Matthew R. Cin
Matthew Cin advises a broad range of clients on global data privacy and cybersecurity issues, and on technology transactions and other commercial contracts. Matthew represents technology companies, cloud service providers, brick and mortar and e-commerce retailers, financial institutions, health care providers, health information technology vendors and consumer products manufacturers with US and international privacy, and data security breach response issues, including navigating comprehensive state privacy laws, such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), Virginia’s Consumer Data Protection Act and the Colorado Privacy Act, the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Telephone Consumer Protection Act (TCPA), Children’s Online Privacy Protection Act (COPPA), and other international, federal and state laws.
Matthew also counsels clients on global product launches, product, website and mobile app reviews, online content regulation and liability, and other areas of regulatory compliance. He also helps clients implement biometric technologies, beacon tracking devices, and internet of things devices and services. He has a wealth of experience advising key industry players on compliance with the Illinois Biometric Privacy Act and other similar biometrics laws.
Matthew guides clients during data breach response matters and helps clients protect personally identifiable information and infrastructure from cyber threats.
Matthew was previously an associate at another substantial data, privacy & cybersecurity practice prior to joining Ropes & Gray.
- Advised large international video game development company on the applicability of CCPA and compliance with state biometric privacy laws.*
- Assisted multiple brick and mortar and e-commerce businesses with the development of email- and automated text message-based marketing programs in compliance with TCPA and the CAN-SPAM Act.*
- Advised retailers, internet companies, digital health developers, hospital systems, and other businesses regarding global product launches, including drafting consumer-facing privacy policies and user agreements, and revising data protection policies and procedures to comply with the GDPR and other international privacy laws.*
- Developed GDPR-compliant policies and procedures for several clients operating in controller and processor capacities.*
- Advised a multi-billion dollar, international brick and mortar retailer with privacy and consumer protection law requirements affecting its launch of a mobile shopping application.*
- Represented an international brick-and-mortar retailer in responding to a 50-state data security breach.*
- Advised a health industry service provider assess its data security breach notification obligations under HIPAA.*
- Advised HIPAA covered entities in responding to data security breaches.*
- Represented several retailers in negotiating contracts to procure retail information systems and services.*
- Represented software providers and other cloud computing vendors in negotiating cloud computing and application development arrangements.*
- Negotiated amendments to cloud service agreements to address GDPR contracting requirements for a global technology service provider.*
- Represented hospital systems in negotiations with EMR providers for EMR acquisition and implementation.*
- Represented a large regional grocery retailer on a multi-million dollar software development and implementation of a centralized distribution center.*
*Experience prior to joining Ropes & Gray
- JD, Washington University School of Law, 2014
- BA, Indiana University, 2011
Admissions / Qualifications
- Illinois, 2014
- Texas, 2015
- The Best Lawyers in America – Ones to Watch, Technology Law (2021-2022)