Alan Charles Raul
ALAN RAUL is the founder and leader of Sidley’s highly ranked Privacy, Data Security and Information Law practice. He represents companies on federal, state and international privacy and cybersecurity issues, including global data protection and compliance programs, data breaches, consumer protection issues and Internet law. Alan advises companies regarding their cybersecurity and information governance and preparedness, and helps them address crisis management for data security incidents. Alan’s practice involves litigation and counseling regarding consumer class actions and investigations, enforcement actions and policy development by the FTC, State Attorneys General, SEC, Department of Justice and other government agencies.
Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.
Alan serves as a member of the Data Security, Privacy, and Intellectual Property Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves ex officio on the American Bar Association’s Cybersecurity Legal Task Force by past appointment of the ABA President, and as a member of the Practicing Law Institute’s (PLI) Privacy Law Advisors Group.
Alan has represented a Special Cybersecurity Review Committee of the Board of Directors of a major tech company in connection with its independent investigation of the company’s handling of major data breaches. The following representative types of matters are also illustrative of the breadth of Alan’s practice:
- Privacy and cybersecurity litigation, data breach incidents, regulatory investigations and compliance counseling.
- International data protection compliance programs and cross-border transfers.
- FTC and State Attorney General investigations involving consumer protection, privacy, data security and unfair or deceptive business practices.
- SEC, DOJ, Congressional and Inspector General investigations.
- Cybersecurity, government information requests and national security issues.
- Internet litigation and counseling under Electronic Communications Privacy Act and the Computer Fraud and Abuse Act.
- Administrative Procedure Act litigation, regulatory advocacy and counseling.
In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described Alan as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” He has been named as a leading international Internet and E-Commerce Lawyer in Who’s Who Legal. Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. In 2016, the Washingtonian named Alan one of Washington, DC’s Best Lawyers: Cybersecurity.
In 1991, Alan co-founded the “Lawyers Have Heart” 10K run and walk, to benefit the American Heart Association. He continues his active involvement with the event.
Privacy; Data Security; Consumer Protection; FTC/State AGs; Internet; eCommerce
- Levandowski, et al. v. Gannett Satellite Information Network, Inc. (E. D. Mich. 2016). –
represented the defendant in a proposed class action alleging violations of the Michigan Video Rental Privacy Act. Sidley obtained a dismissal of all claims prior to discovery.
- Rousset v. AT&T Inc., and Yahoo Inc. (W.D. Texas 2015) – represented AT&T regarding communications privacy.
- In re: RadioShack Corp. (Bankruptcy Ct. D. Del. 2015) – represented AT&T in connection with protecting customer data in bankruptcy sale.
- CTIA v. City of New York (Sup. Ct. NY 2014) – represented a CTIA member wireless carrier to protect access to customer data.
- Silha, et al. v. ACT, Inc., et al., (N.D. IL 2014; 7th Cir. 2015) – represented defendants in privacy class action lawsuit alleging defendants sold personal information obtained from college entrance exam takers. (Sidley obtained complete dismissal, which was affirmed on appeal).
- In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corporation (SDNY 2014) – filed amicus brief and presented oral argument on behalf of AT&T Corp. in support of Microsoft; brief argued that search warrant may not be executed for data stored on foreign-based servers absent a substantial nexus with the U.S.
- Kelley v. Federal Bureau of Investigation, et al., (DDC 2013) – privacy litigation (Privacy Act, US Constitution, state privacy torts); prevailed on motion to dismiss in litigation representing individual plaintiffs alleging privacy rights violations.
- In re: Google Inc. Cookie Placement Consumer Privacy Litigation (MDL D. Del. 2013) – privacy litigation (ECPA, SCA, CFAA); filed as a class action; representing an Internet advertising company defendant.
- Addison Automatics, Inc. v. The RTC Group, Inc., (N.D. IL 2013) – privacy litigation involving alleged unsolicited faxed advertisements (TCPA); filed as a class action; representing a defendant technology company.
- Verzani v. Costco Wholesale Corp. (2d Cir. and SDNY 2011) – consumer protection action; filed as a class action; represented defendant.
- One Stella Maris Corp. v. SeamlessWeb Professional Solutions LLC et al., (NY Sup. Ct 2011) – consumer fraud, unfair business practice, and contract claims filed as a class action; Sidley represented an Internet company/eCommerce defendant.
- FCC v. AT&T Inc. (U.S. 2011) – Amicus brief in FOIA case supporting AT&T; represented trade association (Business Roundtable).
- Randolph v. ING Life Ins. and Annuity Co. (D.D.C. and DC Super. Ct 2007) – privacy and data breach litigation; filed as a class action; represented financial company defendant.
