Michelle Visser focuses her practice on complex business litigation matters. She has extensive experience assisting companies in responding to the variety of legal issues that can result from data security breaches, including experience in overseeing forensic investigations and defending against claims made or threatened by credit card companies, financial institutions and regulators. She also regularly represents companies in defending against class actions, with experience in class actions involving securities, antitrust and data security claims.
- LabMD. Represented LabMD in its successful petition to the U.S. Court of Appeals resulting in the first-ever court decision overturning an FTC cybersecurity action.
- Supervalu Inc. Represented Supervalu in responding to regulatory inquiries stemming from the data security breach that Supervalu announced in 2014.
- Target. Represented Target in responding to card brand inquiries and defending card issuer class action litigation stemming from the data security breach that Target announced in 2013.
- Sony. Represented Sony and its various entities in investigating the data security breaches announced in 2011 and in responding to regulatory and card brand inquiries stemming from those security breaches.
- Hitachi-LG Data Storage. Represents the Korean-Japanese joint venture in defending civil class actions, opt-out actions, and a state action alleging price-fixing in the optical disk drive industry.
- Heartland Payment Systems. Represented Heartland in the FTC investigation stemming from the data security breach announced by Heartland in 2009, which the FTC closed without taking any action against the company.
- American Dental Partners Inc. Represented ADPI in securities fraud and derivative litigation stemming from ADPI’s announcement of a prior litigation loss, not litigated by Ropes & Gray. Secured dismissal of the derivative action and settlements within insurance policy limits to terminate the securities actions.
- The TJX Companies Inc. Represented TJX in securing a favorable settlement to terminate the investigation of a multi-state working group of 40 Attorneys General into the data security breach announced by TJX in 2007.
- Profiled, “40 Under 40: Michelle Visser,” Global Data Review (September 2018)
- Co-author, “California Passes Consumer Privacy Act,” Westlaw Practitioner’s Insight (August 9, 2018) and Westlaw Journal of Computer & Internet (August 24, 2018)
- Co-author, “What litigating the LabMD case showed us about US cybersecurity regulation,” IAPP’s Privacy Perspectives (June 27, 2018).
- Co-author, “Ninth Circuit’s Flawed Zappos Decision is Cautionary Tale for Corporate Victims of Cyberattacks,” Washington Legal Foundation Legal Backgrounder (May 4, 2018)
- Co-author, “City Suits: The Next Frontier of Data Breach Actions,” The New York Law Journal (February 21, 2018)
- Co-author, “With ‘LabMD’ Decision Looming, FTC Workshop Delves into Privacy & Data Security Harms,” The WLF Legal Pulse (December 21, 2017)
- Co-author, “FTC’s First Foray into Gig Economy Data Security,” Law360 (August 28, 2017)
- Co-author, “A Rigorous Analysis of Class Certification Issues in Consumer Data Breach Litigation,” Bloomberg BNA Privacy and Security Law Report (January 16, 2017)
- Co-author, “Spokeo Decision Narrows the Path for Data Breach Plaintiffs,” The Daily Journal (San Francisco) (July 1, 2016)
- Co-author, “Data Breach Plaintiffs Invoking Tyson May Face Difficulties,” Law360 (April 13, 2016)
- Co-author, “FTC Study Could Lead To Changes In PCI DSS Certification,” Law360 (April 6, 2016)
- Co-author, “Oracle Case Expands Pool Of Potential Data Security Defendants,” Law360 (Jan. 14, 2016)
- Co-author, “Wash. Decision Illustrates Challenges For Breach Plaintiffs,” Law360 (April 13, 2015)
