy and Data Security Group, he provides global advice to a number of emerging and Fortune 500 companies, and handles some of the highest-profile data security incidents and privacy enforcement and litigation matters. He has a unique understanding of cybersecurity through his role in several organizations. Mr. Serwin serves on the Board of Directors of the private sector of the federally funded National Cyber Forensic Training Alliance (NCFTA), an entity that functions as a conduit between private industry and law enforcement, with a core mission to identify, mitigate and neutralize cybercrime. In addition, he serves as an advisor to the Naval Postgraduate School’s Center for Asymmetric Warfare, and is the CEO and Executive Director of the Lares Institute, a think-tank focused on privacy, information superiority, and national security issues.
Mr. Serwin provides global regulatory advice regarding privacy, security, and technology transactions, with particular emphasis on: international compliance; health care; security incidents; forensic investigations; remediation of security issues; government requests for information; COPPA; CAN-SPAM; mobile; behavioral advertising; ECPA and wiretap issues; electronic marketing concerns; social media; HIPAA; and compliance with FTC requirements. He has provided advice to companies in a diverse set of industries, including: technology; social media; financial services; health; retail; data brokers; online businesses; hospitality; utilities; and insurance. Mr. Serwin also has extensive global enforcement experience, having handled numerous high-profile enforcement matters. He also frequently represents companies in consumer protection and privacy litigation matters.
Mr. Serwin was the only law firm lawyer ever to be named to Security Magazine's prestigious “25 Most Influential Industry Thought Leaders.” He was also ranked second in the most-recent Computerworld survey of top global privacy advisors. He is also recognized by Chambers USA and Chambers Global as one of the top privacy and data security attorneys. Chambers USA 2013 notes that Mr. Serwin “attracts praise for his consultative and strategic approach to complex matters.” He was described by clients as “a tireless worker, holding onto the ever-shifting puzzle pieces of the law in this area in a way that other privacy lawyers cannot,” and noted as “an excellent privacy lawyer, a real expert in the field,” by Chambers Global 2012. The Legal 500 has recognized him as a Leading Lawyer in data protection and privacy, and clients stated that he “understands business concerns and provides practical, to-the-point advice.” He was selected for inclusion in the San Diego Super Lawyers lists (2007–2013), including being ranked in the Top 50 lawyers of 2012. Mr. Serwin was selected by his peers for inclusion in Best Lawyers in America in the field of information technology law (2010–2016), where he was noted to be “one of the top privacy lawyers able to focus not only on the complexity of the laws in the United States, but also globally, including European data protection laws and the APEC privacy framework.”
Mr. Serwin is a noted public speaker and author, and has written the leading treatise on privacy and security, “Information Security and Privacy: A Guide to Federal and State Law and Compliance,” and “Information Security and Privacy: A Guide to International Law and Compliance,” (West 2006-2013), collectively a 5,000-page, three-volume global treatise that examines all aspects of privacy and security laws, published by Thomson-Reuters. The treatise has been called “the best privacy sourcebook,” “an indispensable resource for privacy professionals at all levels” and “a book that everybody in the information privacy field should have on their desk.” He is also the author of numerous other books, as well as several leading law review articles on privacy, the Federal Trade Commission, and privacy litigation.
In the Matter of Spokeo, Inc.
Represented Spokeo, a data broker, in the first FTC matter alleging violations of the FCRA and Section 5, arising from the sale of Internet information, as well as an alleged violation of the endorsement guidelines.
In the Matter of CVS Caremark
Represented CVS/Caremark before the FTC and the Office of Civil Rights in connection with a consent decree and resolution agreement arising from allegations related to information security.
In the Matter of Playdom, Inc., a subsidiary of Disney Enterprises, Inc.
Represented company before the FTC in an investigation alleging a violation of COPPA and Section 5.
In the Matter of MySpace, Inc.
Represents company before the FTC in connection with a consent decree arising from an alleged violation of Section 5 based upon information privacy concerns.
TrafficSchool.com, Inc. v. EDriver Inc.
653 F.3d 820, 2011 WL 3198226 (9th Cir. 2011). Represented appellants in a case involving First Amendment and Lanham Act issues. Obtained appellate decision ordering reconsideration of a permanent injunction on First Amendment grounds that ultimately resulted in the vacation of a permanent injunction that mandated a “splash page” on a website.
Pulte Homes, Inc. v. Laborers; International Union of America
648 F.3d 295 (6th Cir. 2011). Obtained reversal of district court ruling that a union’s alleged misuse of phone system and emails did not state a claim for violation of the Computer Fraud and Abuse Act (CFAA).
Represent numerous clients in investigations related to information security by the OCR, the Office of the Inspector General, and state attorneys general.
Blue Cross of California Website Security Cases. Represented the defendants in a series of consolidated class actions arising from an alleged data security incident.
People of the State of New York v. Synergy 6, Inc., et al.
Represented two of the defendants in an action brought by Eliot Spitzer arising out of the alleged improper sending of commercial emails. The case sought $20,000,000 in civil penalties and was ultimately resolved for $50,000.
Represented a Fortune 20 company in a multistate attorney general investigation arising out of false claims allegations.
Smith v. Trusted Universal Standards In Electronic Transactions, Inc.
2010 WL 1799456 (D.N.J., 2010). Obtained dismissal of privacy litigation based upon allegations of wiretapping.
Yahoo!, Inc. v. XYZ Companies
Represented Yahoo! in a matter based upon allegations of trademark infringement, spamming, and deceptive claims regarding online lotteries.
Stone v. Howard Johnson International, Inc.
Representing the defendant in a class action based upon allegations of wiretapping.
Mirkarimi v. Great Lakes Higher Education Corporation
Representing the defendant in a class action based upon allegations of the improper recording of telephone calls.
Davis v. Carbonite, Inc.
Represented Carbonite in a putative class action arising from data loss allegations. The matter settled on confidential terms and was dismissed, with prejudice, before class certification.
Raymond James Financial Services, Inc. v. Otteman
Represented Raymond James in an action alleging the improper use and disclosure of sensitive information on the Internet, and obtained a temporary restraining order (TRO) enjoining the defendant from disclosing information and requiring the destruction of the information.
Welsh v. Acxiom Corporation
Represented Acxiom in a matter alleging unfair competition, trade secret violations, and interference torts.
People of the State of California v. American Home Craft, Inc., et al.
Represented the defendants in an action brought by the California attorney general alleging a violation of the federal Do-Not-Call Act and California's Unfair Competition Law (UCL).