Recent Publications

Sony Pictures Hit With Class Actions Arising from Recent Data Breach

Two groups of former Sony employees filed putative class actions this week arising from the company’s recent data breach. >>

Second Circuit Clarifies Tippee Liability for Insider Trading

In a landmark opinion released on December 10, 2014, the Second Circuit clarified the scope of tippee liability for insider trading in that circuit by requiring a tippee to have knowledge that a tipper gained a personal benefit from the disclosure of material nonpublic information. >>

FCC Brings Its First Data Breach Enforcement Action

The Federal Communications Commission (“FCC”) is the latest government agency to make a foray into data breach enforcement, proposing a $10 million fine against two telecommunications carriers for failing to protect the personal information of up to 305,000 consumers. >>

Key Developments in Privacy and Data Security

Cyber threats are inarguably on the rise, and regulators and law enforcement are stepping up their efforts to ensure that companies are managing personal data responsibly, creating a perfect storm of risk. More and more, our clients are asking, “What can we do to protect ourselves?” The answer? Be aware of the risks, understand the legal implications, and prepare for the inevitable. >>



Timothy Newman

Associate

Dallas


2323 Victory Avenue
Suite 700
Dallas, 75219
T +1 214.651.5029
F +1 214.200.0611

Áreas de Practica

Educación

  • J.D., William & Mary Law School, 2009, Editor in Chief, William & Mary Bill of Rights Journal
  • B.A., History, Texas A&M University, 2006, Texas Aggie Corps of Cadets, 2001-2005

Bar Admissions

  • Texas, 2009

Court Admissions

  • U.S. District Court for the Southern District of Texas
  • U.S. District Court for the Northern District of Texas

Judicial Clerkships

Law Clerk, The Honorable Andrew S. Hanen, U.S. District Judge for the Southern District of Texas, 2009-2010
Timothy Newman

Tim Newman is an associate in Haynes and Boone's Dallas office and is a member of the firm's White Collar Criminal Defense and Privacy and Data Breach practice groups. He helps clients in a variety of industries navigate the complex legal issues surrounding cyber security and data breach, including incident investigation, disclosure, and litigation. He also defends clients against investigations and enforcement actions by government agencies, including the Securities and Exchange Commission and the Department of Justice.

Selected Representations

  • Internal investigation and remediation of a data security breach at a Fortune 200 transportation company; civil prosecution of entity responsible for the security breach.
  • Internal investigation of data security breach at high profile specialty retailer that implicated payment card information and personal identifying information; counsel client on numerous post-breach issues including disclosure obligations, public disclosure, negotiation of fraud recovery and operational reimbursement fines and penalties with card brands, and related counseling regarding collateral litigation; counsel client on insurance coverage for breach-related expenses. 
  • Investigation of former employee’s sabotage of company computer network; referral to federal law enforcement and prosecutors, resulting in guilty plea to felony charges and finding of restitution.
  • Advice to organizations in multiple industries regarding data breach disclosure requirements to customers, employees, and regulators; draft and coordinate delivery of disclosures. 
  • Guidance to public companies regarding disclosure requirements under federal securities laws, including disclosure of cyber incidents, cyber risks, and U.S. and foreign government investigations.
  • Advised an engineering and procurement firm regarding the Federal Computer Fraud and Abuse Act and the Federal Stored Communications Act following an employee's suspected theft of trade secrets and proprietary data.
  • Represent individuals and financial institutions against Securities and Exchange Commission investigations of alleged insider trading.
  • Representation of AT&T before the DOJ and FCC on antitrust matters related to proposed acquisition of T-Mobile USA, including pre-merger integration counseling and planning. 
  • Five solo jury trials and one solo bench trial as a visiting prosecutor for the City of Arlington, obtained a guilty verdict in all six cases.

