Jim Harvey is a partner in the Technology and Privacy Group and co-chairs the firm’s Privacy & Security task force and the firm’s Cybersecurity Preparedness & Response Team.
Jim’s practice involves board-level and enterprise-wide issues at the intersection of global cybersecurity, privacy, technology and data initiatives. Given his decades-long experience in the technology space, Jim was one of the first lawyers in the United States to focus on the criticality of privacy and data management issues for global corporations. This immersion in technology and data matters motivated Jim to found both the firm’s Privacy & Security task force and the firm’s Cybersecurity Preparedness & Response Team, well before other firms realized these issues faced their clients. Today, Jim and these teams assist multinational clients from a wide array of industries with a full spectrum of cyber, privacy and technology issues, adversarial matters and transactions, including everything from preparing companies and their boards for cybersecurity risks, responding to network intrusion and other security incidents, collecting, storing, processing and monetizing personal and corporate data around the globe, and acquiring technology and services in today’s networked world.
Privacy and Data Security:
- Represented one of the world’s largest payment processing companies in all phases of unauthorized intrusion into their network and all associated third-party actions and proceedings, including state attorneys general, Federal Trade Commission, federal financial services regulators and multiple international financial services regulators and enforcement agencies.
- Represented several of the world’s largest research-based manufacturers in all phases of advanced persistent threat attacks from nation-state threat actors targeting both intellectual property and other corporate and personal data.
- Represented two of the world’s three largest retailers in all phases of data security and network intrusion incidents, including law enforcement, internal investigation, PCI and PFI investigations and card brand investigations, negotiations and remediation initiatives, and resulting litigation.
- Assisted Global 200 banks, financial services and insurance concerns, retailers, health care providers and payments processors with all phases of cybersecurity preparedness, including assessment of policies and procedures, board advice and presentations, preparation of incident response plans, and announced/blind/double blind tabletop exercises.
- Assisted one of the world’s largest banks, one of the world’s largest logistics companies, one of the world’s largest technology services providers and one of only eight SIFMUs (systemically important financial market utilities) in GDPR analysis and implementation, including all aspects of post-Schrems EU-U.S. data transfer issues, such as the Privacy Shield, model contracts and binding corporate rules.
- Assisted an international retailer in a comprehensive overhaul of its privacy, security, PCI and data management practices during both FTC and multiple state attorneys general investigations.
- Advised one of the world’s largest interactive marketing providers in an international criminal network intrusion involving records of more than 60 million individuals worldwide.
- Advised a major retailer in a breach involving more than 1 million names and Social Security numbers in all 50 states.
- Assisting an offshore multinational bank and financial services entity on its data gathering, use and transfer compliance program spanning three continents, including the EU.
- Assisting one of the world’s largest private companies in design, development and compliance initiatives for a consolidated database of employee information for more than 700 subsidiary companies in more than 20 countries.
Technology and Technology Driven Services
- Represented one of the world’s largest financial institutions in all phases of a cloud implementation in 37 countries, including privacy, security, regulatory and transactional matters.
- Represented one of the world’s largest insurance and financial services entities in worldwide cloud implementation valued at approximately $500 million.
- Represented one of the world’s largest insurance and financial services concerns in the establishment of a shared services organization, involving multiple comprehensive sourcing initiatives in HR, finance and accounting, applications development and maintenance, IT infrastructure and claims processing.
- Represented a UK private equity investment group in the acquisition of a U.S.-based outsourcing provider in the health care space and subsequent move of substantially the entire service delivery infrastructure offshore.
- Represented one of the world’s largest hybrid public-private banking concerns in the integration and license of a comprehensive enterprise resource planning system involving operations in at least 23 countries.
- Representation of one of the world’s largest money managers in the “transfer” portion of a build/operate/transfer transaction, addressing tax, benefits, intellectual property and other issues arising in moving approximately 500 FTEs from a niche provider’s facilities in a software technology park in India to a newly created special economic zone.
- Unique BPO transaction on behalf of a Fortune 200 insurer, sourcing novel and core aspects of regulated activities to an Indian service provider.
- Represented a state agency in its acquisition of development and fiscal agent services in a Medicare/Medicaid implementation processing approximately $12 billion per year in health care related payments.
- Multiple comprehensive and single-process HR transactions, including one transaction involving 43 client jurisdictions and two of the largest five HR transactions during 2009 and 2010.