- AMANDA OBNEY, et al. TACO BELL CORPORATION, (S.D. CA 2011) – represented defendant in purported class action claiming consumer advertising disclosures were false and misleading (plaintiffs withdrew complaint following motion to dismiss).
- AT&T Corp. v. 2PrePaid Inc., (M.D. Fla. 2006) – Internet and eCommerce injunction; represented plaintiff in a copyright and IP infringement action.
- Metro-Goldwyn-Mayer Studios Inc., et al. v. Grokster, Ltd. et al., (U.S. 2005) – Amicus brief in support of copyright holders filed on behalf of Americans for Tax Reform in Support of Petitioners.
- Retail Servs. v. Freebies Pub. (4th Cir. and ED VA 2004) – Lanham Act and Anticybersquatting Consumer Protection Act (ACPA); represented plaintiff seeking declaration that use of the term “freebie” in domain name did not infringe defendants’ registered trademark, and that the term “freebies” was generic and not protectable as a trademark.
- AT&T v. Sprint (SDNY 2004); represented plaintiff in unfair competition, trademark infringement and Anticybersquatting Consumer Protection Act litigation.
- In re Pharmatrak, Inc. Privacy Litigation (D. MA and 1st Cir. 2003) – privacy litigation (ECPA, SCA, CFAA); filed as class action; represented pharmaceutical company defendant.
- Physicians Interactive v. Lathian Systems Inc., et al., (E.D. VA 2003) – Privacy and computer fraud litigation involving alleged hacking, unauthorized use of customer information and theft of trade secrets; Sidley obtained TRO and injunctive relief against competitor that hacked client’s website.
- AT&T Corp. v. ATT&T, Inc., (D. Del. 2002) – Litigation regarding use of infringing mark; Sidley obtained TRO and summary judgment under Anticybersquatting Consumer Protection Act (ACPA).
- AT&T Corp. v. AT-T.COM (E.D. VA 2002) – Sidley obtained transfer of infringing domain name, and order disabling associated IP address under ACPA.
Government Litigation: False Claims Act; Administrative Law, Regulatory Enforcement, International Arbitration
- U.S. ex rel. Steven Mateski v. Raytheon Co. (C.D. CA and 9th Cir.) – represent defendant in False Claims Act (FCA) litigation.
- Duke Energy International Peru Investments No. 1 Ltd. v. Republic of Peru (ICSID 2011) – international arbitration involving investment dispute over energy sector privatization; represented foreign sovereign (Peru).
- Tyson Foods, Inc. v. U.S. Department of Agriculture (DDC 2008) – regulatory litigation; represented plaintiff seeking to enjoin USDA.
Alan’s government service is extensive. He served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, a panel established by the legislation implementing the recommendations of the 9/11 Commission, from March 2006 through January 2008. Alan was appointed to this part-time position by President George W. Bush following confirmation by the United States Senate. The Board advises the President and heads of Executive departments and agencies, and reports to Congress, to ensure that privacy and civil liberties are appropriately considered in the development and implementation of laws, regulations and Executive branch policies related to efforts to protect the Nation against terrorism. In a December 2001 article in the Los Angeles Times, he had recommended the creation of a similar council to advise the President on the civil liberties implications of anti-terrorism measures. More recently, Alan has published pieces in the Washington Post, New York Times, and The Hill exhorting the President and Congress to re-invigorate the Privacy Board.
Alan also served in the White House as Associate Counsel to the President (1986-1988). During his tenure as Associate Counsel to President Ronald Reagan, Alan represented the White House in connection with the Iran-Contra investigations. He subsequently served as General Counsel of the Office of Management and Budget in the Executive Office of the President (1988–1989), and then was appointed by President George H. W. Bush, with Senate confirmation, as General Counsel of the U.S. Department of Agriculture (1989–1993).
Alan is a frequent author and speaker on privacy and related issues. He is the editor and contributing author of The Privacy, Data Protection and Cybersecurity Law Review (Law Business Research Ltd. 1st ed. November 2014, 2nd ed. November 2015 and 3rd ed. December 2016), co-author of Administrative Law of the European Union: Oversight (ABA 2008), and author of Privacy and the Digital State: Balancing Public Information and Personal Privacy (Kluwer Academic Publishers 2001). He has appeared frequently as a legal commentator on television and radio, and testifies before Congress on various issues.