Recent Publications and Speeches

  • "A Focus on Cybersecurity Litigation Risks and Liabilities," presented to the General Counsel Forum, November 6, 2014.
  • "A Guide to Data Protection and Breach Response—Part 2," Intellectual Property & Technology Law Journal, Vol. 26, No. 8, August 2014.
  • "A Guide to Data Protection and Breach Response—Part 1," Intellectual Property & Technology Law Journal, Vol. 7, No. 3, July 2014.
  • "Understanding Cyber Risks," presented at the Texas Aggie Bar Association Annual Conference, March 1, 2014.
  • "Cyber Incidents," presented at the Arthur J. Gallagher & Company Privacy and Cyber Liability Seminar, October 9, 2013.
  • "Protecting Critical Business Data," presented to The STAR Alliance, September 10, 2013.
  • "Four Key Issues in Cloud Storage," guest co-author with Bill Morrison, Texas Lawyer, July 3, 2013.
  • "Cyber Attacks Pose Serious Threat. Be Prepared." guest author, Dallas Business Journal, May 10, 2013.
  • "The Antitrust Implications of Health Care Reform," co-author with Bill Morrison, ABA Antitrust Section Joint Conduct Committee E-Bulletin, Spring 2012.

Selected Professional and Community Activities

  • Dallas Association of Young Lawyers, Board of Directors 
  • Dallas Association of Young Lawyers Leadership Class 2012
  • Walnut Hill United Methodist Church, Board of Trustees
  • Dallas Bar Association

Selected Representative Experience


Security Incident Investigation and Reporting
Represented wellness company in investigation of alleged hacking incident involving information system containing protected health information; analyzed notification obligations as a HIPAA business associate and under state law in 50 states; assisted with disclosures and communications to affected governmental agencies, customers and individuals.

Advice Regarding Employee Theft of Proprietary Data
Advised an engineering and procurement firm regarding the Federal Computer Fraud and Abuse Act and the Federal Stored Communications Act following an employee's suspected theft of trade secrets and proprietary data.

Network Sabotage Investigation
Investigation of former employee’s sabotage of company computer network and referral to federal law enforcement and prosecutors, resulting in guilty plea to felony charges and finding of restitution.

Liability for Alleged Breach of Customer Payment Card Information
Internal investigation of data security breach at high profile specialty retailer that implicated payment card information and personal identifying information; counsel client on numerous post-breach issues including disclosure obligations, public disclosure, negotiation of fraud recovery and operational reimbursement fines and penalties with card brands, and related counseling regarding collateral litigation; counsel client on insurance coverage for breach-related expenses.

Data Breach Investigation
Investigate theft of payment card data and other personal identifying information from hotel; liaise with law enforcement and payment card sponsors; draft and deliver disclosures to card processors, consumers, and regulators in domestic and international jurisdictions; counsel client regarding insurance coverage for data breach claims.

Data Breach Investigation and Litigation
Internal investigation and remediation of a data security breach at a Fortune 200 transportation company, including coordination with law enforcement and forensic investigators. Achieved favorable settlement of civil claims against entity responsible for the security breach.

Antitrust Counseling in Proposed Telecommunications Acquisition
Represented AT&T before the DOJ and FCC on antitrust matters related to proposed acquisition of T-Mobile USA, including pre-merger integration counseling and planning.

Online Publications

12/18/2014 - Sony Pictures Hit With Class Actions Arising from Recent Data Breach
Two groups of former Sony employees filed putative class actions this week arising from the company’s recent data breach.

12/12/2014 - Second Circuit Clarifies Tippee Liability for Insider Trading
In a landmark opinion released on December 10, 2014, the Second Circuit clarified the scope of tippee liability for insider trading in that circuit by requiring a tippee to have knowledge that a tipper gained a personal benefit from the disclosure of material nonpublic information.

10/29/2014 - FCC Brings Its First Data Breach Enforcement Action
The Federal Communications Commission (“FCC”) is the latest government agency to make a foray into data breach enforcement, proposing a $10 million fine against two telecommunications carriers for failing to protect the personal information of up to 305,000 consumers.

