Michael Eades is an associate at McDonald Hopkins and part of the firm’s national Data Privacy and Cybersecurity team. He is accredited by the International Association of Privacy Professionals as a Certified Information Privacy Professional for the United States, the gold standard certification for information privacy professionals.
Michael’s practice focuses on advising companies in a wide variety of industries on addressing data privacy and cybersecurity incidents. Much of his expertise in data privacy and cybersecurity stems from his time as an internal advisor, external regulator and litigator for the Office of Indiana Attorney General. In his role there, Michael acted as internal privacy counsel, providing guidance regarding actions taken in compliance with data privacy laws and overall enforcement strategy. He also regulated entities who experienced data breaches, including reviewing and evaluating network diagrams, technical documents, and policies and procedures to ensure compliance with applicable privacy laws and regulations; engaged as part of a legal team that handled approximately 1,000 data breach cases per year; evaluated the internal network structure/data security of a variety of network architectures; reviewed and assessed entities’ Risk Assessments and overall security posture related to the storing and handling of personal information; appraised entities’ policies and procedures surrounding data security for compliance with all applicable laws; and investigated telephone privacy complaints, such as robocalls and Do-Not-Call complaints.
Michael’s litigation and general business experience includes engaging in complex and innovative data privacy litigation while at the Office of Indiana Attorney General and experience serving as in-house privacy counsel for a SaaS technology company, where he drafted and reviewed privacy policies and documents related to HIPAA compliance and managed the processing, retention and treatment of data to comply with various privacy laws and regulations, with special focus on GLBA, HIPAA, CCPA/CPRA, PIPEDA and various provincial privacy laws from Canada.
Prior to those roles, Michael served as a professional contract attorney and consumer litigation attorney, with experience in complex antitrust litigation and consumer litigation cases related to the Fair Debt Collection Practices Act and Fair Credit Reporting Act.
Michael earned his J.D. from Indiana University Robert H. McKinney School of Law and his Bachelor of Arts from in psychology and criminal justice from Indiana University.
Representative Cases & Matters
- State of Indiana v. Apple, Inc. - Participated as a leader in a multi-state investigation involving over 30 states against the largest company in the nation, and obtained a payment of over $4.8 million for the State of Indiana
- States of Arizona, et al. v. Medical Informatics Engineering, Inc., et al. - Acted as the closer for the first ever multi-state HIPAA data breach enforcement action, obtaining a nearly $1 million civil penalty across 16 states
- State of Indiana v. Equifax Information Services - Litigated a data breach action against one of the three national credit reporting agencies, obtaining $19.5 million consumer restitution for Indiana residents
- State of Indiana v. Eddie Bauer, LLC - Litigated data privacy case resulting in payment of $60,000 to Indiana
Indiana University Robert H. McKinney School of Law
Admissions – Court
- All Indiana State Courts
- U.S. District Court for the Northern District of Indiana
- U.S. District Court for the Southern District of Indiana
Admissions – State
Professional & Civic
Member, International Association of Privacy Professionals
News & Insights
Cybersecurity and You – Pike High School January 2019
Cybersecurity: The Ever Expanding Frontier – Johnson County Public Library June 2019
Cybersecurity: Ways to Stay Safe – Delta High School August 2019