Bio

Lynn’s practice is dedicated to privacy and data security. His experience includes representation of organizations in the retail, technology, financial, advertising, and health care sectors, among others. Lynn advises clients on compliance with a multitude of privacy and data security laws, such as HIPAA, the Telephone Consumer Protection Act, the Gramm-Leach-Bliley Act, GDPR, the Video Privacy Protection Act, the FCRA, CAN-SPAM, COPPA, the Wiretap Act, the Stored Communications Act, and state privacy and data security laws, including the California Consumer Privacy Act, the Illinois Biometric Information Privacy Act, and the South Carolina Insurance Data Security Act. He helps clients establish compliance programs, respond to data breaches, and administer privacy and data security investigations and assessments. Lynn also regularly assists clients on privacy and data security issues arising in transactional matters, such as due diligence and contract negotiation. He has experience advising clients on compliance challenges posed by significant company initiatives such as behavioral advertising, location tracking, consumer-facing mobile payment initiatives (including bill pay, money transfers, and check cashing), Privacy Shield certification, international data transfers, data analytics and aggregation services, mobile applications, employee monitoring, privacy policy creation and updates, vendor management, and phone call, text message, and email outreach programs directed to consumers and employees.

A Raleigh native, Lynn received his B.S. from East Carolina University and his J.D., magna cum laude, from Campbell University, where he served as the Editor in Chief of the Campbell Law Review. Lynn served as a law clerk to the Honorable Robert N. Hunter, Jr., and the Honorable Sanford L. Steelman, Jr., of the North Carolina Court of Appeals before entering private practice.

  • International Association of Privacy Professionals
  • Carolina Privacy Officials’ Network
  • North Carolina State Bar
  • North Carolina Bar Association
  • Wake County Bar
  • Advised clients across industry sectors on compliance with California Consumer Privacy Act and European General Data Protection Regulation and implementation of related compliance requirements, including creation of privacy policies, advice on individual rights mechanisms, response to specific individual rights requests, limitations on secondary use of data, and negotiation of customer and vendor agreements.
  • Assisted clients across industry sectors in obtaining EU-US and Swiss-US Privacy Shield
  • Advised publicly traded client on creation and implementation of HIPAA compliance program.
  • Led privileged privacy-and-data security assessments of a technology client’s organization that incorporated multiple assessment standards and advised on remediation of assessment findings.
  • Represented technology clients in connection with negotiation of personal data licensing and Ad Tech agreements.
  • Negotiated banking-as-a-service agreements on behalf of bank client.
  • Advised Fortune 500 client on response to 50-state data breach.
  • Advised Fortune 500 client on creation of a telephone outreach compliance program designed to address requirements of the Telephone Consumer Protection Act, Telemarketing Sales Rule, and state law corollaries.
  • Supervised large-scale project to renegotiate vendor data security addenda in order to address requirements associated with the California Consumer Privacy Act on behalf of a publicly traded retail client.
  • Advised Fortune 500 client on implementation of employee-monitoring program, including advice on compliance with Federal Wiretap Act, state law corollaries, and related privacy and data security laws.
  • Privacy and Information Security Law Specialist, North Carolina State Bar Board of Legal Specialization
  • Certified Information Privacy Professional (United States), International Association of Privacy Professionals
  • Article I Torture Courts: A Constitutional Means of Compensation and Deterrence? 54 Howard Law Journal 83 (2010)
  • Public Policy Favoritism in the Online World: Contract Voidability Meets the Communications Decency Act, 17 Texas Wesleyan Law Review 165 (2011)
  • Client Alert: Coping with the Threat of Fraudulent Funds Transfers, October 28, 2012
  • Client Alert: HIPAA Risk Analysis, February 6, 2013
  • Client Alert: President Obama’s Cybersecurity Executive Order and What it Means for Your Organization, February 14, 2013
  • Client Alert: Privacy Regulators Take to the Web in Search of Deficient Privacy Policies, May 30, 2013
  • Client Alert: New COPPA Rule Now in Effect, July 1, 2013
  • President Obama’s Security Breach Notification Bill Needs Work, January 16, 2015, J.D. Supra
  • Client Alert: Lessons Learned from Target’s Data Breach Discovery Win – Five Strategies for Maintaining Privilege in the Aftermath of a Data Breach, October 30, 2015
  • Making the Move: Safe Harbor to the Privacy Shield, Triangle Part Eleven and Electronic Stakeholders Meeting, September 22, 2016
  • Elliott Davis Decosimo 2017 Risk Management Seminar, Understanding Data Breach Reporting Obligations and Minimizing Legal Risk, May 11, 2017
  • Client Alert: DC Circuit Partially Overturns 2015 FCC Order in Long-Awaited TCPA Ruling, March 16, 2018
  • Reining in the FCC: DC Circuit Overturns Some (Not All) of 2015 TCPA Order, International Association of Privacy Professionals, March 23, 2018
  • $1 Million Fine Signals SEC’s Focus on Red Flags Rule and Safeguards Rule Compliance, Nov 18, 2018
  • Marketing and Advertising: Challenges in the Current Privacy Landscape; International Association of Privacy Professionals, Raleigh/Durham KnowledgeNet Chapter Meeting, June 25, 2019
  • Artificial Intelligence, Cyber Security, and Ethics, NC State Lawyers Annual Meeting & CLE, November 8, 2019
  • Proposed Overhaul of North Carolina Security Breach Notification Law Would Make It One of the Toughest in the Nation, April 17, 2019