Douglas H. Meal
Seasoned trial lawyer Doug Meal represents companies in complex transaction-related disputes arising from all varieties of business agreements. Most recently, he has played a leading role in the firm’s privacy and data security practice, specializing particularly in representing clients targeted by litigation and government investigations stemming from highly publicized data security breaches. As the lead outside lawyer handling claims stemming from the data security breaches suffered by Target, Sony, Neiman Marcus, Heartland Payment Systems, The TJX Companies, Hannaford Brothers, Aldo, Genesco, and Wyndham Hotels—some of the most highly publicized data security breaches in recent years—Doug has become the national leader in defending companies that suffer significant data security breaches involving consumer information against the ensuing claims and regulatory investigations.
- Aldo Group: Lead counsel in Aldo’s ongoing defense of card brand and card issuer claims resulting from an alleged data security breach that the retailer discovered in early 2010.
- Destination Hotels and Resorts: Lead counsel in DH&R’s defense of the card brand claims stemming from the data security breaches suffered in 2010 by certain hotels managed by DH&R.
- Fortune 100 Insurance Company: National coordinating counsel with respect to the litigations and regulatory inquiries arising from the criminal cyber-attack on a certain portion of a Fortune 100 insurance company’s computer network.
- Genesco: Advising Genesco on how to address its various legal obligations and exposures resulting from a substantial data security breach that Genesco discovered in late 2010.
- Hannaford Brothers: Lead counsel in Hannaford’s defense of the card brand claims stemming from the data security breach announced by Hannaford in 2008.
- Heartland Payment Systems: Lead counsel in Heartland’s ongoing defense of the card brand claims, the card issuer class action, and the FTC investigation stemming from the data security breach announced by Heartland in 2009. The card brand claims were favorably settled, and the court dismissed all the card issuer claims.
- The Home Depot: Advising and representing Home Depot in responding to card brand inquiries stemming from the data security breach that Home Depot announced in September 2014.
- Neiman Marcus: Advising and representing Neiman Marcus in responding to card brand inquiries stemming from the data security breach that Neiman Marcus announced in January 2014.
- Sally Beauty Products: Advising and representing Sally Beauty in responding to card brand inquiries stemming from the data security breach that Sally Beauty announced in March 2014
- Sony: Global coordinating counsel with respect to the multiple litigations and investigations that have arisen from the recent criminal cyber-attacks on certain of Sony’s computer networks.
- Supervalu Inc: Lead outside counsel for Supervalu in defending and responding to all litigation claims, and regulatory inquiries stemming from the data security breach that Supervalu announced in August 2014.
- Target: Lead outside counsel advising and representing Target Corp. in responding to card brand inquiries and defending card issuer litigation stemming from the data security breach that Target announced in December 2013.
- The TJX Companies: Lead counsel in TJX’s defense of the card brand claims and the card issuer class action stemming from the data security breach announced by TJX in 2007. The card brand claims were favorably settled, and the trial court dismissed almost all the class action claims and thereafter denied class certification of the few non-dismissed claims. The ensuing First Circuit appeal resulted in a substantial affirmance of the trial court’s decision by means of a groundbreaking opinion in the area of data security breach law.
- Wyndham Hotels & Resorts: Lead counsel in Wyndham’s ongoing defense of the card brand claims stemming from the data security breaches suffered by certain of the Wyndham-branded hotels in 2008–2010; co-lead counsel in Wyndham’s defense of FTC enforcement action stemming from these intrusions.
