In the privacy, security and information management arena, Mr. McLaughlin has:

• Assisted a Middle East government in development of its new data security and privacy law.
• Provided strategic advice to a globally-known e-commerce company regarding its EU Binding Corporate Rules application.
• Advised US environmental controls company on their implementation of a global HR database.
• Directed the strategy and implementation of a Fortune 20 company's corporate privacy program and Binding Corporate Rules application.
• Advised recruiting company on privacy rules across 45 countries.
• Developed Red Flag and Address Discrepancy programs for companies under FCRA.
• Guided a direct marketing company on preparation for its Safe Harbor certification.
• Advised software and medical device developers on data security and privacy compliance requirements.
• Counseled a global automotive company regarding its Safe Harbor recertification and management of onward transfers.
• Provided tactical advice to a Global 50 company's M&A team on international privacy rules.
• Trained the Corporate Audit team of an international company on privacy issues.
• Counseled a global healthcare company on the outsourcing of HR systems.
• Advised corporate officers on the international implementation of a SOX whistleblower program and associated registrations.
• Counseled international company on launch of new ecommerce site in US.
• Provided recommendations to US based wholesaler on PCI and information security requirements.

Prior to joining Foley, Mr. McLaughlin was in-house counsel for over eight years for different U.S. companies. This included assistant general counsel and the first global privacy leader for Cardinal Health, Inc., a Fortune 20 company with operations in over 30 countries. He was responsible for driving the strategy, policy and implementation of the company's first global privacy program and advising business units on products that store personal information. He also led the company's IT transactions, and technology and data aspects of its corporate transactions. Mr. McLaughlin's projects included the $3.3 billion sale of a pharmaceutical group with personal information and interconnected IT systems spanning 12 countries. Mr. McLaughlin is also former assistant general counsel for Sun Microsystems.

Mr. McLaughlin received his J.D. from Georgetown Law Center in 1993 and was the senior articles editor for the journal, Law & Policy in International Business. He earned his bachelor's degree from Columbia University in 1986.

Mr. McLaughlin is admitted to practice in Massachusetts and New York. He is a member of the American Bar Association (ABA) and is active in the Information Security Committee and the Cyberspace Law Committee. He is the founder and chair of the Business Law Section's Task Force on Business Technology Standards, and for four years he was co-chair of the Privacy Security & Data Management subcommittee for the Business Law Section. He served for five years on the board of directors for the International Technology Law Association and is co-chair of ITechLaw's Privacy Law Committee. He is also a member of the International Association of Privacy Professionals. In addition to his professional associations, Mr. McLaughlin serves on the advisory board for the Corporate Counsel Institute of Georgetown Law Center.

Mr. McLaughlin is a Certified Information Protection Professional (CIPP), certified by the International Association of Privacy Professionals.