Alan also writes and speaks regularly on Internet and information law topics, “junk science,” and federal regulatory policy, as well as on constitutional, political and social issues. He has published numerous articles in legal periodicals, as well as pieces in the Wall Street Journal, Washington Post, Los Angeles Times, New York Times, Washington Times, Politico, The Hill and various Bloomberg BNA publications. He is the lead author of “Regulatory Daubert: A Proposal to Enhance Judicial Review of Agency Science by Incorporating Daubert Principles into Administrative Law,” in the Journal of Law and Contemporary Problems (Fall 2003).
- Editor of The Privacy, Data Protection and Cybersecurity Law Review Third Edition, and Author of the “Global Overview” chapter and Co-author of chapters “European Union Overview,” “APEC Overview,” and “United States” (December 2016)
- Editor of The Privacy, Data Protection and Cybersecurity Law Review Second Edition, and Author of the “Global Overview” chapter and Co-author of chapters “European Union Overview,” “APEC Overview,” and “United States” (November 2015)
- Editor of The Privacy, Data Protection and Cybersecurity Law Review First Edition, and Author of Preface and Co-author of Chapters “European Union Overview,” “APEC Overview,” and “United States” (November 2014)
- “Cybersecurity for Law Firms,” Chapter in The ABA Cybersecurity Handbook (ABA Cybersecurity Legal Task Force 2013) (with Jonathan P. Adams)
- Administrative Law of the European Union: Oversight (Peter L. Lindseth, Alfred C. Aman and Alan C. Raul: George Bermann, et al., series eds.; ABA Publishing 2008.
- Privacy and the Digital State: Balancing Public Information and Personal Privacy (Kluwer 2001).
- “Privacy and Data Protection in the United States,” Chapter in The Debate on Privacy and Security Over the Network: Regulation and Markets (Fundacion Telefonica 2012)
- “New NACD Cyber-Risk Handbook of Critical Board Oversight Duties,” Bloomberg Law (February 2017) (with Colleen Theresa Brown and Dean C. Forbes)
- “Cybersecurity: M&A Due Diligence and Protecting Privilege,” in Sidley Perspectives on M&A and Corporate Governance (February 2017) (with G. Gerstman and G. Malhotra)
- “2016 Year in Review and 2017 Preview: Top Ten for Data Protection and Privacy,” in Data Matters (January 31, 2017) (with C. Kerry, C. Brown and F. Faircloth)
- “Fate Unclear for Obama Administration Cyber Sanctions,” in Data Matters (January 25, 2017) (with E. McNicholas, A. Shoyer and J. Remy)
- “The Economic Case for Preserving PPD-28 and Privacy Shield,” in Lawfare (January 17, 2017) (with C. Kerry)
- “New York State Department of Financial Services Proposes Regulations Imposing Detailed Cybersecurity Rules on Insurance, Banking and Other Licensed Financial Institutions,” in Data Matters (September 19, 2016) (with C. McHugh, A. Holland, E. McNicholas, C. Friesen and C. Brown)
- “Despite Lenient View of Standing, Appellate Court Dismisses “Clearly Meritless” Case on 12(b)(6) Grounds Not Considered by the District Court; Lessons Abound,” in Data Matters (August 29, 2016)
- “2nd Circ. Microsoft Ruling: A Plea For Congressional Action,” in Law360 (August 1, 2016) (with K. Akowuah)
- “Data Security & Cybercrime in the USA,” in Lexology Navigator (July 2016) (with C. Brown, E. McNicholas and A. Spencer)
- “Supreme Court to Ninth Circuit in Spokeo—Get ‘Real’ on Injury,” in Bloomberg BNA: Privacy and Security Law Report (May 23, 2016)
- “The EU-U.S. Privacy Shield Is a Victory for Common Sense and Transatlantic Good Will,” in Council on Foreign Relations (March 1, 2016)
- “A Comparison of the Legal Orders for Privacy and Data Protection in the European Union and United States,” in Essentially Equivalent (January 25, 2016)
- “Top 10 Privacy Issues To Watch This Year,” in Law360 (January 7, 2016) (with C. Brown, C. Kerry, E. McNicholas and A. Spencer)
- “The Government Has Protected Your Security and Privacy Better Than You Think,” in The Washington Post (November 23, 2015)
- “Cybersecurity and Government “Help” – Engaging with DOJ, DHS, FBI, Secret Service, and Regulators—Part II,” in Pratt's Privacy & Cybersecurity Law Report Vol 1. No. 3 (November/December 2015) (with T. Manoranjan)
