Lynn leads the firm’s Privacy & Data Security Practice Group. His practice is dedicated to helping clients use and protect personal data while minimizing legal risk and meeting their obligations under the complex privacy and data security regulatory landscape.
Lynn routinely provides clients with time-sensitive advice on responding to data breaches, helping them through each step of the process, from investigation to notification, remediation, and responding to governmental inquiries. He helps clients administer privacy and data security investigations and assessments. Lynn has also negotiated and advised clients on hundreds of transactions that implicate privacy and data security issues, including M&A transactions and commercial contracts.
Lynn’s practice encompasses all aspects of U.S. privacy and data security law, and he also advises clients on compliance with the European General Data Protection Regulation. He has advised clients on federal privacy and data security laws such as HIPAA, the Telephone Consumer Protection Act, the Gramm-Leach-Bliley Act, GDPR, the Video Privacy Protection Act, the FCRA, CAN-SPAM, COPPA, the Wiretap Act, and the Stored Communications Act. He regularly advises clients on the U.S. patchwork of state privacy and data security laws, including the California Consumer Privacy Act, the California Privacy Rights Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Illinois Biometric Information Privacy Act, the South Carolina Insurance Data Security Act, and the NYDFS Cybersecurity Regulation.
Lynn received his B.S. from East Carolina University and his J.D., magna cum laude, from Campbell University, where he served as the Editor in Chief of the Campbell Law Review. Lynn served as a law clerk to the Honorable Robert N. Hunter, Jr., and the Honorable Sanford L. Steelman, Jr., of the North Carolina Court of Appeals before entering private practice.
Lynn writes extensively on privacy matters. Visit our privacy law blog to read his take on current data privacy-related events.
- International Association of Privacy Professionals
- Carolina Privacy Officials’ Network
- North Carolina State Bar
- North Carolina Bar Association
- Wake County Bar
- Raleigh Chamber of Commerce, Leadership Raleigh, Class 40
- Advised clients based across industry sectors on compliance with the European General Data Protection Regulation and implementation of related compliance requirements, including creation of privacy policies, advice on individual rights mechanisms, response to specific individual rights requests, limitations on secondary use of data, and negotiation of customer and vendor agreements.
- Advised clients on implementing international data transfer mechanisms, including standard contractual clauses and Privacy Shield, and minimizing risk associated with Schrems II decision.
- Advised client on consolidation of compliance efforts to address state privacy laws, including the CCPA, CPRA, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act.
- Managed negotiation of large-scale vendor contract update initiative to address regulatory changes on behalf of Fortune 500 client.
- Negotiated M&A buy- and sell-side transactions involving regulated entities subject to legal regimes including HIPAA, FCRA, GLBA, and GDPR.
- Advised publicly-traded client on creation and implementation of HIPAA compliance program.
- Led privileged privacy-and-data security assessments of a technology client’s organization that incorporated multiple assessment standards and advised on remediation of assessment findings.
- Represented technology clients in connection with negotiation of personal data licensing and Ad Tech agreements.
- Negotiated banking-as-a-service agreements on behalf of bank client.
- Advised clients across industry sectors on large-scale data breaches.
- Advised Fortune 500 client on creation of a telephone outreach compliance program designed to address requirements of the Telephone Consumer Protection Act, Telemarketing Sales Rule, and state law corollaries.
- Managed large-scale project to renegotiate vendor data protection addenda to address requirements associated with the California Consumer Privacy Act.
- Advised Fortune 500 client on implementation of employee-monitoring program, including advice on compliance with Federal Wiretap Act, state law corollaries, and related privacy and data security laws.
- Privacy and Information Security Law Specialist, North Carolina State Bar Board of Legal Specialization
- Certified Information Privacy Professional (United States), International Association of Privacy Professionals
Recent posts from our privacy and data security blog, Practical Privacy.
- SEC Adopts Final Cybersecurity Rules
- Consent Horizon: BetterHelp to Pay $7.8 Million to Settle FTC Claims
- Reading the Tea Leaves: Insights into FTC’s Areas of Focus from Chair Khan’s First Public Address
- Everything is (Somewhat) Illuminated: The EDPB Defines “Transfer”
- The EU Commission’s New SCCs for International Transfers: Top 5 Immediate Takeaways
- Schrems II: What About US-Based Organizations with Consumer-Facing Websites and Apps? (Part 1 of 2)
- Final CCPA Regulations Are Approved and Effective Immediately
- Final CCPA Regs Are Finally Here, Effective Date is Unclear
- Still at the Drawing Board: Unpacking the Third Draft of the California AG’s CCPA Regulations
- Back to the Drawing Board? The Top Ten Impacts of the California AG’s Modified CCPA Regulations (Part 1 of 2)
- Nevada’s New Privacy Law: More Bark than Bite
- SEC Adopts Final Cybersecurity Rules
- SEC’s Pending Proposed Rules on Cybersecurity Incident and Risk Management Disclosure
- [Client Alert] Nevada’s New Privacy Law: More Bark than Bite
- Proposed Overhaul of North Carolina Security Breach Notification Law Would Make It One of the Toughest in the Nation
- $1 Million Fine Signals SEC’s Focus on Red Flags Rule and Safeguards Rule Compliance
- Client Alert: Double Jeopardy—The Growing Trend of Privacy Regulators Piling On Multiple Enforcement Actions after a Data Breach
- Ethics in Privacy and Data Security Law, North Carolina Bar Association Privacy and Data Security CLE, October 28, 2021
- Preserving Privilege in a Data Breach Investigation After the Capital One Decision, North Carolina Bar Association Privacy and Data Security CLE
- Artificial Intelligence, Cyber Security, and Ethics, NC State Lawyers Annual Meeting & CLE, November 8, 2019
- Marketing and Advertising: Challenges in the Current Privacy Landscape; International Association of Privacy Professionals, Raleigh/Durham KnowledgeNet Chapter Meeting, June 25, 2019
- $1 Million Fine Signals SEC’s Focus on Red Flags Rule and Safeguards Rule Compliance, Nov 18, 2018
- Client Alert: DC Circuit Partially Overturns 2015 FCC Order in Long-Awaited TCPA Ruling, March 16, 2018
- Reining in the FCC: DC Circuit Overturns Some (Not All) of 2015 TCPA Order, International Association of Privacy Professionals, March 23, 2018
- Elliott Davis Decosimo 2017 Risk Management Seminar, Understanding Data Breach Reporting Obligations and Minimizing Legal Risk, May 11, 2017
- Making the Move: Safe Harbor to the Privacy Shield, Triangle Part Eleven and Electronic Stakeholders Meeting, September 22, 2016
- Client Alert: Lessons Learned from Target’s Data Breach Discovery Win – Five Strategies for Maintaining Privilege in the Aftermath of a Data Breach, October 30, 2015
- President Obama’s Security Breach Notification Bill Needs Work, January 16, 2015, J.D. Supra
- Client Alert: New COPPA Rule Now in Effect, July 1, 2013
- Client Alert: Privacy Regulators Take to the Web in Search of Deficient Privacy Policies, May 30, 2013
- Client Alert: HIPAA Risk Analysis, February 6, 2013
- Client Alert: President Obama’s Cybersecurity Executive Order and What it Means for Your Organization, February 14, 2013
- Client Alert: Coping with the Threat of Fraudulent Funds Transfers, October 28, 2012
- Public Policy Favoritism in the Online World: Contract Voidability Meets the Communications Decency Act, 17 Texas Wesleyan Law Review 165 (2011)
- Article I Torture Courts: A Constitutional Means of Compensation and Deterrence? 54 Howard Law Journal 83 (2010)