Photo of Tracy Marshall

Tracy Marshall counsels international and domestic for-profit and non-profit clients on a range of privacy, data security, advertising, promotions, and intellectual property matters. She also advises on general corporate and transactional matters.

Tracy assists clients with compliance and advocates on their behalf. She is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP) and helps clients implement privacy, data security, and security breach response programs, develop internal and public-facing privacy policies to comply with applicable laws, respond to cyber and data security incidents, and manage relationships with service providers and third parties. Tracy advises on structuring and conducting email and text messaging campaigns, sweepstakes, contests, and other promotions, and she helps clients protect and enforce their intellectual property rights.

In addition, Tracy counsels clients on corporate matters and assists with structuring and negotiating a variety of transactions, including licensing, marketing, and outsourcing arrangements.

Tracy is frequently invited to speak at privacy, data security, telecommunications, and advertising conferences and is a contributor to Keller and Heckman’s Consumer Protection Connection blog and Beyond Telecom Law Blog.


To learn more about Tracy's practice areas, click here.

On June 18, 2024, the California Attorney General (AG) and Los Angeles City Attorney jointly announced that video game developer and publisher Tilting Point Media LLC (Tilting Point) agreed to a $500,000 settlement for violations of the California Consumer Privacy Act (CCPA), Children’s Online Privacy Protection Act (COPPA), and California Unfair Competition Law (UCL) based

As we predicted in our assessment of U.S. advertising and privacy trends in February of this year, states have continued to adopt comprehensive privacy laws during their 2024 legislative sessions. To date, nineteen states (California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and

As expected, Congress’ renewed focus on expanding protections for minors online has resulted in legislative developments that attempt to mitigate harms while adhering to the Constitution’s free speech and preemption parameters. Last month, updates to both the Kids Online Safety Act (KOSA) and the Children’s Online Privacy Protection Act (COPPA) 2.0 bills were released

During 2023, legislative, congressional, and executive actions aimed at protecting children and teens online took center stage. Such actions included: legislative attempts to raise the age of a “child” at both the federal and state levels for advertising and privacy purposes; bans on behavioral advertising targeting minors; efforts to restrict access to social media by

As the federal government continues to wrestle with the complex issue of regulating Artificial Intelligence (AI) in the wake of the release of President Biden’s Executive Order, states have already proposed or enacted AI regulation, and even more will attempt to tackle the issue in 2024. Two recent developments in AI regulation from California

How should companies respond to and report data security breaches nationally? What cybersecurity practices and procedures reflect current best practices? Two federal agency actions provide new rules and guidance and show that the cybersecurity landscape is changing. First, the U.S. Securities and Exchange Commission (SEC) adopted new rules earlier this month that will (among other

The Children’s Online Privacy Protection Act Rule (COPPA Rule) requires that online sites and services directed to children under 13 obtain parental consent before collecting or using children’s personal information and lists existing methods for such consent. Now the Federal Trade Commission (FTC) is seeking comments on whether it should expand its parental consent methods

When the California legislature passed the California Age-Appropriate Design Code Act (CAADCA or Act) AB 2273 in September of this year, it generated considerable controversy. Companies, trade associations, and even some non-governmental organizations questioned whether the law’s broad reach was not just counterproductive and likely to invade consumer privacy, but preempted by federal law and

Deceptive reviews and endorsements have been an increasing area of scrutiny by the Federal Trade Commission (FTC or Commission). In the last few years, the Commission has brought myriad complaints against companies for engaging in such practices. Last year, the FTC resurrected its long-dormant Penalty Offense Authority, warning more than 700 companies in a