Andrew B. Serwin

Andrew B. Serwin

Partner

San Diego, (858) 720-5134

Education

University of California, San Diego (B.A., 1992)
University of San Diego School of Law (J.D., 1995)

Bar Admissions

California
District of Columbia
New York

Global Co-chair of Morrison & Foerster’s market-leading Privacy + Data Security group, Andrew Serwin is an internationally-recognized practitioner and thought leader in the fields of privacy, cybersecurity, information governance, and information sharing.  Mr. Serwin offers clients the practical experience that comes from having counseled on many of the highest-profile privacy and cybersecurity matters of recent years, with the breadth of knowledge that comes from authoring the premier global treatise on privacy and cybersecurity.

With extensive business and leadership experience, Mr. Serwin understands his clients’ businesses, industries, and unique challenges. He has founded, advised, and served on the board of directors of many companies, particularly in the transformational technology and media sectors. He also holds advanced certifications in governance, including as a National Association of Corporate Directors (NACD) Governance Fellow and Carnegie Mellon University’s Computer Emergency Response Team (CERT) certification in cyber oversight.

Leading Privacy and Data Security Lawyer

Mr. Serwin is widely-regarded as one of the nation’s premier privacy and data security lawyers. He advises a number of Fortune 500 and emerging companies alike, with a particular emphasis on: international compliance; health privacy; mobile; behavioral advertising; the Electronic Communications Privacy Act and wiretap issues; electronic marketing concerns; social media; and compliance with FTC requirements. Mr. Serwin also handles some of the highest-profile data security incidents and privacy enforcement and litigation matters in the world.  His representations involve every aspect of breach preparedness and response, from drafting incident response plans and conducting tabletop exercises, to advising on consumer and state notices, responding to regulators, and defending companies in litigation relating to the incident. Mr. Serwin has served as lead counsel in a number of FTC matters, matters before the Office of Civil Rights, and state consumer protection and privacy litigation based on the alleged misuse of personal information, including class actions and enforcement matters brought by state attorneys general.

Chambers USA, Chambers Global, and The Legal 500 all recognize Mr. Serwin as leading lawyer in this space, with client sources describing him as a “rock star lawyer” and “a tireless worker, holding onto the ever-shifting puzzle pieces of the law in this area in a way that other privacy lawyers cannot.”  For his work in data protection and privacy, Mr. Serwin is an inaugural inductee into the 2017 Legal 500 Hall of Fame, which is comprised of outstanding U.S. lawyers who have been recommended as Legal 500 “Leading Lawyers” for the last six consecutive years. He was also recently named one of the Daily Journal’s “Top 100 Lawyers in California” for 2016, and a National Law Journal “2015 Cyber Security & Data Privacy Trailblazer,” recognizing the 50 people “who have helped make a difference in the fight against criminal cyber activity.”

Demonstrated Business Acumen and Executive Experience

Mr. Serwin serves as Chairman of the Board of Directors of the private sector, federally- funded National Cyber Forensic Training Alliance (NCFTA), an entity that functions as a forum for private industry, academia, and law enforcement, with a core mission to identify, mitigate, and neutralize cybercrime. In addition, he serves as an advisor to the Naval Postgraduate School’s Center for Asymmetric Warfare and is the CEO and Executive Director of the Lares Institute, a think tank focused on privacy, information superiority, and national security issues.

Prominent Thought Leader

Mr. Serwin is a noted public speaker and author, and the only law firm lawyer ever to be named to Security Magazine’s prestigious “25 Most Influential Industry Thought Leaders.”  He wrote the leading treatise on privacy and security, Information Security and Privacy: A Guide to Federal and State Law and Compliance and Information Security and Privacy: A Guide to International Law and Compliance (West 2006-2016), collectively a 5,500-page, three-volume treatise that examines all aspects of privacy and security laws, published by Thomson-West. The treatise has been called “the best privacy sourcebook,” “an indispensable resource for privacy professionals at all levels,” and “a book that everybody in the information privacy field should have on their desk.”  Mr. Serwin has published numerous other books and law review articles, and routinely authors client alerts on cutting-edge privacy and cybersecurity developments.