10/24/2014 - Key Developments in Privacy and Data Security
Cyber threats are inarguably on the rise, and regulators and law enforcement are stepping up their efforts to ensure that companies are managing personal data responsibly, creating a perfect storm of risk. More and more, our clients are asking, “What can we do to protect ourselves?” The answer? Be aware of the risks, understand the legal implications, and prepare for the inevitable.

10/20/2014 - CFPB Relaxes Rules Governing Privacy Disclosures
The Consumer Financial Protection Bureau (“CFPB”) announced today that it would allow financial institutions to provide their privacy notices to consumers online and would no longer require annual distribution of paper copies, provided that the institutions meet certain requirements.

09/18/2014 - The SEC Continues its “Broken Windows” Initiative with Charges of Late Filings of Ownership Reporting and Rule 105 Violations
In the last week, the Securities and Exchange Commission has announced charges in two separate investigations related to its “Broken Windows” initiative, signaling that the Commission’s focus on what some may characterize as “minor violations” will continue.

05/30/2014 - Directors Beware: ISS Urges Ouster of Target’s Directors in the Wake of its Data Breach
Institutional Shareholder Services (“ISS”), a prominent proxy adviser, has issued a report urging Target Corporation’s shareholders to oust seven of the company’s directors for “failure to provide sufficient risk oversight” on cybersecurity.

05/14/2014 - Company Faces Shareholder Derivative Suit Following Series of Data Breaches
A shareholder of a major public hotel corporation recently filed a derivative suit against several of the company’s officers and directors alleging they violated their fiduciary duties, wasted corporate assets, and were unjustly enriched in connection with three separate data breaches between 2008 and 2010.

05/08/2014 - A Desk Guide to Data Protection and Breach Response - Special Series
If your business is connected to the Internet, it is vulnerable to attack, either by willful perpetrators intent on exfiltrating your proprietary or sensitive data for their own personal gain, or by casual hackers or hacktivists intending to cause damage to your business.

04/09/2014 - Court Rules that FTC has Authority to Regulate Corporate Cybersecurity
Beleaguered companies suffering from data breaches got more bad news when a federal judge held that the United States Federal Trade Commission (the “FTC”) has the authority to regulate corporate cybersecurity practices.

03/06/2014 - A Desk Guide to Data Protection and Breach Response - Part 4
In this installment of our special series, A Desk Guide to Data Protection and Breach Response, we discuss strategies companies should implement once they suspect a data breach has occurred.

02/27/2014 - In Stanford-Related Cases, Supreme Court Allows State-Law Fraud Class Actions, Limiting the Extent of Federal Preclusion
On February 26, 2014, the Supreme Court held that state-law fraud class actions brought against attorneys, insurance brokers and others arising from Ponzi-scheme claims involving R. Allen Stanford could proceed.

02/20/2014 - A Desk Guide to Data Protection and Breach Response - Part 2
In this installment of our special series, A Desk Guide to Data Protection and Breach Response, we discuss how companies can create a tailor-made data security plan to limit their breach exposure.

02/13/2014 - A Desk Guide to Data Protection and Breach Response - Part 1
The news has been filled with stories of high-profile data breaches, exposing breached companies to intense and negative scrutiny from lawmakers, regulators, media, customers, and plaintiffs’ attorneys. Other companies that handle personal information have been asking us how they can avoid a similar fate. In the coming weeks, we will be exploring that issue through our special series, "A Desk Guide to Data Protection and Breach Response."

02/05/2014 - California AG Cracks Down on Timing of Data Breach Disclosures
Kaiser Foundation Health Plan, Inc. (“Kaiser”) has agreed to pay $150,000 to settle claims by the California Attorney General (the “AG”) that Kaiser’s notification to California residents regarding a breach of their personal information was unreasonably delayed. In its suit, the AG alleged that Kaiser should have provided notice as soon as it determined that particular individuals’ information had been or was “reasonably believed to have been” breached – even before Kaiser concluded its internal investigation.

12/19/2013 - Prosecutors Obtain First RICO Conviction in a Cybercrime Case
A federal jury in Nevada recently convicted 22-year-old David Ray Camez of violating the Racketeering Influenced and Corrupt Organizations Act (“RICO”) for his association with a “carder” website, Carder.su.