- “Cybersecurity and Government “Help” – Engaging with DOJ, DHS, FBI, Secret Service, and Regulators—Part I,” in Pratt's Privacy & Cybersecurity Law Report Vol 1. No. 2 (October 2015) (with T. Manoranjan)
- “Europe Needlessly Endangers Its U.S. Digital Links,” in The Wall Street Journal (October 25, 2015)
- “The U.S. Government Largely Has Itself to Blame for the EU Court’s Safe Harbor Decision,” in Council on Foreign Relations (October 8, 2015)
- ““Insider Threat” Cybersecurity and Privacy Best Practices,” in Information Law Journal (Autumn 2015)
- “Certifying Cloud Compliance: A New International Standard (ISO/IEC 27018),” in BNA's Daily Report for Executives (February 2015) (with C. Kerry)
- “Cyberdefense Is a Government Responsibility,” in The Wall Street Journal (January 2015)
- “Principles for Effective Cybersecurity Regulatory Guidance,” SIFMA Report (October 2014) (prepared for SIFMA with C. Northouse)
- “Cybersecurity - Insider Threat Best Practices Guide,” SIFMA Report (July 2014) (prepared for SIFMA with M. Rozen)
- “European Court of Justice Finds 'Right to Be Forgotten' and Compels Google to Remove Links to Lawful Information,” in NY Business Law Journal, (Summer 2014) (with W. Long, E. McNicholas and G. Scali)
- “Don't Throw the Big Data Out With the Bath Water,” Politico (April 29, 2014)
- “Spying on Foreigners Needs Controls; Failing to see the benefits to the U.S. of extending some privacy protections to foreigners is shortsighted,” in The Wall Street Journal (January 31, 2014)
- “After NSA Revelations, a Privacy Czar is Needed,” in The Washington Post (September 22, 2013)
- “Lost and Found in Cyberspace,” in The Hill’s Congress Blog (April 5, 2013)
- “What Firms Need to Know About U.S. and EU Moves to Tackle Cybersecurity,” in BNA (February 22, 2013) (with M. Haarburger)
- “For Republicans, Less Purity and More Reality,” in The Washington Post (November 8, 2012)
- “Break the Impasse on Cybersecurity,” in The Hill’s Congress Blog (June 11, 2012)
- “Going American on Privacy,” in The Daily Caller (April 13, 2012)
- “U.S., EU Offer Guidance on Due Diligence for Cloud Computing Arrangements,” in BNA’s Daily Report for Executives (August 16, 2012) (with E. McNicholas)
- “CFPB Lacks Constitutional Checks and Balances,” in The Hill’s Congress Blog (January 25, 2012)
- “Scoffing at Privacy Law,” in The Hill’s Congress Blog (July 11, 2011)
- “Obama Review of Regulatory Burden to Be Weighed in Cost-Benefit Analysis,” in BNA’s Daily Report for Executives (February 9, 2011)
- "European Shift to Concrete Cost Analysis of Data Protection,” in Privacy & Security Law (March 14, 2011) (with J. Casanova, E. McNicholas, and W. Long)
- “Real Harmony in Cloud Computing Between U.S., EU Closer Than You Think,” in BNA’s Daily Report for Executives (July 26, 2011)
- “New Momentum for U.S. Privacy Legislation with Introduction of Major Bills in Both House and Senate,” in BNA Insights (July 26, 2011)
- “Obama’s Regulatory Powers,” in Politico (August 8, 2011)
- “Preventing Digital Trade War in the Cloud; New International Data-Sharing Barriers Would Deepen Global Economic Gloom,” in The Washington Times (October 31, 2011)
- “First Look: Leaked Draft of New EU Data Protection Regulation Suggests Significant Impacts for Global Businesses,” in BNA (December 12, 2011) (with J. Casanova, E. McNicholas and W. Long)
- “Time to Revive Privacy Board to Protect Civil Liberties,” in The New York Times (November 22, 2010)
- “SEC Sanctions Broker-Dealer/Investment Advisor for Willfully Failing to Safeguard Customers’ Personal Data,” in Privacy & Data Security Law Journal (January 2009) (with E. McNicholas)
- “Assessing the EU Working Party’s Guidance on Harmonizing U.S. Discovery and EU data Protection Requirements,” in BNA’s Privacy & Security Law Report (March 9, 2009) (E. McNicholas, et al.)
- “Reconciling European Data Privacy Concerns with US Discovery Rules: Conflict and Comity,” in Global Competition Litigation Review (July 2009) (with E. McNicholas, et al.)
- “End of the Notice Paradigm:” FTC’s Proposed Sears Settlement Casts Doubt On the Sufficiency of Disclosures in Privacy Policies and User Agreements,” in BNA’s Electronic Commerce & Law Report (July 15, 2009) (with E. McNicholas)
- “Developments in Data Breach Liability,” in Privacy & Data Security Law Journal (September 2009) (with E. McNicholas, et al.)
