Photo of Tracy P. Marshall

Tracy Marshall assists clients with a range of business and regulatory matters.

In the business and transactional area, Ms. Marshall advises for-profit and non-profit clients on corporate organization, operations, and governance matters, and assists clients with structuring and negotiating a variety of transactions, including purchase and sale, marketing, outsourcing, and e-commerce agreements.

In the privacy, data security, and advertising areas, she helps clients comply with privacy, data security, and consumer protection laws, including laws governing telemarketing and commercial e-mail messages, contests and sweepstakes, endorsements and testimonials, marketing to children, and data breach notification. Ms. Marshall also helps clients establish best practices for collecting, storing, sharing, and disposing of data, and manage outsourcing arrangements and transborder data flows. In addition, she assists with drafting and implementing internal privacy, data security, and breach notification policies, as well as public privacy policies and website terms and conditions.

As to intellectual property matters, Ms. Marshall helps clients protect their copyrights and trademarks through registration, enforcement actions, and licensing agreements.

She also represents clients in proceedings before the Federal Communications Commission and Federal Trade Commission.

Ms. Marshall is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP) and a contributing author of the Consumer Protection Connection blog and Beyond Telecom Law Blog.

In the absence of a comprehensive U.S. federal privacy law, three states – California, Virginia, and Colorado – have enacted comprehensive privacy laws as of this year. The California Consumer Privacy Act (CCPA) is in effect now, and the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and Colorado Privacy Act (CPA)

“Dark patterns” – user interfaces that are designed, intentionally or unintentionally, to influence user decision making – have been increasingly on the Federal Trade Commission’s (FTC or Commission) radar. As we previously reported, the FTC held a workshop earlier this year to examine, among other things, how dark patterns affect online user behavior and

The newly established California Privacy Protection Agency (the Agency) is soliciting public comments on a number of issues, as required by the California Privacy Rights Act (CPRA) that was passed by ballot initiative in November 2020. CPRA expands the rights afforded to California residents and the obligations imposed on businesses under the California Consumer Privacy

With millions of Internet of Things (IoT) devices from phones to smart home censors flooding the market every year, effective cybersecurity to help mitigate risks to devices is vital. New guidance from The National Institute of Standards and Technology (NIST), IoT Non-Technical Supporting Capability Core Baseline (NISTIR 8259B), is intended to help manufacturers identify the

On September 13, 2021, President Biden nominated Alvaro Bedoya for Commissioner of the Federal Trade Commission (FTC) to replace outgoing FTC Commissioner Rohit Chopra. Earlier this year, President Biden nominated Chopra to head the Consumer Financial Protection Bureau (CFPB). If confirmed, Bedoya would round out the slate of FTC commissioners and solidify the agency’s Democratic

As the Labor Day weekend approaches, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are warning U.S. entities to remain alert and protect against the rising incidence of ransomware attacks over holidays and weekends. A joint cybersecurity advisory issued on August 31, 2021 reviews recent ransomware attacks that occurred over

The Federal Trade Commission (FTC) took the unprecedented step of removing one of the approved Safe Harbor organizations under the Children’s Online Privacy Protection Act (COPPA) for failing to provide effective monitoring and assessment of its member companies’ websites, as required under the COPPA Rule. Earlier this year, Commission staff warned Aristotle International, Inc., whose