Ezra D. Church counsels and defends companies in privacy, cybersecurity, and other consumer protection matters. He helps clients manage data security and other crisis incidents and represents them in high-profile privacy and other class actions. Focused particularly on retail, ecommerce, and other consumer-facing firms, his practice is at the forefront of issues such as biometrics, artificial intelligence, location tracking, ad tech, and blockchain. Ezra is a Certified Information Privacy Professional (CIPP) and co-chair of the firm’s Class Action Working Group.
Is arbitration right for your company in agreements with its customers and employees? If it is, how do you craft an enforceable arbitration clause that includes a waiver of the right to assert claims on behalf of a class? Taking into account recent changes in the law, this course tells you what you need to know - and factors you must consider - when thinking about including arbitration and class action waivers in your contracts.
Ezra advises clients on compliance with data privacy and cybersecurity requirements such as the California Consumer Privacy Act (CCPA), the Gramm-Leach Bliley Act (GLBA), including Regulation S-P, Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) laws, the Telephone Consumer Protection Act (TCPA), the Fair Credit Reporting Act (FCRA), the Illinois Biometric Privacy Act (BIPA), the EU’s General Data Protection Regulation (GDPR), and state data breach notification laws. He has particular experience with children’s privacy issues and has worked extensively with on educational technology firms and mobile app and game developers in connection with the Children’s Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA), and numerous state law regarding education privacy. Ezra has assisted hundreds of multinational companies with advice, planning and connections with GDPR and the Privacy Shield for data transfers to and from the United States to EU countries. He has advised on privacy and security issues related to cutting-edge technologies including facial recognition, voice recognition, iris and retinal scanning, artificial intelligent and machine learning, ad tech, location tracking and employee monitoring, and blockchain. He is a Certified Information Privacy Professional with the International Association of Privacy Professionals. He writes and speaks frequently on privacy and data security and has lectured on privacy law at Rutgers University Law School.
Ezra has worked with hundreds of companies facing data breaches, counseling them in the critical hours after an incident occurs, helping them understand and investigate the issues, and crafting an effective and appropriate notice program for affected individuals and government regulators. He also works with companies to anticipate and prepare for cybersecurity incidents before they occur, developing breach response plans to help prevent and mitigate future breaches. Ezra is a member of Morgan Lewis’s Crisis Management Practice, with a focus on the management of the crises involved in cybersecurity incidents.
Beyond his counseling practice, Ezra has experience handling complex and unusual class action litigation, including some of the largest privacy and data security class actions in the United States. This includes the defense of major national retailers facing data security litigation and the representation of consumer-facing companies facing large class actions filed under the TCPA and other privacy statutes. He has handled all aspects of such cases from inception through trial and appeal and has rare experience litigation class actions all the way through class trial. He is the co-leader of the Firm’s Class Action Working Group and regularly writes and speaks on class action issues. He is a contributor to the Firm’s chapter on class action litigation in the leading treatise Business and Commercial Litigation in Federal Courts and co-author of a chapter in A Practitioner’s Guide to Class Actions, among others.
Ezra has spent over 10 years advising and defending retailers and ecommerce companies, focused on helping them find practical ways to address the unique legal challenges they face. He has counseled and defended clients on matters related to privacy and data security, credit cards, gift cards, employee background checks, anti-money laundering, advertising and sales issues, vendor and supplier issues, return policies, marketing practices, loyalty programs, layaway, and unclaimed property.
Privacy & Cybersecurity
Served as US financial privacy expert in connection with the world’s largest asset manager’s acquisition of a US based robo-advisor, by assisting with privacy law due diligence, including Regulation S-P, and addressing post-acquisition privacy issues
Advised app developer regarding privacy compliance for development of preloaded games portal for major mobile phone carrier
Advised major financial services company on compliance with the recently adopted New York DFS Cybersecurity Requirements for Financial Services Companies, including revisions of contracts and security program
Advised global technology company regarding privacy and data security issues related to facial recognition tools
Advised Global and US Fortune 500 insurance company in connection with the creation of digital adviser platform, including privacy and data security issues regarding aggregation and services contracts
Advised international retailer on data privacy compliance for the development of a private label tablet
Advised global telecommunications company on employee privacy matters and helped develop compliance program, which also addressed biometric privacy and GPS tracking issues
Represented educational technology firm in connection with FTC investigation concerning privacy and data security
Counseled over fifty companies facing data breach incidents
Served as privacy, cybersecurity, and consumer protection subject-matter expert for numerous mergers and acquisitions due diligence reviews
Assisted companies with advice, planning, and applications of the Privacy Shield for data transfers from the EU to the United States and new EU General Data Protection Regulation, which included the review of clients' privacy programs, privacy policies, security policy, and contracts
Class Actions & Complex Litigation
Won complete defense verdict and affirmance on appeal in a rare consumer class action trial for a major national retailer under California’s gift card redemption law in which the Plaintiff class sought damages of more than $30 million
Led representation of major national retailer in nationwide class actions alleging negligence and other claims arising from a data security incident
Won nationwide class action for Fortune 20 technology company alleging claims related to transfer of customer data in connection with ecommerce business
Led successful opposition to class certification, including class discovery and briefing, in rare defendant class action alleging violations of bankruptcy law and involving many of the world’s largest financial services firms
Obtained dismissal of nationwide class action against international food and facilities services business alleging violations of FCRA in connection with employee background checks
Successfully settled California DAs’ investigation of a major retailer alleging pricing inaccuracy
Won dismissal of restaurant chain in lawsuit under FACTA regarding the printing of personal information on receipts
Dismissal of class actions in Pennsylvania and Maryland alleging product defects in construction materials
Defeated class certification in nationwide class action alleging systemic copyright violations against international publishing and media company
Representation of major pharmaceutical company in serial litigation by state AGs regarding alleged violations of state false claims laws
Obtained dismissal of nationwide class action against ecommerce retailer alleging false advertising and violation of FTC advertising rules
Defended international enterprise software company in breach of contract and fraud suit arising from sale and implementation of a revenue management solution
Defended over fifty cases alleging claims related to improper telemarketing and text advertising under the TCPA
Northwestern University, 2002, B.A.
University of Texas School of Law, 2005, J.D., cum laude
US Court of Appeals for the Second Circuit
US Court of Appeals for the Third Circuit
US Court of Appeals for the Fourth Circuit
US Court of Appeals for the Fifth Circuit
US District Court for the Eastern District of Pennsylvania
US District Court for the District of New Jersey
US District Court for the Eastern District of Wisconsin
US District Court for the Eastern District of Louisiana
US District Court for the Middle District of Louisiana
US District Court for the Western District of Louisiana
Awards and Affiliations
Recommended, Media, technology and telecoms: Cyber law (including data privacy and data protection), The Legal 500 US (2018, 2019)
Recommended, Industry focus: Energy litigation: conventional power, The Legal 500 US (2019)
Recommended, Dispute resolution: General commercial disputes, The Legal 500 US (2018)
40 & Under Hot List, Benchmark Litigation (2018, 2019)
Member, International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP/US)
Texas Law Review (2003–2005)
Recipient, Best Editor Award, Best Note Award, Texas Law Review (2005)