- “Privacy and Civil Liberties,” in The Washington Post (October 23, 2009)
- “Damages for the Harm of Data Breaches and Other Privacy Claims,” in BNA’s Privacy & Security Law Report (September 15, 2008) (with E. McNicholas and J. Tatel)
- “A Path to Resolving European Data Protection Concerns With U.S. Discovery,” in Privacy and Security Law (October 15, 2007) (with E. McNicholas and J. Dwyer)
- “Undermining Society’s Morals,” in The Washington Post (November 28, 2003)
- “Annoying Judicial Calls On the Do-Not-Call List,” in The Wall Street Journal (October 6, 2003)
- “Regulatory Daubert: A Proposal to Enhance Judicial Review of Agency Science by Incorporating Daubert Principles Into Administrative Law,” in Law and Contemporary Problems, School of Law, Duke University, Vol. 66 (Autumn 2003) (with J. Zampa Dwyer)
- “Deeper Judicial Scrutiny Needed for Agencies’ Use of Science,” in Legal Backgrounder (January 25, 2002) (with J. Zampa)
- “In Era of Broken Rules, Society Breaks,” in Los Angeles Times (October 11, 2002)
- “Anti-Terror Plan Is No Loose Cannon,” in Newsday (December 6, 2001)
- “Cheer Ashcroft On, With a Little Friendly Oversight, A Civil Liberties Panel Would Help Quell the Naysayers in the Fight Against Terrorism,” in Los Angeles Times (December 5, 2001.)
- “Privacy Needn’t Crumble Before Cookies and Spam,” in Los Angeles Times (March 1, 2001)
- “Time To Clean House (Let’s Make Sure That Our Regulations Jibe With Common Sense),” in Legal Times (February 19, 2001)
- “Science and Reason Must Guide Rulemaking in New Administration,” in Legal Opinion Letter (January 12, 2001)
- “Liability for Computer Glitches and Online Security Lapses,” in BNA’s Electronic Commerce Law Report, 6(31):849 (2001) (with F. Volpe and G. Meyer)
- “Science, Agencies, and the Courts: Is Three A Crowd?” in ELR (2001) (with E. Elliott, R. Pierce Jr., T. McGarity and W. Wagner)
- “Ignoring the Constitution Is A Bad Habit,” in The Wall Street Journal (March 22, 2000)
- “The Courts Thwart the EPA's Power Grab,” in The Wall Street Journal (May 18, 1999) (with C. B. Gray)
- “A Privilege for Secret Service Subverts Justice; Agents for Nixon, Reagan, Bush and even Clinton have Testified Before,” in Los Angeles Times (April 30, 1998)
- “It’s Time for Congress to Fire the Independent Counsel,” in The Hill (May 6, 1998)
- “That “Celestial Fire Called Conscience,” in The Washington Post (July 27, 1998)
- “Unanimous Censure, Immediate Shunning; Impeachment: There are Better ways to Condemn Clinton’s Disgraceful Behavior,” in Los Angeles Times (December 10, 1998)
Alan serves as a member of the Data Security, Privacy and Intellectual Property Advisory Committee of the National Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce).
Alan is a member of the Board of Directors of the Future of Privacy Forum, a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. FPF brings together industry, academics, consumer advocates and other thought leaders to explore the challenges posed by technological innovation and develop privacy protections, ethical norms and workable business practices.
Alan’s other memberships include:
- National Security Institute, George Mason University’s Antonin Scalia Law School, Member of Advisory Board
- ABA Cybersecurity Legal Task Force, ex officio member (following original appointment by ABA President)
- Atlantic Legal Foundation, Member of Advisory Council
- Council on Foreign Relations
- Federalist Society, Executive Committee for Administrative Law and Regulation Group
- American Heart Association, Washington DC Board of Directors (former Board Member)
- Washington Tennis and Education Foundation (former Board Member)
- American Bar Association, Section of Administrative Law and Regulatory Practice (former Council Member)
- American Bar Association, Section of International Law and Practice (former Council Member)
- National China Garden Foundation (former Board Member and Secretary)
- Moderator, “Insurance Industry Cybersecurity and Privacy Roundtable,” Sidley Austin LLP (New York, NY, September 15, 2016)
- “Safe Harbor Data Privacy Briefing: Your Questions Answered by Giovanni Buttarelli,” DataGuidance Webinar (October 20, 2015)
- Speaker, “How Will the FCC and FTC Tackle Privacy and Data Security in the Coming Years?” Computers, Freedom & Privacy Conference 2015 (Alexandria, VA, October 14, 2015)