• vcard
312.463.6212
  • Education
    • J.D., Northwestern University School of Law, 2003
    • B.S., University of Michigan, 2000
  • Court Admissions
    • United States Court of Appeals for the Federal Circuit, 2005
    • U.S. Court of Appeals, Fifth Circuit, 2009
    • U.S. Court of Appeals, Sixth Circuit, 2008
    • U.S. Court of Appeals, Seventh Circuit, 2008
    • U.S. District Court, Northern District of Illinois, 2003
    • U.S. District Court, Northern District of Illinois, Trial Bar, 2010
Michael J. Waters is an experienced litigator and a member of the Tech Transactions & Data Privacy practice.  Michael serves as Co-Chair of the firm's Privacy and Cybersecurity practice group.

He handled one of the first data breach matters shortly after California passed its breach notification law in 2003 and has since counseled clients across industries through nearly every conceivable type of breach, from system-wide network intrusions and ransomware attacks to situations involving cyber extortion, stolen laptops and computer hardware, email compromises, wire fraud and employee wrongdoing.

Michael regularly assists companies in investigations opened by enforcement agencies post-breach, including investigations by State Attorneys General, the U.S. Department of Health and Human Services Office for Civil Rights, and state and federal financial, insurance and education enforcement agencies.

He also assists clients in managing the privacy risks associated with maintaining and transferring information.  This includes counseling clients on statutory and contractual data protection requirements, drafting privacy related policies and procedures, GDPR counseling, and providing board counseling and employee training.

Michael is a first chair trial lawyer with experience handling all phases of litigation.  He regularly litigates privacy disputes and matters involving emerging technology, including patent, trademark, copyright, trade secret misappropriation and restrictive covenant matters.  

Michael has earned the designation Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP), and he is a member of IAPP and InfraGard (a partnership between the Federal Bureau of Investigation and the private sector).
  • Served as breach response and litigation counsel for financial institution that lost backup tapes containing account information of approximately two million customers
  • Served as breach response counsel for financial institution who was subjected to cyber-extortion following the hacking and compromise of the personal and financial data of all customers
  • Served as breach response and regulatory counsel for health care provider in one of the largest healthcare breaches of 2017.
  • Served as breach response counsel for health care system that experienced a malware attack potentially impacting approximately four million customers and 40,000 employees
  • Served as breach response counsel to university following brute-force password attack resulting in the compromise of the personal information of over 60,000 students, alumni and employees residing in more than forty states and multiple foreign countries
  • Served as breach response counsel for e-commerce hosting services provider that sustained a malware attack impacting hundreds of third-party companies that used client’s hosting services, as well as thousands of those companies’ customers
  • Served as breach response counsel for health care system in connection with potential exposure of radiological records of approximately 400,000 patients
  • Served as breach response counsel and law enforcement liason for a national restaurant chain in connection with possible insider theft of payroll records
  • Served as breach response and regulatory counsel for health care system in breach involving the unauthorized acquisition of patient records by a former system physician
  • Served as breach response counsel for health care provider investigating whether patient information as stolen as part of an identity theft ring focused on illegally acquiring prescription medications
  • Served as breach response and regulatory counsel for Medicare Advantage and Medicare Supplement plan provider in connection with incident impacting approximately 28,000 plan participants residing in more than forty states
  • Counseled numerous entities in situations involving ransomware and other types of cyber-extortion
  • Counsel numerous entities in Office365 and other email compromises
  • Counseled numerous entities in situations involving wire fraud and other types of cyber fraud    
  • Served as lead trial counsel for fitness company in a patent and trademark infringement trial that resulted in a $6.8 million jury verdict in favor of client
  • Served as lead trial counsel for aircraft finance company that resulted in a multi-million dollar judgment in favor of client


text icon Publications & Presentations
Cyber Simulation: Experience the Breach During Our Tabletop Exercise
Speaker, NetDiligence Cyber Risk & Privacy Liability Forum
October 10, 2017
text icon Publications & Presentations
Investment Adviser Association’s 2017 Leadership Conference
Moderator
October 4-6, 2017
text icon Publications & Presentations
5 Tips for Aspiring Privacy Attorneys
Quoted, Law 360
June 2, 2016
text icon Publications & Presentations
Data Breaches Continue to Be Focus of Consumer Complaints
Quoted, Legaltech News
May 2016
text icon Publications & Presentations
JITPL’s 2016 Symposium at John Marshall Law School, Part II
Speaker
April 12, 2016
text icon Publications & Presentations
Data Breach Risks and Best Practices for Small and Mid-Size Health Care Providers
Co-Author, State Bar of Michigan Health Care Law Section
April 2016
text icon Publications & Presentations
The Intersection of the Foreign Corrupt Practices Act and Data Privacy
Media & Privacy Risk Report
April 2016
text icon Publications & Presentations
Client Alert Regarding Emerging Phishing E-mail Scheme
Co-Author, Lexology
March 2016
text icon Publications & Presentations
Cybersecurity Litigation and Data Privacy Class Action Cases Q&A
Panelist, Forbes
February 22, 2016
text icon Publications & Presentations
SEC Speaks: How the SEC Decides Whether to Investigate Breached Entities
Co-Author, Media & Privacy Risk Report
February 2016