- “Rising Star: Ropes & Gray’s Michelle Visser”Law360 (April 9, 2015)
- Co-author, “When it happens to you: How to navigate a payment card breach,” InsideCounsel (March 31, 2014)
- Co-author, “More Regulations to Come,” The Recorder (February 22, 2013)
- Presenter, “Cybersecurity Risk Management: New Methods to Gain Control,” Mandiant Webinar (October 23, 2018)
- Panelist, “Practitioner’s Panel,” Berkeley Center for Law and Technology Privacy Law Forum, East Palo Alto, CA (March 23, 2018)
- Panelist, “Data Security and Privacy Litigation,” “The Exchange" Privacy & Cybersecurity Forum, San Francisco, CA (March 19, 2018)
- Presenter, “Privacy & Cybersecurity Litigation Roundup,” Ropes & Gray Roundtable, Palo Alto, CA (March 13, 2018)
- Panelist, “Emerging Data Concerns: Algorithms, Biometrics, Connected Devices and More,” Ropes & Gray Privacy & Cybersecurity Summit, New York, NY (February 8, 2018)
- Panelist, “Mitigating Liability: How to Prepare for and Respond to Breach,” 2018 Law Review Symposium (January 26, 2018)
- Panelist, “Privacy/Security Litigation Update – What the Big Developments in 2017 Mean in 2018 and Beyond,” The 2018 Midwest Legal Conference on Privacy & Data Security (January 25, 2018)
- Panelist, “Data Privacy & Protection,” PWC Regulatory Briefing Series, San Francisco, CA (May 23, 2017)
- Panelist, “It’s a Hack! Data Breach Incident Response, Preserving the Attorney-Client Privilege, and Ethical Obligations with Litigation on the Horizon,” ABA Litigation Annual Conference (May 2017)
- Panelist, “Rethinking Information and Data Governance in Light of Multiplying Regulatory Requirements,” Sandpiper/PwC Governance Briefing (May 2017)
- Speaker, “Cyberattacks: Incident Response Strategies to Reduce Legal Exposure,” ACC-SFBA CLE Lunch Seminars (May 2017)
- Panelist, “Hackers, phishers and squatters, oh my! Dealing with Cyberspace when lots of folks spy,” U.S. Court of Appeals Fifth Circuit Judicial Conference (May 2017)
- Speaker, “Cyber Security and the Move to the Cloud: The Practical and Legal Challenges of Securing and Controlling Data,” ACC-SFBA CLE Lunch Seminars (July 2016)
- Panelist, “Cybersecurity: the new reality,” San Francisco Regional Compliance & Ethics Conference (May 2016)
- Panelist, “Sleuthing: Investigation & Evidence Collection in a Cyber World,” HB Litigation Conference (February 2016)
- Speaker, “Practical Tips from 2015 Data Breach Litigation Decisions and Enforcement Actions,” ACC-SFBA CLE Lunch Seminars (January 2016)
- Panelist, “Protecting Information Assets in the Face of More Vexing Cyber Attacks,” 12th Annual Stanford E-Commerce Best Practices Conference, Stanford, CA (June 2015)
- Speaker, “Best Practices in Dealing with Post Cyber Attack Litigation Risk in 2015,” Knowledge Congress Live Webcast Series (June 2015)
- Panelist, “Data Security: Are There (Legal) Solutions?,” 4th Annual BCLT Privacy Law Forum: Silicon Valley (March 2015)
- Speaker, "The Internet of Things and United States Data Handling and Protection Laws: Risk & Opportunity in Big Data," Ropes & Gray Tokyo Morning Briefing Teleconference (February 2015)
- Speaker, “Sensitive Data & the Business Judgment Rule,” ACC-SFBA CLE Lunch Seminars (February 2015)
- Speaker, “Medical and Lifestyle Devices and Apps: Who Says You Can't Collect That Data?” IAPP Global Privacy Summit, Washington DC (March 2014)
- Speaker, “When it Happens to You: How to Navigate a Payment Card Breach,” West Coast Lunchtime Legal Briefing Teleconference (February 2014)
- Speaker, “By Design – Why Smart App Developers Don’t Wait Until Launch Before Thinking About IP and Data Privacy Matters,” West Coast Lunchtime Legal Briefing Teleconference (September 2012)