Gregory T. Parks
Gregory T. Parks helps companies manage data security incident response and litigation, privacy and cybersecurity compliance, class actions, attorney general investigations loyalty and gift card programs, retail operations, payment mechanisms, shoplifting prevention, and matters for retail, ecommerce, and other consumer-facing companies. For more than 20 years, Greg’s focus has been data security incident response and crisis management and any resulting litigation. Greg manages all phases of such litigation, trial, and appeal work. Greg is the primary leader of Morgan Lewis’s privacy and cybersecurity practice and a co-leader of the retail and ecommerce team.
outside publication
What A New Virginia Privacy Law Could Mean for Business, Law360
Greg’s work in the privacy space includes compliance and implementation consulting for more than 500 companies on laws such as the California Consumer Protection Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the European General Data Protection Regulation (GDPR), the state data breach notification laws, the Fair Credit Reporting Act (FCRA), the FTC Red Flags rule, PCI-DSS mandates for credit card security, CAN-SPAM marketing email laws, the Telephone Consumer Protection Act (TCPA), FinCEN and other anti–money laundering rules, the Children’s Online Privacy Protection Act, the Massachusetts Data Security Regulations, and a myriad of other global, federal, state, and local privacy laws.
With more than 20 years of experience with the unique problems and challenges facing retailers, Greg counsels these clients through consumer class actions, real estate litigation, privacy and data security concerns, product and premises liability cases, and similar issues. His operational and compliance counseling involves matters arising from credit cards, gift cards, employee background checks, anti–money laundering plans, advertising and sales, data collection and privacy, and loyalty, layaway, and shoplifting prevention programs.
In the aftermath of data security incidents—he’s advised on more than 2,000 in his career—Greg helps clients craft immediate responses. He counsels them on how best to give notice to affected individuals or government and consumer reporting entities, following proper compliance protocol while keeping brand and public relations issues front of mind. He also represents these companies on any class action and other litigation or investigations stemming from the incidents, and instructs them on implementing policies and procedures to prevent and mitigate future breaches.
Results may vary depending on your particular facts and legal circumstances
- Managed more than 2,000 data security incidents, including determining and executing notification requirements, assisting clients with investigative and remedial actions, pursuing cost recoveries against responsible parties, and handling any resulting litigation or government investigations, with these incidents ranging from a single compromised system involving just one individual’s information to massive data breaches involving thousands of systems and more than 100 million individuals’ information
- Resolved more than two dozen consumer and financial institution lawsuits arising from data security incidents for less of the cost of defense for clients in the retail, ecommerce, financial, medical, and insurance industries
- Obtained complete defense verdict in consumer class action trial for a major national retailer under California’s gift card redemption law in which the plaintiff class sought more than $30 million; obtained affirmance of the verdict on appeal
- Defended on appeal a motion to compel arbitration for a major ecommerce retailer
- Obtained defense verdict in a 6-week jury trial of a premises liability case at a major retailer’s flagship New York store in which the Plaintiff sought $25 million
- Obtained $6.4 million jury verdict and judgment for a venture capital company that sold its interest in a number of related companies and then faced an indemnity / escrow claim from the purchaser
- Obtained complete indemnity from a supplier for a Top 10 retailer against an $80 million claim for alleged violations of the Fair Credit Reporting Act in the conduct of criminal background checks
- Argued motions to dismiss or settled more than a dozen lawsuits under the Fair and Accurate Credit Transactions Act (FACTA) for information printed on credit card receipts provided by retail companies at the point of sale
- Obtained favorable settlements of more than 50 consumer class actions, in which the costs of the settlement were less than 20% of the liability or costs of defense the company faced
- Obtained motion to dismiss a claim under the Fair Credit Reporting Act by successfully arguing that the source of a criminal background check was not a consumer reporting agency
- Obtained complete indemnity for three retailers accused of using illegal technologies on their ecommerce websites to track website visitors
- Obtained motions to dismiss or convinced Plaintiff’s lawyers not to bring more than 20 lawsuits accusing retailers of collecting information at the point of sale in credit card transactions that is prohibited by state law
- Obtained settlement of allegations of systemic pricing inaccuracy by a major retailer across the state of California
- Obtained $3.6 million judgment in favor of a retailer against a shopping center landlord who failed to carry out various development obligations
- Secured motion to dismiss a trademark infringement and license dispute on behalf of the holder of a world-famous trademark
- Secured motion to dismiss an $80 million claim against a Trustee in a mortgage securitization
- Obtained $25 million judgment in a bench trial arising from acquisition of sub-prime mortgage assets
Results may vary depending on your particular facts and legal circumstances.
- University of Pennsylvania Law School, 1997, J.D., cum laude
- Bucknell University, 1994, B.A., cum laude
- Pennsylvania
- New Jersey
- US Court of Appeals for the Second Circuit
- US Court of Appeals for the Third Circuit
- US Court of Appeals for the Ninth Circuit
- US District Court for the Eastern District of Pennsylvania
- US District Court for the Middle District of Pennsylvania
- US District Court for the Western District of Pennsylvania
- US District Court for the Northern District of Illinois
- US District Court for the Central District of Illinois
- US District Court for the Eastern District of Wisconsin


Listed, Lawdragon’s 500 Leading Global Cyber Lawyers, Princeton, Privacy, Cybersecurity, Data Incident Response (2024, 2025)
Listed, The Best Lawyers in America, Privacy and Data Security Law (2023, 2024)
Listed, BTI Consulting Group, Client Service All-Star (2020)
Recommended, Media, technology and telecoms: Cyber law (including data privacy and data protection), The Legal 500 US (2019–2023)
Recommended, Dispute resolution: General commercial disputes; Recommended, Media, technology and telecoms: Cyber law (including data privacy and data protection); The Legal 500 US (2018)
Listed, Law360, Retail and eCommerce MVP (2014–2015)
Member, American Bar Association
Member, Philadelphia Bar Association
Member, International Association of Privacy Professionals
Fellow, Temple University’s Academy of Advocacy
Listed, The Legal Intelligencer, Lawyers on the Fast Track (2009)
No aspect of this advertisement has been approved by the Supreme Court of New Jersey. A description of the selection methodology for the above awards can be found here.
