Kristin M. Hadgis

合伙人

Kristin M. Hadgis counsels and defends companies in privacy, cybersecurity, and data protection matters. She helps companies manage data security incident response and other crisis incidents, including any resulting class action litigation or government investigations. Kristin also advises on privacy and cybersecurity compliance for clients in a range of industries, including retail, ecommerce, financial, medical, and insurance.

Kristin has advised hundreds of companies in connection with privacy and cybersecurity compliance issues spanning US state consumer privacy laws, privacy policies, information security policies, incident response plans, and protocols for data collection, storage, and transfer. Her experience includes the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), state data security laws, the Fair Credit Reporting Act (FCRA), the Fair and Accurate Credit Transactions Act (FACTA), US federal and state CAN-SPAM laws, the Telephone Consumer Protection Act (TCPA), Federal Trade Commission (FTC) rules, the US Securities and Exchange Commission privacy regulations (Reg. S-P), and the Children’s Online Privacy Protection Act (COPPA).

Kristin has advised on hundreds of data security incidents in her career, counseling clients on giving notice to affected individuals or government and consumer reporting entities, following proper compliance protocol. Kristin also represents these companies in any class action and other litigation stemming from the incidents, and instructs them on implementing policies and procedures to prevent and mitigate future breaches.

Kristin understands the challenges facing retail, ecommerce, and other consumer-facing companies and advises these clients on a variety of legal, regulatory, and operational matters. She works closely with clients on retail operations and compliance, including for brick-and-mortar stores across the United States and ecommerce platforms. She also counsels retail and consumer-facing clients on loyalty programs, gift cards, marketing and advertising, social media, price comparison, fraud prevention, online contracting and website terms, and privacy and data security compliance.

She is a member of the firm’s retail and privacy and cybersecurity practices as well as its class action working group. Kristin routinely writes articles on developments in the law on consumer and data privacy matters.

In her pro bono practice, Kristin represents children in dependency proceedings through the Support Center for Child Advocates.

Prior to joining Morgan Lewis, Kristin clerked for Judge Timothy R. Rice of the US District Court for the Eastern District of Pennsylvania. While attending law school, she was a legal extern for Judge Juan R. Sanchez in the same court.

Show More
  • Managed hundreds of data breach incidents, including determining and executing notification requirements, assisting clients with investigative and remedial actions, and pursuing cost recoveries against responsible parties
  • Defended class action lawsuits by consumers and financial institutions arising from data security incidents for clients in the retail, ecommerce, financial, medical, and insurance industries
  • Drafted website privacy policies for hundreds of companies
  • Assisted dozens of companies in preparing for the CCPA and the EU GDPR; the work included a review of clients’ privacy programs, privacy policies, security policy, and contracts
  • Defended consumer-facing companies in TCPA litigation, including successfully obtaining favorable settlements
  • Advised businesses and nonprofits on data sharing and data privacy compliance, including under US state consumer privacy laws, Gramm-Leach Bliley Act, and Regulation S-P
  • Served as privacy, cybersecurity, and consumer protection subject-matter expert for numerous mergers and acquisitions due diligence reviews
  • Defended national retailers in price comparison class actions
  • Won motion to dismiss lawsuit under FACTA for information printed on credit card receipts
  • Obtained dismissal of claims brought against retailers under the New Jersey Truth-in-Consumer Contract, Warranty and Notice Act
  • Advised dozens of retailers on loyalty programs

Results may vary depending on your particular facts and legal circumstances.

  • Villanova University School of Law, 2008, J.D., Magna Cum Laude
  • Franklin & Marshall College, 2003, B.A.
  • Pennsylvania
  • New Jersey
  • US Court of Appeals for the Third Circuit
  • US Court of Appeals for the Fourth Circuit
  • US District Court for the Eastern District of Pennsylvania
  • US District Court for the District of New Jersey
  • Clerkship to Judge Timothy Rice of the US District Court for the Eastern District of Pennsylvania (September 2008 - April 2009)

Listed, Lawdragon, 500 Leading Global Cyber Lawyers, Philadelphia, Class Actions, Privacy, Cybersecurity (2024, 2025)

Listed, Bloomberg Law, They’ve Got Next: Privacy and Cybersecurity (October 2021)

Recipient, Support Center for Child Advocates in Pennsylvania, Distinguished Advocate for Children (2021)

Member, The Legal Intelligencer, Pennsylvania Product Liability Department of The Year (2014)

Member, Order of the Coif

Managing Editor, Villanova Law Review

Member, American Bar Association

Member, Philadelphia Bar Association

No aspect of this advertisement has been approved by the Supreme Court of New Jersey. A description of the selection methodology for the above awards can be found here.