- Legal 500 (2014)
- The Best Lawyers in America (2013-2015)
- Chambers Global: The World’s Leading Lawyers for Business (2012-2014)
- Chambers USA: America’s Leading Lawyers for Business (2011-2014)
- Financial Times "U.S. Innovative Lawyer" (2012-2013)
- Law360 “MVP in Privacy” (2012-2014)
- Law360 “Privacy Group Of The Year: Ropes & Gray” (2012-2013)
- Massachusetts Super Lawyers (2004, 2007-2013)
- “Privacy MVP: Ropes & Gray's Douglas H. Meal,” Law360 (December 16, 2014)
- Quoted, "SEC Could Consider New Cyber-Security Disclosures," Compliance Week (April 1, 2014)
- Douglas H. Meal and David T. Cohen, “Private Data Security Breach Litigation in the United States,” Inside the Minds: Privacy and Surveillance Legal Issues (2014)
- Douglas H. Meal, David T. Cohen, and Lisa L. Rachlin, "Takeaways From 9th Circ. FCRA Ruling Against Spokeo," Law360 (February 14, 2014)
- Douglas H. Meal, James S. DeGraw, Paul D. Rubin and David T. Cohen, "FTC's Increasingly Aggressive Assertion Of Authority," Law360 (October 9, 2013)
- Douglas H. Meal, Mark P. Szpak and Lisa Rachlin, “Data Breach Plaintiffs, Don't Skim This Decision” Law360 (September 17, 2013)
- Douglas H. Meal, David T. Cohen, and Lisa L. Rachlin, "Data Breach Plaintiffs Continue To Face Challenges," Law360 (July 22, 2013)
- Douglas H. Meal and David T. Cohen, "FTC's Payment Processor Lawsuits Signal Growing Privacy Risks," Payment Source (July 15, 2013)
- Douglas H. Meal, David T. Cohen, and Lisa L. Rachlin, "Massachusetts High Court Decision on ZIP Codes Increases Legal Risk for Retailers," Chain Store Age (May 2, 2013)
- Douglas H. Meal and Seth C. Harrington, “Defending Against Card Brand Claims Arising From A Data Security Breach,” The Review of Banking & Financial Services (April 2013)
- Douglas H. Meal, David T. Cohen and Daniel M. Routh, "Supreme Court’s Clapper Decision Raises Bar For Standing in Data Security Breach Litigation," Bloomberg BNA's Privacy and Security Law Report (April 1, 2013)
- Douglas H. Meal and David T. Cohen, “How High Court's Clapper Ruling Will Impact Breach Cases,” Law360 (February 26, 2013)
- Douglas H. Meal, “Common Mistakes in Data Security: Post-Breach,” The Bottomline (August/September 2012)
- Douglas H. Meal, “Common Mistakes in Data Security: Pre-Breach,” The Bottomline (April/May 2012)
- Panelist, “Cyber Security War Games for Corporate Legal Counsel: A Tabletop Exercise with the Privacy and Data Security Dream Team,” 4th Annual ConAgra Foods Institute on Law and Policy (December 2014)
- Speaker, “Developments in Private Litigation and Regulatory Enforcement Stemming From Data Security Breaches,” IAPP Privacy Academy and CSA Congress 2014 (September 2014)
- Speaker, “Cyber Risk,” National Association of Corporate Directors Master Class (August 2014)
- Panelist, “Comparing and Contrasting Data Privacy Laws: Considerations, Dilemmas, Suggestions, and Best Routes Examined,” C5’s Forum on Transatlantic Litigation (June 2014)
- Panelist, “Privacy and the FTC,” IAPP’s Symposium on the Federal Trade Commission’s Regulation on Privacy (June 2014)
- Panelist, “Crisis Simulation: What Do you do After a Breach?” National Association of Corporate Directors Cyber Risk Summit (June 2014)
- Speaker, “Critical Data Privacy and Security Issues: Best Practices for Navigating the Legal Landscape,” New England Corporate Counsel Association Seminar (May 2014)
- Speaker, “How to Reduce Legal Exposures Before and After a Breach,” 2014 InfoSec World Conference & Expo (April 2014)
- Panelist, “Public Company Disclosure,” U.S. Securities and Exchange Commission Cybersecurity Roundtable (March 2014)
- Panelist, “After the Breach - Maximizing the confidentiality protections afforded by legal privileges, the role of forensics, and anticipating the "second guessing" by regulators and lawsuits,” 2014 Blackstone Information Risk & Security Conference (March 2014)
- Speaker, “Privacy Litigation Risks: Update from the Trenches,” IAPP Global Privacy Summit (March 2014)