In the Matter of Spokeo, Inc.
Represented Spokeo, a data broker, in the first FTC matter alleging violations of the FCRA and Section 5, arising from the sale of Internet information, as well as an alleged violation of the endorsement guidelines.
In the Matter of CVS Caremark
Represented CVS Caremark before the FTC and the Office of Civil Rights in connection with a consent decree and resolution agreement arising from allegations related to information security.
In the Matter of Playdom, Inc., a subsidiary of Disney Enterprises, Inc.
Represented company before the FTC in an investigation alleging a violation of COPPA and Section 5.
In the Matter of MySpace, Inc.
Represents company before the FTC in connection with a consent decree arising from an alleged violation of Section 5 based upon information privacy concerns.
TrafficSchool.com, Inc. v. EDriver Inc.
653 F.3d 820, 2011 WL 3198226 (9th Cir. 2011). Represented appellants in a case involving First Amendment and Lanham Act issues. Obtained appellate decision ordering reconsideration of a permanent injunction on First Amendment grounds that ultimately resulted in the vacation of a permanent injunction that mandated a “splash page” on a website.
Pulte Homes, Inc. v. Laborers‘ International Union of America
648 F.3d 295 (6th Cir. 2011). Obtained reversal of district court ruling that a union’s alleged misuse of phone system and emails did not state a claim for violation of the Computer Fraud and Abuse Act (CFAA).
Represent numerous clients in investigations related to information security by the OCR, the Office of the Inspector General, and state attorneys general.
Blue Cross of California Website Security Cases.
Represented the defendants in a series of consolidated class actions arising from an alleged data security incident.
People of the State of New York v. Synergy 6, Inc., et al.
Represented two of the defendants in an action brought by Eliot Spitzer arising out of the alleged improper sending of commercial emails. The case sought $20,000,000 in civil penalties and was ultimately resolved for $50,000.
Represented a Fortune 20 company in a multistate attorney general investigation arising out of false claims allegations.
Smith v. Trusted Universal Standards in Electronic Transactions, Inc.
2010 WL 1799456 (D.N.J., 2010). Obtained dismissal of privacy litigation based upon allegations of wiretapping.
Yahoo, Inc. v. XYZ Companies
Represented Yahoo in a matter based upon allegations of trademark infringement, spamming, and deceptive claims regarding online lotteries.
Stone v. Howard Johnson International, Inc
Representing the defendant in a class action based upon allegations of wiretapping.
Mirkarimi v. Great Lakes Higher Education Corporation
Representing the defendant in a class action based upon allegations of the improper recording of telephone calls.  Case was voluntarily dismissed.
Davis v. Carbonite, Inc
Represented Carbonite in a putative class action arising from data loss allegations. The matter settled on confidential terms and was dismissed, with prejudice, before class certification.
Raymond James Financial Services, Inc. v. Otteman
Represented Raymond James in an action alleging the improper use and disclosure of sensitive information on the Internet, and obtained a temporary restraining order (TRO) enjoining the defendant from disclosing information, and requiring the destruction of the information.
Welsh v. Acxiom Corporation
Represented Acxiom in a matter alleging unfair competition, trade secret violations, and interference torts.
People of the State of California v. American Home Craft, Inc., et al.
Represented the defendants in an action brought by the California attorney general alleging a violation of the federal Do-Not-Call Act and California’s Unfair Competition Law (UCL).

Chambers USA

2016 – Band 2, Nationwide Privacy & Data Security
“The ‘very practical’ Andrew Serwin has a broad practice, advising clients on a wide range of global regulatory privacy issues, as well as technology transactions and healthcare matters. Sources also single out his abilities in disputes, especially class actions, with one peer describing him as a ‘superb litigator.’

2015 – Band 2, Nationwide Privacy & Data Security
“Extremely well-regarded’
practitioner Andrew Serwin is a ‘rock star lawyer’ with a broad practice. He advises on healthcare matters, FTC compliance and enforcement and wiretapping issues, and has significant breach incident experience.”

