Matthew Cin advises a broad range of clients on global data privacy and cybersecurity issues, and on technology transactions and other commercial contracts. Matthew represents technology companies, cloud service providers, brick and mortar and e-commerce retailers, financial institutions, health care providers, health information technology vendors and consumer products manufacturers with US and international privacy, and data security breach response issues, including navigating comprehensive state privacy laws, such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), Virginia’s Consumer Data Protection Act and the Colorado Privacy Act, the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Telephone Consumer Protection Act (TCPA), Children’s Online Privacy Protection Act (COPPA), and other international, federal and state laws. 

Matthew also counsels clients on global product launches, product, website and mobile app reviews, online content regulation and liability, and other areas of regulatory compliance. He also helps clients implement biometric technologies, beacon tracking devices, and internet of things devices and services. He has a wealth of experience advising key industry players on compliance with the Illinois Biometric Privacy Act and other similar biometrics laws.

Matthew guides clients during data breach response matters and helps clients protect personally identifiable information and infrastructure from cyber threats. 

Matthew was previously an associate at another substantial data, privacy & cybersecurity practice prior to joining Ropes & Gray.


Data Privacy

  • Counsel national logistics company on compliance with biometric privacy laws related to its AI-enabled biometric cameras installed in vehicles. 
  • Advised large international video game development company on the applicability of CCPA and compliance with state biometric privacy laws.*
  • Assisted multiple brick and mortar and e-commerce businesses with the development of email- and automated text message-based marketing programs in compliance with TCPA and the CAN-SPAM Act.*
  • Advised international retailer on biometric privacy compliance with respect to its use of biometric-enabled cameras for asset protection in its brick-and-mortar stores.*
  • Advised retailers, internet companies, digital health developers, hospital systems, and other businesses regarding global product launches, including drafting consumer-facing privacy policies and user agreements, and revising data protection policies and procedures to comply with the GDPR and other international privacy laws.*
  • Provide regulatory counseling to data analytics software provider that developed recording solution that can identify individuals by voice recognition.*
  • Developed GDPR-compliant policies and procedures for several clients operating in controller and processor capacities.*
  • Advised a multi-billion dollar, international brick and mortar retailer with privacy and consumer protection law requirements affecting its launch of a mobile shopping application.*
  • Regularly assess compliance with biometric privacy laws as part of privacy and regulatory compliance reviews in strategic transactions.

Data Security

  • Represented an international brick-and-mortar retailer in responding to a 50-state data security breach.*
  • Advised a health industry service provider assess its data security breach notification obligations under HIPAA.*
  • Advised HIPAA covered entities in responding to data security breaches.*

Technology Transactions

  • Represented several retailers in negotiating contracts to procure retail information systems and services.*
  • Represented software providers and other cloud computing vendors in negotiating cloud computing and application development arrangements.*
  • Negotiated amendments to cloud service agreements to address GDPR contracting requirements for a global technology service provider.*
  • Represented hospital systems in negotiations with EMR providers for EMR acquisition and implementation.*
  • Represented a large regional grocery retailer on a multi-million dollar software development and implementation of a centralized distribution center.*

*Experience prior to joining Ropes & Gray

Areas of Practice