Joseph (Joe) Swanson is a former federal prosecutor who advises clients on a variety of issues related to cybersecurity and privacy. He brings significant experience investigating, responding to, and handling class actions and other litigation and regulatory inquiries related to data breaches, ransomware attacks, phishing attacks, business email compromises, wire diversion schemes, and similar cyber incidents. Joe also provides guidance on state and federal privacy laws and regulations to help clients safeguard sensitive information and maintain legal compliance.
Joe frequently represents clients in government and criminal investigations and conducts internal investigations. His experience in this area encompasses a range of issues, such as cybercrime, health care, False Claims Act investigations and litigation, theft of trade secrets, national security, government contracting, theft of government property, securities, public company accounting, and compliance with professional standards of conduct. Additionally, Joe defends companies, executives, and directors in shareholder and high-stakes commercial litigation and class actions. These matters have included securities claims, trade secret disputes, claims for breach of fiduciary duty, and claims for fraud and unfair trade practices.
Prior to joining Foley, Joe was a shareholder at a major Tampa-based law firm. Before that, he served as an Assistant U.S. Attorney in the U.S. Attorney’s Office for the Middle District of Florida. In that role, Joe investigated and prosecuted offenses involving cybercrimes, obstruction of justice, tax fraud, and money laundering. Joe tried multiple cases to verdict and handled hundreds of hearings and other proceedings on behalf of the government. He also advised other prosecutors on investigative techniques involving internet and email providers, computers, websites, and other electronic evidence as the computer hacking and intellectual property coordinator in Tampa. After law school, Joe clerked for the Hon. Judge J. Frederick Motz of the U.S. District Court for the District of Maryland. He worked as an analyst at Goldman Sachs & Co. before law school.
Representative Experience
Cybersecurity and Data Privacy
- Represented global manufacturing company in investigating and responding to cyberattack involving third-party software application.*
- Represented life insurance company in investigating and responding to cyberattack involving third-party software application.*
- Represented property and casualty insurance company in investigating and responding to ransomware attack.*
- Represented settlement administrator in investigating and responding to business email compromise and wire diversion scheme.*
- Defended health care provider in putative class action and federal regulatory investigation stemming from ransomware attack.*
- Represented automotive supplier in investigating and responding to ransomware attack.*
- Defended public entity against putative class action stemming from phishing attack.*
- Represented publicly traded construction company in investigating and responding to data breaches, which included notifications to individuals and regulators.*
- Represented construction company in investigating and responding to wire diversion scheme and business email compromise.*
- Represented electronics supplier in investigating and responding to ransomware attack, data breach, and fraudulent wire transfer scheme. Engagements included advising on contractual obligations with customers, coordinating with law enforcement, and notifying affected individuals and regulators.*
- Represented financial institution in investigating and responding to data breach, which included notifications to consumers and regulators, as well as post-mortem review and analysis.*
- Represented life insurance company in investigating and responding to phishing attack and business email compromise. Representation included notification to law enforcement and regulators.*
- Represented international retailer in investigating and responding to data breach suffered by third-party service provider.*
- Represented public entity in investigating and responding to data breach. Engagement included coordinating with law enforcement and notifying affected individuals.*
- Represented public entity in investigating and responding to cyberthreat. Engagement included vendor contract review and notifying affected individuals.*
- Conducted internal investigation for public company related to insider threat to corporate data.*
- Represented title insurance company in responding to computer-based fraud scheme. Representation included developing best practices for client to reduce threat.*
- Advised insurance company regarding OFAC compliance in connection with ransomware attack and claim.*
- Drafted and revised incident response guide and related policies and procedures for clients in various industries, including telecommunications, life insurance, financial services, and retail.