2014 – Band 2, Nationwide Privacy & Data Security
“Andrew Serwin is a go-to on healthcare issues and also regularly advises on enforcement matters before the FTC. ‘He is very savvy when dealing with regulatory bodies’ and attracts praise from sources for being ‘very good on international issues.’

2013 – Band 2, Nationwide Privacy & Data Security
“Serwin is commended for the strength of his practice. Work highlights…include acting on behalf of Spokeo in an FTC matter alleging improprieties following the sale of internet information, and leading in the aforementioned matter for Wyndham Worldwide.”

2012 – Band 2, Nationwide Privacy & Data Security
“Andrew Serwin attracts praise for his consultative and strategic approach to complex matters.”


Chambers Global

2016 – Band 2, USA Privacy & Data Security
“Extremely well-regarded’ practitioner Andrew Serwin is a ‘rock star lawyer’ with a broad practice. He advises on healthcare matters, FTC compliance and enforcement and wiretapping issues, and has significant breach incident experience.”

2015 – Band 2, USA Privacy & Data Security
“Andrew Serwin is a go-to on healthcare issues and also regularly advises on enforcement matters before the Federal Trade Commission. ‘He is very savvy when dealing with regulatory bodies’ and attracts praise from sources for being ‘very good on international issues.’

2014 – Band 2, USA Privacy & Data Security
“[Mr. Serwin] is commended for the strength of his practice. Work highlights… include acting on behalf of Spokeo in an FTC matter alleging improprieties following the sale of internet information, and leading in a matter for Wyndham Worldwide.”


The Legal 500 U.S.

2017 – Legal 500 Hall of Fame
Mr. Serwin is an inaugural inductee into the Legal 500 2017 Hall of Fame, which is comprised of outstanding U.S. lawyers who have been recommended as Legal 500 “Leading Lawyers” for the last six consecutive years.

2016 – Leading Lawyer, Media, Technology and Telecoms: Data Protection and Privacy
“Andrew Serwin in San Diego and Miriam Wugmeister in New York have strengths in cybersecurity and privacy class actions respectively.”

2016 – Recommended, Media, Technology and Telecoms: Cyber Crime
“commended for…‘sensible privacy program counseling, and data breach expertise in both domestic and international matters’

2015 – Leading Lawyer, Media, Technology and Telecoms: Data Protection and Privacy
“[Mr. Serwin is] an expert in cybersecurity with a nuanced, valuable perspective on this topic.”

2015 – Mentioned, Media, Technology and Telecoms: Cyber Crime
“[Mr. Serwin is] advising a number of Fortune 500 companies on global privacy compliance…and provided lead counsel to Target after it experienced one of the biggest data breaches in recent history, involving the theft of personal and credit card information of up to 70 million individuals.”

2014 – Leading Lawyer, Media, Technology and Telecoms: Data Protection and Privacy
“[Mr. Serwin is]…advising various companies on their cybersecurity policies and responses to data security breaches as well as compliance with existing and new obligations”

2014 – Recommended, Media, Technology and Telecoms: Marketing and Advertising
“Cyber security specialist.”


National Law Journal

2015 – Cyber Security & Data Privacy Trailblazer
Recognizing the 50 people “who have helped make a difference in the fight against criminal cyber activity.”


Daily Journal

2016 – Top 100 Lawyers in California


Computerworld

2011 – Top Global Privacy Advisors
Ranked second.


Security Magazine

2009 – 25 Most Influential Industry Thought Leaders
The only law firm lawyer ever to be named to this prestigious list.


Best Lawyers in America

2010–2017 – Featured, Information Technology Law
“[Mr. Serwin is] one of the top privacy lawyers able to focus not only on the complexity of the laws in the United States, but also globally, including European data protection laws and the APEC privacy framework.”


San Diego SuperLawyers

2007–2017 – Featured
Ranked in the top 50 lawyers of 2012.

Email Disclaimer

Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

©1996-2017 Morrison & Foerster LLP. All rights reserved.