Susan Hintze

Practice Areas

Susan Hintze has provided legal counsel to tech and e-commerce clients for over 25 years - 20 years of which have been focused exclusively in the area of privacy and security. She focuses on regulatory compliance, legislative policy, and defends companies against federal, state, and city enforcement actions. She advises on a wide range of U.S. and global privacy and data security issues and in the areas of online safety, disinformation investigations, and AI ethics. Representative areas include CCPA, CPRA, and the growing number of omnibus state privacy laws, FERPA, the FTC Act, COPPA, My Health My Data Act, TCPA, TSR, HI-TECH, GLBA, FCRA, CFAA, ECPA, GDPR, Video Privacy Protection Act, SMS and telemarketing laws, data security and breach notice obligations, online and mobile advertising and tracking, data transactions, privacy due diligence, facial recognition and biometrics, cloud computing, AI, and financial privacy.

Career

Susan formerly co-chaired Cooley LLP's privacy group and co-led Perkins Coie's privacy group. She gained valuable in-house experience as Microsoft privacy counsel advising security, global sales and marketing, X-Box, HR, and legislative policy teams on privacy, data security, and online safety issues. She also served as former lead privacy counsel at Dell.

Professional Memberships

Admitted to Practice in California, D.C., and Washington State.

Privacy Bar Advisory Board Member, International Association of Privacy Professionals 2021-2022

Co-Chair of RSA Conference Programming Privacy Track 2018-2021

Privacy Advisory Committee Member to the City of Seattle

Certifications*

Fellow of Information Privacy (FIP)

Certified Information Privacy Professional - United States (CIPP/US)

Certified Information Privacy Technologist (CIPT)

*The Supreme Court of Washington does not recognize certification and certification is not a requirement to practice law in the State of Washington.

Adviser to the American Law Institute’s project for Principles of the Law: Data Privacy 2013-2019

Publications

Press Appearances:

“Clearview to Restrict Private-Sector Use of Data” - Bloomberg Law - May 9, 2022

“Privacy job market at ‘full-tilt hiring boogie’” - IAPP The Privacy Advisor - October 6, 2021

“FTC alum Ashkan Soltani selected to lead CPPA” - IAPP The Privacy Advisor - October 5, 2021

“Google-Flagged Child Porn Case Shows Court Split on Privacy” - Bloomberg Law - September 24, 2021

“What Kamala Harris as VP would mean for Silicon Valley” - CNN Business - August 13, 2020

“Calif. approves Prop 24, paving the way for CPRA” - IAPP Daily Digest - March 24, 2020

“TikTok rally signups could force Trump campaign into compliance nightmare” - Daily Dot - June 26, 2020

“Privacy Sequel Coming, Some Might Wait to Sue California” - Communications Daily - June 5, 2020

“Becerra submits CCPA final regs, awaits approval to enforce” - IAPP Daily Digest - June 2, 2020

“California Attorney General will not delay application of CCPA amid pandemic” - Privacy Tech - March 27, 2020

“California attorney general's office: No delay on CCPA enforcement amid COVID-19” - IAPP Daily Digest - March 24, 2020

“MarTech Interview with Barbara Lawler, Chief Privacy and Data Ethics Officer at Looker” - MarTech Series - March 17, 2020

“Winning the CyberWar” - Corporate Board Member - February 2020

“Interview Series: Susan Lyon-Hintze, Founder, Managing Partner at Hintze Law PLLC” - DataGrail - April 15, 2019

“California Uber Alles - Cisco, like Apple and other tech giants, now wants new federal privacy law” - Ars Technica - February 7, 2019

“Advertising Company Takes a TURN under FTC’s Wagging Finger” - International Association of Privacy Professionals Daily Dashboard - December 21, 2016

“Online Privacy at Risk under Federal Statute” - American Bar Association Litigation News - August 13, 2014

“Laws Vague on Breach Alerts” - Consumer WatchDog - January 19, 2014

“U.S. companies allowed to delay disclosure of data breaches” - Reuters - January 16, 2014

“Facebook Impostor Posing as US Attorney to Bilk Victims” - KOMO-TV - December 16, 2013

“Privacy a Sticking Point for Dealmakers” - The Recorder - December 6, 2013

"Patients Question UW's Handling of Computer Hack" - KOMO-TV - December 3, 2013

“Attorneys Say State Privacy Law a Challenge to Follow” - Daily Journal - October 1, 2013

“Cooley Practices and Attorneys Recognized in 2013 Legal 500 Client Guide” - Legal 500 - June 24, 2013

"FTC's 2nd Privacy Report Turns Up Heat On Kids' Apps" - Law360 - December 10, 2012

“McDonald's, Viacom Websites Violate Child Privacy, Groups Say” - Law 360 - August 22, 2012

"FTC proposes an update to ancient online law, COPPA" - Marketplace, American Public Media - August 2, 2012

“FTC's Child Privacy Tweaks Bring Ad Networks Under Scrutiny” - Law 360 - August 1, 2012

