The Hintze Law PLLC Regulatory Group assists and defends clients in response to inquiries, investigations, and enforcement actions by government agencies. We provide efficient and effective representation and strategic guidance to help companies of all sizes navigate complex regulatory processes and achieve favorable results.

We help clients with FTC Section 5 investigations and Section 6(b) orders, HHS OCR, state attorney general actions, inquiries from consumer protection agencies, and multi-jurisdictional and global investigations.  

Our Approach

Of course, our compliance practice aims to reduce our clients’ legal risk and to put them in the best position to respond to legal or regulatory investigations.

But when regulators do come calling, we pride ourselves on a response strategy that focuses on many factors, including:

• Utilizing strong, smart advocacy, including telling your best story and presenting your facts in the best light;

• Identifying any compliance gaps or weaknesses relevant to the investigation and working to address them quickly;

• Avoiding or minimizing publicity and assisting with communications strategies that support the regulatory strategy;

• Providing efficient and cost-effective support, including negotiating with regulators the scope of the investigation, the documentation required in response, and aspects that can help avoid unnecessarily costly work.

When your company receives a civil investigative demand or other investigative order, we will get to work immediately. We dive in and help you understand the nature and scope of the alleged incident, as well as the merits of allegations. We develop legal and regulatory engagement. strategies, We explore ways to contain and remediate any problems and other possible mitigations.

If appropriate, we present your story early to investigators to help them understand this is not a strong case and to convince them move on their way. In other cases, where we proceed to respond to information requests, we work to negotiate to help narrow the scope of investigations to make the process as painless as possible. And we present the responsive information in a compelling manner and, where we are able, we provide other positive and/or mitigating facts that the regulators may not have asked for or considered – all aimed at painting the most positive picture possible.

If your investigation results in an order, we will work to negotiate so that the order is as fair and clear as possible. We can help prepare you for requirements under the order including compliance obligations, preparing reports, and responding to third party audits. We can also help you prepare press responses to manage your brand reputation.

We can do all this in a way that presents as little cost and impact to your company as possible – particularly compared to firms used to costly litigation tactics. While we have attorneys with litigation experience, we do not litigate at Hintze Law, which means we never use the types of overly aggressive approaches more likely to lead you litigation, instead we take an approach of respectful advocacy to put you on a path of better future relations with regulators.

Our Expertise

Our firm focuses exclusively on privacy and data security. That means we have deeper knowledge and experience about privacy and cybersecurity laws, including exceptions & mitigations that may apply.

Our clients consistently praise us for our technical acumen. We take time to understand your technology so we can communicate with your engineers to get the facts right and explain to regulators what is really going on.

The types of regulatory investigations and inquiries that we have worked on include:

• FTC Section 5 & 6(b) investigations

  • Cybersecurity investigations, including data breaches, and software vulnerabilities

  • COPPA investigations

  • EU data transfer investigations (including under the previous Safe Harbor and Privacy Shield frameworks)

• Facial recognition / biometrics technology investigations

• HHS OCR HIPAA Investigations

• EU data protection authority inquiries

• State AG investigations including CPPA & AG CCPA actions

• We also have expertise working on ongoing compliance with regulatory orders

Representative Public Cases

Public FTC Investigations

• COPPA investigation by the FTC into practices of OpenFeint, Inc. (closed successfully)

• Online privacy/Section 5 investigation by FTC into AdMob in connection with Google acquisition (closed successfully)

• In the Matter of HTC America Inc. - FTC Section 5 investigation, settlement, and ongoing order compliance involving allegations of mobile software security vulnerabilities and deceptiveness

• U.S. v. Musical.ly, Inc. (now TikTok) - FTC COPPA investigation and ongoing order compliance

• In the Matter of Microsoft Corporation - counseling on compliance with FTC consent decree relating to alleged “Passport” security violations (now closed without further violation)

Public EU Investigations

• WhatsApp, Inc. - joint investigation by Canadian and Dutch data protection authorities into handling of personal data (in coordination with local Dutch privacy counsel)

Section 6(b) Response:

• HTC America, Inc. in response to an FTC order seeking information about security practices in the mobile ecosystem

• Byte Dance (TikTok) in an investigation by the FTC seeking data about privacy practices of the social media and video streaming industry

Representative Non-Public Investigations Ongoing or Resulting in No Action

We have successfully* represented and/or defended:

• a facial recognition security company in an FTC CID Section 5 & Privacy Shield investigation

• a video ad company in an FTC CID Privacy Shield investigation

• a recruitment/HR software company in an FTC CID Privacy Shield investigation

• a facial recognition company using data to train AI systems in an FTC CID Section 5 investigation

• a mobile app gaming company in an FTC CID COPPA investigation

• a robot toy company in an FTC CID COPPA investigation

• a major mobile carrier company in response to FCC data practices inquiry

• a self-funded health plan in response to OCR investigation of HIPAA breach of enrolled individuals

• a business associate in response to an Illinois state AG investigation of HIPAA breach  

• a mobile ad company in a California state AG COPPA investigation

• a major retail clothing company in a California state AG CCPA financial incentive program investigation

• a major social media company in a California state AG CCPA data sharing investigation

• a major telecommunications company in a California state AG CCPA identity verification investigation

• numerous clients in response to Massachusetts AG in breach notice and security regulation inquiries

• a news aggregator service in a CAN-SPAM investigation by a San Francisco city prosecutor

• an online ad company in an EU investigation

• a content creation company in an EU investigation

  *Results not necessarily indicative of those that can be obtained for similar clients with different factual and legal circumstances.

Contacts