- Advised clients on compliance with privacy laws and regulations, including conducting data mapping, drafting privacy policies and related documentation, drafting and negotiating vendor contracts, and overseeing mock audits.*
- Advised private equity firm and other clients on cybersecurity and privacy due diligence in connection with investments and other corporate transactions.*
White Collar Crime and Government Investigations
- Represented executive and compounding pharmacies in defending against False Claims Act litigation.*
- Represented construction companies in responding to federal grand jury subpoenas.*
- Provided cybersecurity advice to client accused of computer crimes. Engagement included leading the depositions of government’s computer expert.*
- Represented business owner in responding to federal criminal tax investigation.*
- Represented durable medical equipment suppliers in multidistrict federal investigation involving alleged false claims and kickbacks.*
- Represented electronic health record company in responding to and resolving federal False Claims Act investigation. Engagement ended with resolution on favorable terms for the client.*
- Represented construction company in responding to federal contracting investigation. Engagement resulted in investigation being closed with no charges filed.*
- Represented national financial institution in conducting investigation related to grand jury subpoena.*
- Represented educational institution in responding to grand jury subpoena.*
- Defended pharmaceutical company and its executives in FDA investigation.*
- Defended individual against federal charges stemming from theft of government property.*
- Defended individual in SEC proceeding related to federal criminal conviction.*
Securities, Derivative, and Commercial Litigation
- Represented electronic health record company in multiple putative class actions in federal court stemming from federal DOJ investigation.*
- Represented former pharmaceutical executive in federal litigation involving allegations of federal and state securities violations.*
- Represented former officers and directors of retail company in responding to threatened claims of breach of fiduciary duty.*
- Represented publicly held insurance company in litigation that included claims of theft of trade secrets, breach of fiduciary duty, and breach of contract.*
- Defended former directors and officers of nonprofit organization against claims of breach of fiduciary duty associated with bankruptcy proceeding.*
- Defended six former officers of public company against claims asserted in federal and state court involving securities fraud, breaches of fiduciary duty, and other claims totaling hundreds of millions of dollars.*
- Represented the special litigation committee of a public company investigating claims involving federal securities violations, breaches of fiduciary duty, insider trading, and an accounting restatement.*
- Represented major insurance company in monitoring and analyzing securities litigation and insider trading investigation involving insureds.*
- Represented executive and corporate entities in garnishment proceedings in the U.S. District Court for the Middle District of Florida.*
- Represented pharmaceutical company in federal and state litigation, including multidistrict litigation, that involved allegations by state attorneys general and other plaintiffs regarding drug pricing.*
*Matters handled prior to joining Foley.
Awards and Recognition
- The Best Lawyers in America® – Commercial Litigation (2021-2024)
- Recognized as a top author in data privacy by the 2021 JD Supra Readers’ Choice Awards
- BTI Client Service All-Stars (2020)
- “Up & Comers,” Tampa Bay Business Journal (2017)
Affiliations
- American Bar Association
- Federal Bar Association
- Herbert G. Goldburg-Ronald K. Cacciatore Criminal Law American Inn of Court
- Hillsborough County Bar Association
Community Involvement
- U.S. District Court for the Middle District of Florida
- Chair, Magistrate Judge Merit Selection Panel (2017–2018)
- Clemency Project 2014
- Screening Committee
- The Sedona Conference
- Data Security and Privacy Liability Working Group
- FBI InfraGard, Tampa Chapter
Presentations and Publications
- Quoted, “What Broker-Dealers Need to Know About Reg S-P Amendments,” Traders Magazine (June 28, 2024)
- “Privacy and Cybersecurity Today and Tomorrow,” NAFA Annuity Distribution Summit, Nashville, TN (October 4, 2023)
- Panelist, Securities Section Breakout, Association of Life Insurance Counsel, 2023 Annual Meeting, Ojai, CA (May 8, 2023)
- “Breach Response Lifecycle,” 10th Annual Gasparilla Cybersecurity Summit, Tampa, FL (January 27, 2023)
- “Cybersecurity and Data Privacy and Rights Management,” ALI CLE Life Insurance Company Products 2022, Washington, DC (November 3, 2022)
- “Incident Response Guide, Second Edition,” Sedona Conference Working Group 11 Midyear Meeting, Cleveland, OH (November 2, 2022)
- “Managing Data Breach Liability and Exposure,” International Association of Privacy Professionals (October 26, 2022)
- “Don’t Go Up in Smoke: Best Practices for Managing the Latest Cybersecurity and Privacy Risks,” Association of Corporate Counsel, Tampa Bay Chapter, Tampa, FL (May 19, 2022)
- “Batten Down the Hatches: Cybersecurity Case Studies and Tips for Risk Mitigation and Effective Response,” 45th Annual Local Government Law in Florida, The Florida Bar, Naples, FL (May 6, 2022)
- “Board Oversight of Privacy and Cybersecurity Risks,” Private Directors Association, Tampa Bay Chapter, Clearwater, FL (April 27, 2022)
- “Charting Your Board Service Journey,” Tampa Bay Private Directors Association Webinar (June 22, 2021)
- “An Insider’s Look at Cybersecurity Cases,” Webinar for The Fund (October 20, 2020)
- “Cybersecurity and Privacy Update,” ACLI Annual Conference (October 13, 2020)
- “Panel: Lessons Learned from Cybersecurity Incident Response and Investigations” and “Cybersecurity and Privacy Legal Trivia,” Digital Hands’ Annual Client and Partner Event, Tampa, FL (January 24, 2020)
- “Latest Cybersecurity and Privacy Developments,” Independent Community Bankers of America (December 5, 2019)
- “U.S. Department of Justice’s View on Best Practices in Cybersecurity,” NetDiligence Cyber Risk Summit, Philadelphia, PA (June 14, 2017)
- “Aviation Cyber Security: Threats, Best Practices to Mitigate Risks, and Hot Topics,” Tampa Bay Aviation Association Inc., Tampa, FL (March 21, 2019)
- “Cybersecurity and Data Safeguarding for Broker-Dealers and Investment Advisers,” ABA Second Annual Current Issues in FINRA Arbitration and Enforcement, Tampa, FL (February 22, 2019)
- “Cybersecurity: Don’t Be the Next Target,” ABA Forum on Construction Law, Fort Myers, FL (January 19, 2018).
