Sam Castic

Senior Associate


Read full biography at
Sam Castic helps clients to successfully collect and use personal information while minimizing the risk of a regulatory investigation or class action lawsuit. Sam is part of the firm's Cybersecurity and Data Privacy team.
Sam is recognized as a Certified Information Privacy Professional (CIPP) U.S. by the International Association of Privacy Professionals, and he works with clients on a variety of privacy, data protection, and cybersecurity matters, such as the following:
  • Behavioral Advertising. Sam helps clients with online behavioral advertising, including compliance with privacy law and industry codes, vendor and service provider agreements, and data collection and use.
  • Marketing Campaigns and Compliance. Sam advises clients on telemarketing, outbound calls and text messaging, email, and direct marketing law.
  • Contract Negotiations. Sam negotiates vendor contracts, service agreements, and business transactions that involve the collection, purchase, hosting, and,  use of personal information and Big Data.
  • Privacy By Design.  Sam counsels technology companies and service providers on Privacy By Design principles when developing and bringing innovative new products and services to market.
  • Online and Mobile Privacy. Sam has extensive experience with mobile and online privacy issues, including drafting privacy policies.
  • Cybersecurity Incident Response.  Sam has handled numerous multi-jurisdictional and national data breach responses, including in the investigation, remediation, strategy development, notification, and regulator inquiry phases. He also helps clients prepare incident response plans.
  • International Transfers. Sam assists companies in international privacy and data protection issues, including regarding cross-border transfers or accessing of personal information.
  • Investigations and Disputes. Sam has assisted clients in responding to governmental inquiries and investigations with respect to consumer protection issues and privacy and data protection practices, and he has experience defending against privacy class actions.

Posts by: Sam Castic

7th Circuit Revives P.F. Chang’s Data Breach Class Action Suit

data breach

Last week, the Seventh Circuit revived a data breach class action against P.F. Chang’s restaurant in an important opinion that continues a plaintiff-friendly trend that began with the court’s opinion in the Neiman Marcus case that we previously reported on here.  The court used statements that P.F. Chang’s made in response to the breach and protective remediation measures it implemented to draw inferences that customers were at a risk of identity theft and harm, and then used those inferences to find that plaintiffs had standing to proceed with their litigation.  The case raises new issues that organizations should consider in crafting post-breach communications, and important takeaway lessons that may help increase the likelihood of obtaining dismissal of data breach class actions at the pleadings stage.


Internet Providers on Notice: Draft Privacy Regulations Coming Soon

Internet Providers

This month, the Federal Communications Commission (FCC) will consider issuing a Notice of Proposed Rulemaking (NPRM) for privacy regulations that will apply to broadband providers.  The goals and objectives of the proposed regulations, which will be offered by FCC Chairman Wheeler, are outlined in a short document that the FCC released.  The proposed regulations will likely contain strict privacy requirements that broadband providers have never before been subject to under federal law.