Justine Young Gottshall is a partner at InfoLawGroup, having previously practiced at Hogan & Hartson (now HoganLovells) in Washington D.C. and as a partner with Wildman Harrold (now Locke Lord) in Chicago. Ms. Gottshall has extensive experience counseling clients on privacy, data security, technology, information governance, consumer protection, and digital marketing and advertising issues. She serves as the Chief Privacy Officer of Signal and on the leadership committee for Stanford Women in Boards.
Ms. Gottshall was recognized in 2015 by SC Magazine as one of the 5 Women in IT Security: Women to Watch. She is recognized in Chambers USA for her work in the area of Privacy & Data Security and in Illinois for Entertainment and Media. In 2007 she was named to Chicago Lawyer and Chicago Daily Law Bulletin’s prestigious “40 Under Forty” list.
Ms. Gottshall is well suited to address the variety of compliance issues that exist in the digital age. She focuses on compliance counseling and drafting and negotiating related contracts for clients. She has extensive experience in privacy matters, including information governance and data management, online advertising, internal compliance policies, consumer policies, including web site policies, vendor management, and advising on privacy and security-related compliance strategies and programs. Ms. Gottshall also counsels clients on advertising and marketing issues, including user generated content, marketing to children, social media campaigns, co-promotions, e-mail and text message marketing, and consumer promotions. She also works closely with clients on technology matters, including e-commerce, software licensing and including “privacy by design” in the creation and launch of new products and services.
Ms. Gottshall is a CIPP and has served both on the IAPP Education Advisory Board and as a Chicago Knowledge-Net Co-Chair. She is a graduate of Stanford Law School and she graduated Phi Beta Kappa from the University of Michigan. She is a frequent speaker and author on privacy, digital marketing, and information governance.
Privacy Compliance and Counseling
Privacy and Data Security Compliance
Internal and Consumer-Focused Corporate Policies
Advertising, Marketing, And Promotions
International Association of Privacy Professionals (IAPP) – CIPP; served as Education Advisory Board Member and KnowledgeNet Co-Chair
Brand Activation Association
Illinois State Bar Association
Former Board Member, Emerald City Theatre
Stanford Law School, J.D., 1994, Symposium Editor, Stanford Law and Policy Review; 1994 Moot Court Board Vice President
University of Michigan, B.A. English and Theater & Drama, 1991, Phi Beta Kappa
California has pushed through an online privacy law that is sending some shockwaves through the Internet economy. On Thursday, June 29, the legislature passed the California Consumer Privacy Act of 2018 (“CCPA”), which the Governor signed swiftly. Beginning January 1, 2020, many companies that do business in California will need to make significant changes and … Continue Reading
A D.C. Circuit Court has ruled that the Federal Communications Commission (FCC) under President Barack Obama overreached in part when it issued its 2015 order providing guidance and interpreting the Telephone Consumer Protection Act (TCPA) in an attempt to rein-in robocalls and unwanted text messages. This long-awaited ruling in—ACA International, et al., v. Federal Communications … Continue Reading
InfoLawGroup is holding a series of popup panel discussions called “cocktails and conversations.” Our latest discussion was about what it takes for women to ascend to the upper echelons of business and featured successful entrepreneur and CEO, Fran Maier. Fran is now the CEO of one of the fastest growing gig-economy startups, Babierge, which is … Continue Reading
InfoLawGroup partner Justine Young Gottshall on IoT Privacy Compliance Best Practices in the September issue of Risk Management Magazine: 5 Best Practices for IoT Privacy Compliance. According to a January 2017 forecast from Gartner, 8.4 billion internet of things items will be in use worldwide this year—a 31% increase from 2016—to the tune of almost $2 … Continue Reading
Not only are companies collecting a massive amount of data generated by the Internet of Things (IoT), they are storing it too. According to a survey of 1,000 enterprises conducted by 451 Research, 71 percent of enterprises are gathering IoT data and nearly half of the data generated are being stored. What the survey doesn’t … Continue Reading
On June 21, 2017, the FTC released its updated its 6 step COPPA Compliance Plan for Businesses (“Compliance Plan”). The changes to the Compliance Plan are intended to help businesses keep up with changes to technology and evolving business models in connection with the Children’s Online Privacy Protection Act (“COPPA”). The FTC states in its … Continue Reading
Developing a privacy compliance program is an essential, if often daunting, compliance step for organizations of all sizes, and across all industries. InfoLawGroup partner Justine Young Gottshall and her co-author recently updated their an in-depth practice note on this topic. The updated version is published by Practical Law and available here.… Continue Reading
Please note this article has been updated October 2016, please see here for updated article. Developing a privacy compliance program is an essential, if often daunting, compliance step for organizations of all sizes, and across all industries. InfoLawGroup partner Justine Young Gottshall recently co-authored an in-depth practice note on this topic, published by Practical Law and … Continue Reading
