Douglas H. Meal
Partner
Seasoned trial lawyer Doug Meal represents companies in complex transaction-related disputes arising from all varieties of business agreements. Most recently, he has played a leading role in the firm’s privacy and data security practice, specializing particularly in representing clients targeted by litigation and government investigations stemming from highly publicized data security breaches. As the lead outside lawyer handling claims stemming from the data security breaches suffered by Sony, Heartland Payment Systems, The TJX Companies, Nationwide, Hannaford Brothers, Aldo, Genesco, and Wyndham Hotels—some of the most highly publicized data security breaches in recent years—Doug has become the national leader in defending companies that suffer significant data security breaches involving consumer information against the ensuing claims and regulatory investigations.
Experience
- Aldo Group: Lead counsel in Aldo’s ongoing defense of card brand and card issuer claims resulting from an alleged data security breach that the retailer discovered in early 2010.
- Destination Hotels and Resorts: Lead counsel in DH&R’s defense of the card brand claims stemming from the data security breaches suffered in 2010 by certain hotels managed by DH&R.
- Genesco: Advising Genesco on how to address its various legal obligations and exposures resulting from a substantial data security breach that Genesco discovered in late 2010.
- Hannaford Brothers: Lead counsel in Hannaford’s defense of the card brand claims stemming from the data security breach announced by Hannaford in 2008.
- Heartland Payment Systems: Lead counsel in Heartland’s ongoing defense of the card brand claims, the card issuer class action, and the FTC investigation stemming from the data security breach announced by Heartland in 2009. The card brand claims were favorably settled, and the court dismissed all the card issuer claims.
- Nationwide: National coordinating counsel with respect to the litigations and regulatory investigations arising from the criminal cyber-attack on a certain portion of Nationwide’s computer network during October 2012.
- Sony: Global coordinating counsel with respect to the multiple litigations and investigations that have arisen from the recent criminal cyber-attacks on certain of Sony’s computer networks.
- The TJX Companies: Lead counsel in TJX’s defense of the card brand claims and the card issuer class action stemming from the data security breach announced by TJX in 2007. The card brand claims were favorably settled, and the trial court dismissed almost all the class action claims and thereafter denied class certification of the few non-dismissed claims. The ensuing First Circuit appeal resulted in a substantial affirmance of the trial court’s decision by means of a groundbreaking opinion in the area of data security breach law.
- Wyndham Hotels & Resorts: Lead counsel in Wyndham’s ongoing defense of the card brand claims stemming from the data security breaches suffered by certain of the Wyndham-branded hotels in 2008–2010; co-lead counsel in Wyndham’s defense of FTC enforcement action stemming from these intrusions.
Awards
- The Best Lawyers in America (2013)
- Chambers Global: The World’s Leading Lawyers for Business (2012-2013)
- Chambers USA: America’s Leading Lawyers for Business (2011-2012)
- Law360 "MVP in Privacy & Consumer Protection" (2012)
- Law360 "Privacy Group Of The Year: Ropes & Gray" (2012)
- Financial Times "U.S. Innovative Lawyer" (2012)
- Massachusetts Super Lawyers (2004, 2007-2012)
Insights
Publications
- Douglas H. Meal, David T. Cohen, and Lisa L. Rachlin, "Massachusetts High Court Decision on ZIP Codes Increases Legal Risk for Retailers," Chain Store Age (May 2, 2013)
- Douglas H. Meal, David T. Cohen and Daniel M. Routh, "Supreme Court’s Clapper Decision Raises Bar For Standing in Data Security Breach Litigation," Bloomberg BNA's Privacy and Security Law Report (April 1, 2013)
- Douglas H. Meal and David T. Cohen, “How High Court's Clapper Ruling Will Impact Breach Cases,” Law360 (February 26, 2013)
- Douglas H. Meal, “Common Mistakes in Data Security: Post-Breach,” The Bottomline (August/September 2012)
- Douglas H. Meal, “Common Mistakes in Data Security: Pre-Breach,” The Bottomline (April/May 2012)
Presentations
- Speaker, “Data Security Litigation Round-Up: Latest Developments in Theories of Liability and Injury,” ACI’s 13th Annual Legal and Compliance Forum on Privacy & Security of Consumer and Employee Information (February 2013)
- Speaker, “Lessons Learned from Serious Data Security Breaches,” Imperial Capital Security Investor Conference (December 2012)
- Speaker, “The Challenging Nature of Data Security Risk – Lessons Learned from Serious Breaches,” 7th Annual Aon Risk Summit (October 2012)
- Speaker, "Ensuring PCI DSS Compliance and Responding to Data Security Breaches Involving Payment Card Data," City/Athletic Club Financial Executives Conference (September 2012)
- Panelist, “PCI DSS: Ensuring Compliance; Responding to Payment Card Data Security Breaches; and the Impact of the Emerging Technological and Regulatory Landscape,” American Conference Institute (July 2012)
- Speaker, “The Changing Nature of Data Security Risk – Lessons Learned From Serious Breaches,” 2012 Aon Consulting Symposium (June 2012)
- Speaker, “Data Security Breaches: The Crucial Mistakes That Companies Most Often Make,” Tenth Annual Hospitality Law Conference (February 2012)
- Panelist, “Implementing a Culture of Privacy Compliance: Preparing for and Responding to a Data Breach,” ACI’s 11th Annual Legal and Compliance Forum on Privacy & Security of Consumer and Employee Information (February 2012)
- Panelist, “Privacy & Security 101: Understanding the Technology & Key Regulations and Laws,” ACI’s 11th Annual Legal and Compliance Forum on Privacy & Security of Consumer and Employee Information (February 2012)
- Speaker, “Data Breaches – Coming to a Network Near You,” Chartis Security/Privacy Market Trend Seminar (November 2011)
- Speaker, “Data Breach Preparedness and Prevention,” Association of Corporate Counsel’s Annual Meeting, San Antonio (October 2010)
- Speaker, “Update on Credit Card Brand Data Security Regulations,” National Retail Federation General Counsels Forum, Washington, D.C. (July 2010)
- Speaker, “Case Study: The Heartland and TJX Data Breaches,” ACI National Advanced Forum on Data Privacy & Information Security, Dallas (June 2010)
- Panelist, “Current Issues in Privacy & Security Law for the Health Care and Financial Services Sectors,” Boston Bar Association (October 2008)
- Panelist, “Data Security Breaches – Managing the Risk and Responding to a Crisis,” Argyle Executive Forum, New York (October 2008)
- Speaker, “The Growing Challenge of Cyber Theft,” New England Legal Foundation Board Meeting, Boston (October 2008)