- Multiple applications development and maintenance and business process transactions, including finance and administration, transaction processing, procurement and customer care transactions (onshore, offshore and near-shore, including jurisdictions as diverse as Canada, Ireland, Ghana, Guatemala, India, the Philippines, Vietnam, China, Romania and Poland).
Alston & Bird today announced that former federal prosecutor Michael Zweiback has rejoined the firm as partner in its Privacy & Data Security Practice and Government & Internal Investigations Group, bringing not only extensive experience in cybersecurity, but also an exceptional background in white collar criminal defense and government enforcement litigation.
March 23, 2016
Eighty-two Alston & Bird attorneys have been named in the 2016 edition of “Georgia’s Top Rated Lawyers.”
March 8, 2016
The U.S. Federal Trade Commission (FTC) has dropped its data-breach case against LabMD following admission by the agency’s own administrative law judge that it had failed to prove that the company harmed customers by mistakenly exposing patient data on a file sharing network.
November 19, 2015
In the News
In dismissing its data-breach case against LabMD, the U.S. Federal Trade Commission’s (FTC) own administrative law judge concluded that the agency had failed to prove that the lab’s allegedly lax data security had caused any actual consumer harm, marking the first defeat for an agency that has successfully brought such cases against dozens of companies.
November 16, 2015
In the News
Alston & Bird today announced an important expansion of its Brussels office with the arrival of a new partner and two additional attorneys in the firm’s Privacy & Data Security Practice.
September 9, 2015
Don’t overlook the NIS Directive among the flood of new EU privacy laws and regulations. Our Privacy & Data Security Group surveys the complexity of the directive and its integration with other EU data security efforts.
March 29, 2016
Data security breaches are nearly inescapable these days. Our Privacy & Data Security Group offers practical considerations to factor third-party vendors into your cyber risk management and incident response strategies.
January 25, 2016
This advisory discusses new Federal Trade Commission (FTC) guidance for advertising online. Entitled “.com Disclosures: How to Make Effective Disclosures in Digital Advertising,” the new guidance comes in response to consumers’ growing use of mobile devices and social media applications, and advertisers’ efforts to reach consumers via these new devices and media. The FTC’s guidance emphasizes that the same consumer protection laws that apply to traditional advertising also apply to online advertising. The FTC issued the guidance, however, to address some of the unique advertising issues that arise in advertising on mobile devices and in social media.
March 26, 2013
Yesterday, the White House released an Executive Order titled “Improving Critical Infrastructure Cybersecurity” (the “Order”). The Order was signed by the President yesterday and announced during his State of the Union Address. The Order represents an attempt by the President, frustrated by a lack of Congressional action, to improve a perceived vulnerability to cyber attacks within the Nation’s critical infrastructure.
This cyber alert, presented in a “frequently asked questions” format, summarizes several key aspects of the Order.
February 13, 2013
Distributed Denial-of-Service (DDoS) attacks are not a new method employed by cyber criminals to inflict damage on victim entities’ networks. In fact, DDoS attacks were one of the first types of online crimes to appear in the dawn of the Internet age. In the past several years, however, cyber threat actors have rekindled this attack to produce two new variants, both of which specifically target the financial services sector.
February 12, 2013
- Active participant in the Free Software Foundation’s efforts to develop version 3.0 of the General Public License
- State Bar of Georgia, Technology Law Section (two-time chair)
- State Bar of Georgia, Intellectual Property Section
- Atlanta International School, board of trustees (former)
- Phi Beta Kappa
- Named to “Top Rated Lawyers” by The American Lawyer for Intellectual Property
- Recognized for a number of years as one of “America's Leading Lawyers” for information technology matters
- Recognized for a number of years as one of America’s leading lawyers in business process outsourcing by Chambers USA
- International Who’s Who Legal - Information Technology Lawyers (2013–2016)
- Recommended IT lawyer in Georgia by IT Law Experts (2014)
- Recognized as a “Lawyer of the Year” by Best Lawyers (2014)
- Recognized as one of Georgia’s “Super Lawyers” for a number of years
- Recognized by Best Lawyers for Information Technology Law (Outsourcing) Privacy and Data Security Law since 2008
- Selected as an “IP Star” by Managing IP (2013–2016)