Gregory T. Parks helps companies manage data security incident response and litigation, privacy and cybersecurity compliance, class actions, attorney general investigations loyalty and gift card programs, retail operations, payment mechanisms, shoplifting prevention, and matters for retail, ecommerce, and other consumer-facing companies. For more than 20 years, Greg’s focus has been data security incident response and crisis management and any resulting litigation. Greg manages all phases of such litigation, trial, and appeal work. Greg is the primary leader of Morgan Lewis’s privacy and cybersecurity practice and a co-leader of the retail and ecommerce team.
Greg’s work in the privacy space includes compliance and implementation consulting for more than 500 companies on laws such as the California Consumer Protection Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the European General Data Protection Regulation (GDPR), the state data breach notification laws, the Fair Credit Reporting Act (FCRA), the FTC Red Flags rule, PCI-DSS mandates for credit card security, CAN-SPAM marketing email laws, the Telephone Consumer Protection Act (TCPA), FinCEN and other anti–money laundering rules, the Children’s Online Privacy Protection Act, the Massachusetts Data Security Regulations, and a myriad of other global, federal, state, and local privacy laws.
With more than 20 years of experience with the unique problems and challenges facing retailers, Greg counsels these clients through consumer class actions, real estate litigation, privacy and data security concerns, product and premises liability cases, and similar issues. In 2014 and 2015, Law360 named him an MVP for retail and ecommerce. His operational and compliance counseling involves matters arising from credit cards, gift cards, employee background checks, anti–money laundering plans, advertising and sales, data collection and privacy, and loyalty, layaway, and shoplifting prevention programs.
In the aftermath of data security incidents—he’s advised on more than 2,000 in his career—Greg helps clients craft immediate responses. He counsels them on how best to give notice to affected individuals or government and consumer reporting entities, following proper compliance protocol while keeping brand and public relations issues front of mind. He also represents these companies on any class action and other litigation or investigations stemming from the incidents, and instructs them on implementing policies and procedures to prevent and mitigate future breaches.
Recognized, Privacy and Data Security Law, The Best Lawyers in America (2023, 2024)
Client Service All-Star, BTI Consulting Group (2020)
Recommended, Media, technology and telecoms: Cyber law (including data privacy and data protection), The Legal 500 US (2019–2023)
Law360 Retail and eCommerce MVP (2014–2015)
Member, American Bar Association
Member, Philadelphia Bar Association
Member, International Association of Privacy Professionals
Fellow, Temple University's Academy of Advocacy
Listed, "Lawyers on the Fast Track," The Legal Intelligencer and Pennsylvania Law Weekly (2009)
Listed, "2006 Rising Star Super Lawyer" by Pennsylvania Law & Politics Magazine
Recommended, Dispute resolution: General commercial disputes; Recommended, Media, technology and telecoms: Cyber law (including data privacy and data protection); The Legal 500 US (2018)