Michael C. Egan

Baker & McKenzie LLP


Michael Egan advises clients across various industries, including global online businesses, pharmaceutical companies, healthcare providers, manufacturers, financial institutions, sourcing providers, retail companies, and other organizations regarding the legal aspects of global privacy and data protection, data security, information technology, and related restrictions on data collection and transfer. He focuses on these issues in the context of: global company operations and applications, including websites, mobile and e-commerce applications; data security breach and incident response; transactions; litigation; internal investigations; and government inquiries. He has represented companies before numerous government authorities, including the US Federal Trade Commission, the US Department of Justice and the US Securities and Exchange Commission.

Practice Focus

Mr. Egan’s practice covers privacy and information management with an emphasis on regulatory (e.g., GDPR, CCPA) and transactional issues such as consumer protection, data security and breach notification obligations, email and telemarketing, cross-border data flows, e-monitoring, e-discovery procedures, sourcing, social media, and other privacy-related issues.

Representative Legal Matters

Data Protection and Privacy

  • Federal and State Data Security Law Compliance – Advised clients regarding compliance with US Federal and US state data security and breach notification laws.
  • Data Breach Response - Advised clients regarding data security breaches. Representative cases include advising (i) an electronics and entertainment company in connection with one of the largest data breaches in US history, and (ii) a hospitality company in connection with credit card information security issues.
  • Health Insurance Portability and Accountability Act (HIPAA) –Provided legal advice to covered entities under HIPAA with respect to (i) becoming compliant with the HIPAA Privacy and Security Rules, (ii) responding to data security incidents, and (iii) responding to inquiries from and investigations by the US Department of Health and Human Services Office for Civil Rights.
  • Electronic Communications Privacy Act/Computer Fraud and Abuse Act - Counseled companies involved in internet and computer security issues involving the ECPA and CFAA.
  • Corporate Information Security Policies – Drafted corporate policies pertaining to the safeguarding and security of corporate data and responding to data security incidents.
  • E-commerce/Website Terms of Use/Privacy Policy - Drafted website terms of use and privacy policies for consumer-facing websites and advised on terms of use and privacy policies of websites of domestic and foreign companies that perform sales and marketing over the Internet.

Other Representative Matters

  • Compliance Reviews and Internal Investigations – Conducted global compliance reviews and internal investigations for multinational companies regarding compliance with US legal requirements. Representative cases include (i) conducting a global anti-corruption investigation for a Fortune 100 manufacturing company, and (ii) conducting an internal investigation in connection with allegations of corruption by a freight forwarding company.
  • Interactions with Enforcement Authorities – Represented clients in front of government enforcement authorities, including the US Department of Justice and the US Securities and Exchange Commission, regarding disclosure of compliance issues, internal investigation findings, compliance remediation measures, and settlement terms.

Professional Honors

  • Legal 500 US, Next Generation Lawyer in Cyber Law (including Data Privacy and Data Protection), 2019 - 2020


  • District of Columbia~United States (2019)
  • Massachusetts~United States (2007)


  • Boston College (J.D.) (2007)
  • Georgetown University (B.A. Economics, cum laude) (2004)
  • Georgetown University (European Studies) (2004)


  • English