12/16/2013 - The IP Beacon, December 2013
The IP Beacon is a Haynes and Boone Newsletter highlighting current issues in Intellectual Property Law.

10/25/2013 - Supreme Court Considers the Scope of Federal Preclusion over Class Actions Relating to Securities
The United States Supreme Court heard arguments earlier this month in three important securities cases regarding the preemptive scope of the federal securities laws. At issue is the meaning of the phrase “in connection with the purchase or sale of a covered security” under the Securities Litigation Uniform Standards Act of 1998 (“SLUSA”).

10/02/2013 - Fifth Circuit Expansion of Cyber Liability?
The Fifth Circuit Court of Appeals recently held that a company may be liable for weak cybersecurity measures that cause another party economic injury, even if there is no contractual relationship between the parties.

08/15/2013 - White House Reports on Recommended Incentives for Adopting Cybersecurity Framework
The White House recently issued a report outlining potential incentives that may be available to companies that adopt the voluntary cybersecurity framework currently being developed by the National Institute of Standards and Technology.

07/03/2013 - Texas Lawyer Guest Article: Four Key Issues in Cloud Storage
The possibility of storing data in the cloud signals a fundamental change in the way businesses manage and store their electronic information. What has not changed, however, is a company's responsibility with respect to document retention and electronic discovery in litigation.

05/10/2013 - Dallas Business Journal Guest Article: Cyber Attacks Pose Serious Threat. Be Prepared.
The Director of National Intelligence recently reported that cyber attacks are the No. 1 threat to our national security. But cyber crime is not just a threat to our national security; it is a threat to many of the organizations we represent.

04/25/2013 - California Man Convicted of Hacking into Former Employer’s Computer Network
A jury in the Northern District of California has convicted David Nosal of violating the Computer Fraud and Abuse Act (“CFAA”) by accessing his former employer’s computer network without authorization to obtain confidential information for use in a competing business.

04/17/2013 - California Computer Hacking Case Highlights Important Circuit Split on the Computer Fraud and Abuse Act
The computer hacking trial of David Nosal is under way in federal district court in California. The trial is being followed with interest in the business community because it is the latest development in a case that highlights an important split in the interpretation of the Computer Fraud and Abuse Act (“CFAA”) that has far-reaching ramifications with respect to liability–and protection for companies’ proprietary information.

04/09/2013 - Dallas Association of Young Lawyers Dicta Guest Article: Understanding Cyber Risks
The Director of National Intelligence recently reported that cyber attacks are the number one threat to our national security. But cybercrime is not just a threat to our national security; it is a threat to many of the organizations we represent.

03/14/2013 - Cyber Attacks are the Number One Threat to National Security
The U.S. Director of National Intelligence, James Clapper, advised the Senate Intelligence Committee this week that cyber attacks are the number one threat to national security.

03/12/2013 - Public Companies Increasingly Disclosing Cybersecurity Risks
An increasing number of public companies - particularly banks and financial institutions - are disclosing cybersecurity incidents in their filings with the Securities and Exchange Commission.

03/06/2013 - Texas Executive Convicted of Hacking Former Employer’s Computer Network
A federal jury in the Northern District of Texas has convicted Michael Musacchio, a former logistics company executive, of violating the federal Computer Fraud and Abuse Act.

02/19/2013 - President Obama Signs Cybersecurity Executive Order
President Obama recently signed an executive order focused on improving the security of the nation’s infrastructure from cyber attack.

01/31/2013 - PCAOB Auditing Standard No. 16 Outlines Requirements for Communications between Audit Committees and Auditors
The Public Company Accounting Oversight Board (“PCAOB”) recently issued Auditing Standard No. 16, Communications with Audit Committees (“Standard 16”), to provide a framework for the discussions that an auditor must undertake with the audit committee of its public company clients.

09/17/2012 - Law360 Guest Article: Fraley V. Facebook: Impact On Class Action Litigation
It is not uncommon in class actions for parties to reach a settlement that provides nonmonetary relief to the plaintiffs and a payment of attorneys’ fees to class counsel. In August, however, a California federal court denied preliminary approval of such a settlement.