Speaking Engagements

• "U.S. and Global Legal Standards for Information Security" – International Association of Privacy Professionals, Practical Privacy Series (Santa Clara, CA) June 2009
• "Social Networking within the Work Place – Strategic Advantage or Liability Bomb?" – International Technology Law Association (Seattle, WA) May 2009
• "Security Breach Notification and Identity Theft Detection: Putting All the Pieces Together" - Foley & Lardner webinar, April 2009
• "State Regulation of Data Security: Massachusetts and Beyond" – Checkpoint Software Conference (Boston, MA) April 2009
• "National Security Investigation Disclosure Requests and Your Customer Data" – Knowledge Congress webinar, April 2009
• "Security Breaches: Best Practices and Lessons Learned" - Foley & Lardner webinar, April 2009
• "How to Protect Your Company's Confidentiality, Privacy & Data Security in the Modern Electronic Age" – Georgetown Law Center, Corporate Counsel Institute (Washington, DC) March 2009
• "Data Security and the Law" – FTC Workshop on Securing Personal Data in the Global Economy (Washington, DC) March 2009
• "State Regulation of Data Security: Massachusetts and Beyond" – International Association of Privacy Professionals webinar, December 2008
• "Safe Harbor: Personal Transfers to the USA" – DataGuidance, International Data Transfers Briefing (London, UK) October 2008
• "Privacy Implications of Gene Mapping and Personalized Health" – International Association of Privacy Professionals (Orlando, FL) September 2008
• "Privacy Update: Employee Policies, Binding Corporate Rules, and Your Genetic Data" – US Conference Board's Chief Privacy Officer Council (Orlando, FL) September 2008
• "Anonymity and the Internet: Protecting Corporate Reputations and Consumer Privacy Against Cyber-Criminals and Other Bad Guys" – American Bar Association, CLE Program at Annual Meeting (New York, NY), August 2008
• "US Privacy Update: Quon v Arch Wireless – Check Your Monitoring Policy Now" – ITechLaw webinar, June 2008
• "The Healthcare Series: Privacy, Security and Confidentiality, What's Next?" – Celesq webinar, June 2008
• "Data Privacy and Security: Best Practices for Franchisors and Manufacturers" – Foley & Lardner LLP 17th Annual Law of Distribution and Franchise Seminar (Milwaukee, WI), May 2008
• "Ethics & Professionalism in IT Law" – International Technology Law Association (f/k/a Computer Law Association), 2007 Annual Conference (Chicago, IL), April 2007
• "Data Integrity: The Emerging Risk to SOX Reporting, E-Discovery and Information Protection" – American Bar Association, CLE Program at Business Law Section Spring Meeting (Washington, DC), March 2007
• "Prospects for a Federal Consumer Privacy Law" – American Bar Association, Subcommittee on Privacy Security & Data Management at Business Law Section Spring Meeting (Washington, DC), March 2007
• "Privacy & Health Data: EU and Canada" – Cardinal Health internal training (San Diego, CA), February 2007
• "Successful Strategies for Third Party Risk Management" – Executive Security Action Forum @ RSAConference2007 (San Francisco, CA), February 2007
• "Leveraging Resources: How a Global 50 company assesses risks, manages sensitive personal data and audits its processes in 30 countries with a privacy staff of One" – Privacy Laws & Business – Annual Conference (Cambridge, England), July 2006
• "Contracting for Information Security & Privacy Risks: What Every General Counsel and Transactional Attorney Needs to Know about Information Security" – American Bar Association, Information Security Committee (Faculty, Online Course), June 2006
• "Model Data Breach Notification Procedure and Payment Card Industry Information Security Standards" – American Bar Association, CLE Program at Business Law Section Spring Meeting (Tampa, FL), April 2006
• "Privacy and Information Technology Issues Associated with Physician Joint Ventures" – American Bar Association, CLE Program at Business Law Section Spring Meeting (Tampa, FL), April 2006
• "Compliance with Security Regulations while Using Open Source Software" – Central Ohio InfoSec Forum VII (Columbus, OH), May 2005
• "Regulatory Compliance and Process Controls Affecting Corporate Payment Systems" – International Accounts Payable Professionals (Columbus, OH), May 2005
• "Economic and Ownership Issues regarding Open Source Software" – Northwest Ohio CIO Forum (Toledo, OH), May 2005
• "The Evolving Law of Entertainment Content on the Internet" – Computer Law Association, 2005 Annual Conference (Washington, DC), May 2005
• "Competition in Licensing Models: Open Source" – Computer Law Association, First International Asian Conference (Bangalore, India), February 2005
• "Introduction to Trademark Law" – Columbus Bar Association, (Columbus, OH), December 2004
• "Educating Senior Management on the Legal Aspects of Information Technology" – Information Systems Security Association, Information Security Summit 2004 (Cleveland, OH), December 2004
• "Records Management: Not Just Another Dumb Policy" – Results Engineering Digital University (Louisville, KY), October 2004
• "Information Security & Forensics" – High Technology Crime Investigation Association (Dayton, OH), October 2004
• "Records Retention: An Essential Part of Corporate Compliance" – Results Engineering Digital University (Columbus, OH), September 2004
• "Customer Identity Theft & Banks' Obligations" – Ohio Bankers League, 2004 Blythe School (Columbus, OH), September 2004
• "Security and Indemnification Issues in Open Source Software Models" – Computer Law Association, 2004 Annual Conference (Washington, DC), May 2004
• "Virtual Workplace Employment Issues: Balancing Security & Privacy" – Computer Law Association, 2003 Annual Conference (Washington, DC), May 2003
• "Corporate Counsel Roundtable: Security & Privacy in the Corporation" – Advanced Computer & Internet Law Institute (Washington, DC), March 2003
• "Valuation, Taxation & Licensing of Intellectual Property" – Licensing Executives Society, Britain & Ireland (Dublin, Ireland), February 1998
• "International Licensing Strategies – US Approaches", Irish Software Association (Dublin, Ireland), May 1997
• "International Mergers & Acquisitions" – Panel, New York State Bar Association, International Section – Fall Meeting (Monte Carlo, Monaco), October 1996
• "Trade in Services" – Panel, US / Ireland Conference (Pittsburgh, PA), October 1996

Publications & Quotes

• "FTC Delays Enforcement of Red Flags Rule," - Foley & Lardner LLP – Legal News Alert, April 2009
• "FTC Issues Proposed Rule Addressing Data Breaches of Electronic Health Information — Broad Range of Companies Likely Affected," - Foley & Lardner LLP – Legal News Alert, April 2009
• "Industry Data Security Guidance, Not New Laws, May Be Best Path" – BNA Privacy & Security Law Report 8 PVLR 462, March 2
• "Massachusetts Delays Implementation of New Data Security Regulations," - Foley & Lardner LLP – Legal News Alert, November
• "Massachusetts Data Security Regulations Impose Strict Controls on Employers and Retailers, Impact Outsourcing Relationships," - Foley & Lardner LLP – Legal News Alert, October 2008
• "Cross-Border Data Flows and Increased Enforcement" – IEEE Security & Privacy Magazine, September/October 2008
• "The Implications of Google Health on Medical Devices Design" – Foley & Lardner LLP – Legal News: Medical Devices, July 2008
• "Privacy Standards Help Safeguard Online Healthcare Data" – Secure Computing Magazine, June 2008 
• "Experts Try to Make Sense of Hannaford Data Breach" – Secure Computing Magazine, March 2008
• "Mexico's Antidumping and Countervailing Duty Laws: Amenable to a Free Trade Agreement?" – 23 Law & Policy in International Business 1009 (1992)