Skip to main content

Cyber Security After Sony: Practice Points and Risk Mitigation Strategies


Speaker(s): Katherine S. Ritchey, Michael G. Morgan
Recorded on: Feb. 18, 2015
PLI Program #: 133793

Michael G. Morgan represents clients in class actions, litigation and other matters involving cybersecurity, privacy, and protection of consumer and business data. He is co-leader of the Firm’s Privacy and Data Protection practice.

With more than 20 years’ experience in data security and privacy matters, Michael advises clients on cyber incident preparation, prevention and response; compliance with US and EU laws and regulations; completion of enterprise-wide cybersecurity assessments; and data security policies and best practices. He has particular experience in advising clients on large-scale data breaches, including those involving more than 50 million consumer records, both in the US and in dozens of countries around the world.

Michael is a seasoned trial lawyer who has first-chaired numerous jury and bench trials and has resolved scores of cases through mediation and other forms of Alternative Dispute Resolution. He has deep experience in the defense of consumer class actions and government investigations by the FTC, CFPB, FCC, and state attorneys general relating to data security and privacy. Before joining his prior firm, Michael was vice president and general counsel of Epic Cycle, a web app development company.

Michael is a Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals (IAPP).

Core Capabilities

Regional Markets


Katherine Ritchey represents domestic and foreign entities in a broad range of commercial litigation involving unfair business practices, commercial disputes, contract claims, fraud, misrepresentation, unfair business practice, banking, real estate, insurance, and licensing.

Katherine also represents clients on privacy, data security, and cybersecurity issues, including privacy class actions and enforcement matters; data breach response, including forensic investigations, coordination with law enforcement, and breach notification; and advice on global privacy and data security compliance issues, company and board responsibilities and best practices, and vendor management. Katherine is a Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals (IAPP), and is on the faculty of IAPP.

In addition, she has extensive experience with ERISA disputes, including Department of Labor investigations, fiduciary cases, and single plaintiff and class action benefits cases.

Katherine has litigated matters in federal courts around the country and in state courts throughout California, as well as the California Public Utilities Commission. She has supervised all phases of litigation, has tried cases in federal and state courts, and has argued before the Ninth Circuit Court of Appeals and California Court of Appeal. Katherine also has extensive experience with alternative dispute resolution, including mediation and arbitration. She serves on the Northern District of California's mediator panel.

Katherine is a member of the Bar Association of San Francisco's Litigation Executive Committee, and is chair of the Justice & Diversity Center Leadership Council.

Education

University of California, Hastings College of the Law (J.D. cum laude; Order of the Coif; Hastings Law Journal; Thurston Honor Society); University of California, Berkeley (B.A. in Economics with honors and B.A. in Political Science with honors)

Bar Admissions

California

Areas of Focus

  • Financial Institutions Litigation & Regulation
  • Privacy & Data Security
  • Global Disputes
  • Business and Tort Litigation (USA)
  • ERISA & Other Employee Benefits Litigation
Honors & Distinctions

2010 PAR Flex Success Award from the Project for Attorney RetentionHonor Society); University of California, Berkeley (B.A. in Economics with honors and B.A. in Political Science with honors)