- “Through the Looking Glass: Tips for Business Litigators Handling D&O Claims in Bankruptcy Court,” ABA Sound Advice Podcast (October 12, 2017)
- “Cyber Security Legal Considerations,” Florida Institute of CPAs, Tampa, FL (September 26, 2017)
- “Responding to an Information Security Incident: Lessons From Private Legal Practice,” Tampa Bay Electronic Crimes Task Force, Tampa, FL (August 10, 2017)
- “Is Ransomware the New Normal?,” Annual Florida RIMS Educational Conference, Naples, FL (July 27, 2017)
- “Cyber Security, Wire Transfers and Insurance,” The Regulatory Fundamentals Group (February 28, 2017)
- “A Red Grenade in the Apple Orchard: Using Insurance to Mitigate Cyber Risk,” Digital Hands’ Annual Client and Partner Event, Tampa, FL (January 27, 2017)
- “An Interactive Data Breach Exercise,” The Sedona Conference Working Group on Data Security and Privacy Liability Annual Meeting, St. Petersburg, FL (January 16, 2017)
- “Strategic Cyber Defense for Companies: Practical Advice for Living With Cyber Risk,” with GulfShore Bank, Digital Hands, and Prida Guida & Co., Tampa, FL (November 10, 2016)
- “Stepping Up: Taking Your Compliance Program to the Next Level in an Era of Heightened Government Scrutiny,” ACC Annual Corporate Counsel Summer Symposium, Longboat Key, FL (August 12, 2016)
- “Incident Response Guide,” The Sedona Conference Working Group on Data Security and Privacy Liability Midyear Meeting, Redmond, WA (August 10, 2016).
- “Run Across the Rope Bridge: Data Security for Growth-Stage Companies,” GrowFL, Tampa, FL (August 2, 2016)
- “Enforcement and Litigation Update,” IRI Cybersecurity Forum, Washington, D.C. (July 19, 2016)
- “An Introduction to Internal Investigations for Non-Investigators,” CPE and CLE presentation at Protiviti’s CPE Conference, “Guidance Through Powerful Insights,” Tampa, FL (June 10, 2016)
- “Lost Laptops & Tempting Links II: Preparing for Data Breaches & Remaining Vigilant in the Modern Construction Environment,” Construction Financial Management Association breakfast meeting, Tampa, FL (March 24, 2016)
- “Data Breach Response Guide,” The Sedona Conference Working Group on Data Security and Privacy Liability Annual Meeting, Scottsdale, AZ (December 2, 2015)
- “IRI Cyber Security Forum,” IRI Government, Legal & Regulatory Conference, Washington, D.C. (July 1, 2015)
- “Strategies for Data Breach Prevention and Defending Data Breach Class Actions in the Financial Services Industry,” Insured Retirement Institute (March 4, 2015).
- “Use of Technology in Multidistrict Criminal Investigations,” Florida Cybercrime Forum, St. Petersburg College Center for Public Safety Innovation, St. Petersburg, FL (December 5, 2014)
Latest FCA Cybersecurity Settlement Shows Enforcement Remains a Priority Under Trump Administration
FCA-related cybersecurity enforcement continues under the Trump Administration.
The More Things Change… DOJ’s Latest Cyber Settlement Shows Continued False Claims Act Risk
FCA-related cybersecurity enforcement appears to be continuing under the Trump Administration.
April 2025 Midwest Cyber Security Alliance Meeting | Cyber Litigation and Enforcement Trends
Join us on Wednesday, April 9, 2025, at the next Midwest Cyber Security Alliance Meeting.
Investigating the Investigation: Navigating Regulatory Uncertainty in the Wake of a Breach
Following a cybersecurity incident, regulators are increasingly scrutinizing the breach response. This is especially true in the case of a mega breach.
Joseph Swanson Comments on Recent Cybersecurity FCA Settlement
Foley & Lardner LLP partner Joseph Swanson commented on a recent settlement in a health care and cybersecurity case in the Lexology article, "DOJ secures US$11 million cybersecurity-related False Claims Act Settlement."
Cybersecurity Litigation and Enforcement Trends
Joseph Swanson (Partner, Tampa) is joining UT Law CLE’s 47th Annual Corporate Counsel Institute to discuss “Cybersecurity Litigation and Enforcement Trends,” as data breaches continue to affect businesses and organizations.