- Panelist, “Potential Liability for Release of Information: Assessing, Managing, & Defending Against Claims,” Law Seminars International conference on Cybersecurity Law and Strategies Conference (January 2014)
- Panelist, “Federal Regulatory, Legislative, and Enforcement Landscape: Changes on the Horizon and Integrating New and Anticipated Initiatives Into Your Privacy and Compliance Program,” ACI's 14th Annual Legal and Compliance Forum on Privacy & Security of Consumer Employee Information (January 2014)
- Panelist, “Addressing and Mitigating Cybersecurity Risk,” PCI Annual Meeting, Essential Strategies for Succeeding in a Hyper-Competitive World (October 2013)
- Panelist, American Lawyer Media's 5th Annual IP Trademark, Copyright and Licensing Counsel Forum (October 2013)
- Speaker, “Privacy Please! An Overview of How Data Privacy Law Governs Hotels' Collection and Use of Guests' Information,” Georgetown Law Hotel and Lodging Legal Summit (October 2013)
- Panelist, “Privacy & Data Security: The Dos and Don'ts for In-House Counsel,” ACC CLE New York conference (October 2013)
- Panelist, “U.S. Cybercrime 2013: Today’s Stark Realities Breakfast Briefing,” The Fairmont San Jose (September 2013)
- Panelist, “U.S. Cybercrime 2013: Today’s Stark Realities Breakfast Briefing,” The Army & Navy Club (July 2013)
- Panelist, “Hackers Are After Your Data! Practical Ways to Reduce Data Security Breach Exposure,” Chambers USA General Counsel Seminar (May 2013)
- Speaker, “Data Security Litigation Round-Up: Latest Developments in Theories of Liability and Injury,” ACI’s 13th Annual Legal and Compliance Forum on Privacy & Security of Consumer and Employee Information (February 2013)
- Speaker, “Lessons Learned from Serious Data Security Breaches,” Imperial Capital Security Investor Conference (December 2012)
- Speaker, “The Challenging Nature of Data Security Risk – Lessons Learned from Serious Breaches,” 7th Annual Aon Risk Summit (October 2012)
- Speaker, “Ensuring PCI DSS Compliance and Responding to Data Security Breaches Involving Payment Card Data,” City/Athletic Club Financial Executives Conference (September 2012)
- Panelist, “PCI DSS: Ensuring Compliance; Responding to Payment Card Data Security Breaches; and the Impact of the Emerging Technological and Regulatory Landscape,” American Conference Institute (July 2012)
- Speaker, “The Changing Nature of Data Security Risk – Lessons Learned From Serious Breaches,” 2012 Aon Consulting Symposium (June 2012)
- Speaker, “Data Security Breaches: The Crucial Mistakes That Companies Most Often Make,” Tenth Annual Hospitality Law Conference (February 2012)
- Panelist, “Implementing a Culture of Privacy Compliance: Preparing for and Responding to a Data Breach,” ACI’s 11th Annual Legal and Compliance Forum on Privacy & Security of Consumer and Employee Information (February 2012)
- Panelist, “Privacy & Security 101: Understanding the Technology & Key Regulations and Laws,” ACI’s 11th Annual Legal and Compliance Forum on Privacy & Security of Consumer and Employee Information (February 2012)
- Speaker, “Data Breaches – Coming to a Network Near You,” Chartis Security/Privacy Market Trend Seminar (November 2011)
- Speaker, “Data Breach Preparedness and Prevention,” Association of Corporate Counsel’s Annual Meeting, San Antonio (October 2010)
- Speaker, “Update on Credit Card Brand Data Security Regulations,” National Retail Federation General Counsels Forum, Washington, D.C. (July 2010)
- Speaker, “Case Study: The Heartland and TJX Data Breaches,” ACI National Advanced Forum on Data Privacy & Information Security, Dallas (June 2010)
- Panelist, “Current Issues in Privacy & Security Law for the Health Care and Financial Services Sectors,” Boston Bar Association (October 2008)
- Panelist, “Data Security Breaches – Managing the Risk and Responding to a Crisis,” Argyle Executive Forum, New York (October 2008)
- Speaker, “The Growing Challenge of Cyber Theft,” New England Legal Foundation Board Meeting, Boston (October 2008)