“Privacy and CP Group of the Year: Cooley” - Law 360 - January 4, 2012

“Cooley Practices and Attorneys Recognized in 2012 Legal 500 Client Guide” Legal 500 - June 27, 2012

“Q&A With Cooley's Susan Lyon” - Law 360 - October 3, 2011

“How Will the FTC's New Digital Privacy Rules Impact Developers?” - The Fierce Developer - August 19, 2011

“Cooley Client Web.com Buys Network Solutions” - Internetrealtor.com - August 18, 2011

"Burning Question: Why Do Emails Contain Legal Warnings?" - Wired - December 27, 2010

"Web Marketers Wary of FTC's 'Do Not Track' Initiative" - eWeek - December 2, 2010

"Build Privacy, Security in Electric Smart Grid Now to Fend Off Breaches, Attorney Advises" - BNA Privacy & Security Law Report - February 8, 2010

"Resiliency: Spring Back; Don't Fall Forward" - Security Magazine - December 2009

"States' Weapon of Choice against ID Theft: Transparency" - Creditcard.com - October 1, 2009

"Watching Out for a National Cyberdisaster" - Inside Counsel - September 2009

"Utilities' Smart Meters Save Money, but Erode Privacy" - Philadelphia Inquirer - September 6, 2009

"Privacy Powerbrokers" - Inside Counsel - September 2006

"Privacy Issues Pop Up for Microsoft, Dell" - Inside 1to1 Privacy - November 10, 2005

Publications:

"Processor v. Controller Contractual Considerations Under GDPR," Data Processing Agreements: Coordination, Drafting, and Negotiation, International Association of Privacy Professionals, 2019

“First Steps Towards Regulating Facial Recognition Technology,” Data Protection Law & Policy, May 2016

“Privacy and Data Security Washington State Profile,” Bloomberg Privacy and Data Security, 2017

““I Agree,” Should Your Privacy Policy Be a Contract?” Copyright and New Media Law, Winter 2015-2016

"“I Agree” - Privacy Policy as a Contract," IP Issues in Business Transactions 2016, Practising Law Institute, January 2016

"Issues to Consider in Transfer of Personal Data as an Asset," IP Issues in Business Transactions 2015, Practising Law Institute, January 2015

"An Overview of Significant U.S. Data Breach Cases and Enforcement Actions," Chapter of Cybercrime and Security Treatise, 2010

"Personal Information Security," Chapter of Washington Nonprofit Handbook: How to Form and Maintain a Nonprofit Corporation in Washington State, 2009

Privacy Challenges to Smart Grid," Sustainable Industries, May 27, 2009

"US: Sony Music: $1 million FTC COPPA settlement," Data Protection Law & Policy, January 2009

"Prior to Data Loss, Check That Contract," Digital Transactions, December 2008

"New PCI Data Security Standards Expand Obligations," Privacy Advisor, November 2008

Work Highlights

Susan Hintze's experience and work highlights include:

Defending companies from start-ups to large corporations in privacy and security investigations and actions brought by the Federal Trade Commission (FTC), state attorneys general and consumer agencies, and international data protection authorities, including representation of:

- HTC in FTC investigation, settlement, and order compliance of alleged mobile security vulnerabilities and Section 6(b) inquiries;

- AdMob mobile ad platform in FTC privacy investigation relating to Google acquisition;

- Musically (now TikTok) in COPPA and Section 6(b) investigation by the FTC.

Representing numerous other clients in successful confidential resolution without settlement or fines of CAN-SPAM, FTC Act, EU U.S. Shield, and Children's Online Privacy Protection Act federal regulatory investigations and EU investigations and inquiries.

Building ad platforms for major ad supported social media, set-top box, and streaming services.

Coaching clients through numerous data security breach response remediation and notification obligations.

Drafting comments to FTC on COPPA and privacy reports and Department of Commerce privacy reports on behalf of CTIA, the Wireless Association.

Contributing to & drafting input incorporated into numerous privacy laws including state breach notice laws, anti-spam laws, anti-spyware laws, and anti-phishing laws.

Developing employee and customer privacy and security policies, programs, risk assessments, and training, including safe harbor programs, for numerous technology and retail clients.

Conducting privacy and data security risk due diligence for mergers and acquisitions.

Advising clients on cloud computing data protection issues and strategy.

Counseling clients on privacy issues relating to behavioral targeting and advertising, online and mobile tracking and monitoring using automatic tracking technology such as IP address, cookies, Web beacons, location-based services and the like and on related issues of anonymization, aggregation and de-identification.

Providing frequent counsel on global strategy for privacy compliance including in the area of marketing and sales and regarding EU to U.S. data transfers.

Clients

Susan advises several Fortune 500 and up & coming technology, analytics, advertising, ed tech, social media, streaming video, gaming, ecommerce, automobile, financial, software as service, telecom, and mobile companies. Susan has also represented numerous unicorn start-ups on privacy strategy and development and maturation of privacy programs preparing them for investment, acquisition and IPO due diligence.

Education