09/13/2012 - Not So Fast: Recovering Plaintiff Attorneys’ Fees in Non-Monetary Class Action Settlements Just Got Harder
It is not uncommon in class actions for parties to reach a settlement that provides non-monetary relief to the plaintiffs and a payment of attorneys’ fees to class counsel. In August, however, a California federal court denied preliminary approval of such a settlement.

05/31/2012 - Information Sharing: Still Risky After All These Years
Two recent antitrust matters serve as reminders that exchanging sensitive information with business competitors can pose significant antitrust risks – particularly when companies stray from the “safety zones” established by the federal antitrust enforcement authorities.

05/24/2012 - Information Sharing: Still Risky After All These Years
Two recent antitrust matters serve as reminders that exchanging sensitive information with business competitors can pose significant antitrust risks – particularly when companies stray from the “safety zones” established by the federal antitrust enforcement authorities.

03/22/2012 - The Antitrust Implications of Health Care Reform
The current hot topic among health care providers is whether to join an accountable care organization (“ACO”). With this interest in consolidation comes the latest round of antitrust scrutiny.

07/21/2011 - Armor Holdings, Inc., Settles Foreign Corrupt Practices Act Claims with SEC, DOJ
Armor Holdings, Inc., recently resolved allegations that it violated both the anti-bribery and accounting provisions of the Foreign Corrupt Practices Act. Because of Armor’s extensive cooperation with the government, it was able to obtain a non-prosecution agreement from the Department of Justice and a settlement from the Securities and Exchange Commission.

07/19/2011 - Tax-Exempt Hospitals Face New Reporting Requirement of Community Health Needs Assessment
The Internal Revenue Service has proposed guidelines detailing how tax-exempt hospitals can conduct a Community Health Needs Assessment (CHNA), as required in the 2010 Patient Protection and Affordable Care Act (PPACA).

07/11/2011 - Company Settles with State Attorney General Over Failure to Disclose Data Breach
WellPoint, Inc. recently reached a settlement with the Indiana Attorney General following its failure to disclose a security breach involving consumers’ personal information.

07/06/2011 - Texas Legislation Further Limits Ban on Corporate Practice of Medicine
During the 2011 legislative session that just ended, Texas Governor Rick Perry signed into law a bill that allows rural hospitals to employ physicians, known as the “corporate practice of medicine,” despite the state’s long-standing ban on such practices.

06/27/2011 - U.S. Senate Conducts Further Inquiry into Relationships Between Medical Device Manufacturers and Physicians
Earlier this week, the U.S. Senate Finance Committee requested documents and information from a medical device manufacturer related to the financial relationship between the manufacturer and physicians who conducted clinical trials of one of its devices.

05/19/2011 - SEC Announces First-Ever Deferred Prosecution Agreement
The Securities and Exchange Commission has reached its first-ever deferred prosecution agreement (“DPA”) with Tenaris, S.A., a global supplier of steel pipe products to the oil and gas industry. Tenaris disclosed to the Commission that its employees had engaged in conduct that potentially violated the Foreign Corrupt Practices Act (“FCPA”).

05/13/2011 - FTC Orders Texas Doctors' Group to Cease Joint Price Negotiations with Insurers
Southwest Health Alliance (“Southwest”), an independent practice association with approximately 900 member-physicians, has agreed to a proposed order recently entered by the Federal Trade Commission (“FTC”) settling charges that it engaged in anticompetitive conduct in its dealings with insurers and other payors for the provision of physician services (collectively, “insurers” or “payors”).

05/09/2011 - SEC Needs more than Transaction-Based Compensation to Prove Broker Activity
A Florida court has rejected the Securities and Exchange Commission’s single-factor transaction-based compensation test for broker activity, perhaps signaling a more favorable view toward “finders” in the future. The court held that an array of non-exclusive factors should be evaluated to determine whether a finder engaged in broker activity.