This Post Was Co-Authored by Partner, Justine Gottshall and Counsel, Brian Schaller The Federal Communications Commission (“FCC”) released its TCPA Omnibus Declaratory Ruling and Order (“Order”) regarding the Telephone Consumer Protection Act (“TCPA”) on July 10, 2015, which Chairman Tom Wheeler announced via a blog post and FAQ’s in late May. InfoLawGroup previously discussed the potential … Continue Reading
Last week, FCC Chairman Wheeler put forth a proposal that will address more than 20 pending petitions before the Agency. The FCC will vote on the proposal June 18, 2015. Chairman Wheeler has posted both a set of FAQs and a blog post providing more information. Chairman Wheeler has made clear that the intent is … Continue Reading
The FTC released its Report on the Internet of Things (“IoT”) on January 27, 2015 (“Report”). While the Report is specific to IoT, including devices such as wearable fitness trackers and internet connected cameras and televisions, there are key takeaways for all companies operating online. The FTC defines IoT as “’things’ such as devices or … Continue Reading
A new California statute, which originated as SB 568 and will be codified as § 22580 et seq. of the Cal. Bus. & Prof. Code, takes effect January 1, 2015. The law has two key provisions: one addressing online advertising in connection with minors, which this post addresses, and one addressing a minor’s right to delete … Continue Reading
A new California statute, which originated as SB 568 and will be codified as § 22580 et seq. of the Cal. Bus. & Prof Code, takes effect January 1, 2015. Given the time it may take some sites, applications and online services to determine and implement appropriate compliance steps, now is the time to start considering … Continue Reading
By Justine Young Gottshall And Damien Wint As we approach six months since the Federal Trade Commission’s (FTC) amendments to the Children’s Online Privacy Protection Act (COPPA) Rule, 16 C.F.R. Part 312 (the “Rule” or, as amended, the “Amended Rule”) became effective, it is essential that any website or online service that is not in … Continue Reading
For operators of web sites, apps and other online services, change is definitely coming – and quickly. On April 25, 2013, the Federal Trade Commission (“FTC”) issued updated Frequently Asked Questions (the “FAQs”) for its amended implementing rule (the “Rule”) for the Children’s Online Privacy Protection Act (“COPPA”). The FAQs give some additional insight regarding … Continue Reading
Andrew Hoffman contributed to this post. What makes an automated call “telemarketing” versus “informational”? It might be less than you think. In a recent ruling out of the Ninth Circuit, Chesbro v. Best Buy Stores, L.P., the Court has ruled that certain calls are telemarketing calls subject to the TCPA, even if the calls do not explicitly … Continue Reading
Co-Authored by Shannon Harell Yesterday, the Federal Trade Commission (“FTC”) released aFederal Register notice (“Notice”) seeking public comments on additional proposed revisions to the Children’s Online Privacy Protection Act Rule (“COPPA Rule”). As we blogged in September 2011, the FTC initially issued proposed revisions to the COPPA Rule and requested comments on September 15, 2011 (“2011 Notice”). The … Continue Reading
InfoLawGroup Counsel Andrew L. Hoffman contributed to this post. Another Court has held that plaintiff’s cannot recover for a breach of their sensitive data, absent a clear financial injury resulting directly from the breach. On July 12, 2012, the U.S. District Court for the Western District of Kentucky dismissed a data breach lawsuit against various Countrywide Financial … Continue Reading
A recent dismissal of a plaintiff’s class action involving text messages sent to confirm the consumer has opted out should be welcome news to companies that engage in text message marketing. Currently, the Mobile Marketing Association Guidelines require companies to send a single, final text message confirming the consumer has opted out when a “STOP” … Continue Reading
The White House today released its white paper setting forth a framework for "Protecting Privacy And Promoting Innovation in The Global Digital Economy" (the " Framework"). The Framework is far reaching, touching on everything from a call for legislation, including a national standard for security breach legislation, to promoting international interoperability.
The Framework centers on The Consumer Privacy Bill of Rights, which contains seven core principles relating to "personal data." Note that "personal data" is defined broadly, to encompass any data, including aggregated data, which can be linked to a specific individual, and may include data linked to a specific computer or other device. It is worth noting that the Framework includes, as an illustrative example of personal data, "an identifier on a smartphone or family computer that is used to build a usage profile."
… Continue Reading
As 2011 is coming to a close, many of us are thinking about what 2012 will bring. With regard to privacy, there are numerous key issues to choose from (and I am sure many privacy professionals would add to this list) - but from a corporate compliance standpoint, here are my top five picks for hot topics to address in 2012:
… Continue Reading