Hsiao (Mark) C. Mao

Mark's practice focuses on intellectual property, data privacy, antitrust, and class actions. He has resolved hundreds of cases in litigation, and is highly regarded by both the defense and plaintiffs’ attorneys. Companies look to Mark as a trusted advisor and litigator in new areas of the law and emerging technologies. In 2020, Mark acted as an outside policy advisor to one of the U.S. presidential candidates, while also working on the passage of the California Privacy Rights and Enforcement Act. He then worked on amendments to Daniel’s Law in New Jersey in 2022 and 2023. Mark has been named a Lawdragon 500 Leading Litigator in America since 2022.

Mark has successfully defended numerous organizations through difficult high-stakes IP disputes, including patent, trade secret, and copyright and trademark litigation. The consumer class actions he resolves often include first of its kind privacy and regulatory issues, such as in the areas of data breach and misuse, product liability, wiretap acts, consumer data-reporting, and unfair and deceptive acts and practices litigation. He has been one of the firm’s lead attorneys in high-stakes consumer and antitrust litigation against Google, where he successfully obtained separate class certifications for hundreds of millions of devices, including two of the first national certifications for privacy misuse claims relating to wiretapping, computer hacking, and common law privacy torts. On the defense side, Mark defeated the first European General Data Privacy Regulation (GDPR) class action in the U.S., styled as Elliott v. PubMatic, against a large adtech platform.

Mark has advised organizations on the launch of hundreds of products and services, in addition to handling their regulatory responses with federal and state regulators. Mark has supported a broad spectrum of data-driven products, including the internet of things, autonomous vehicles, smart infrastructure, artificial intelligence, automation/machine learning, real-time targeting technologies, digital media, shared/gig economies, augmented and virtual reality, gaming, fintech, blockchain technology, aggregation technologies, broadband, and security software and hardware.

Mark was one of the first Fellows of Informational Privacy (FIP) of the International Association of Privacy Professionals (IAPP), and he is a thought leader and frequent writer on data-based technologies. Mark was previously an IT consultant at Arthur Andersen Consulting LLP, implementing database software.

Mark is a proud first-generation immigrant from Taiwan and is fully fluent in Mandarin Chinese. He has served as outside counsel for some of Asia’s largest international companies.

His recent experience includes:

• Currently representing Delta Air Lines in various matters relating to the CrowdStrike faulty software update outage
• Acting as one of the firms’ co-leads and technical architects in various privacy and antitrust litigation against Alphabet, in Brown v. Google (private mode browsing), Rodriguez v. Google (“Web & App Activity”), and In re Google Publisher Antitrust Litigation
• Defeated a set of Fair Credit Reporting Act cases against one of US’ largest electric vehicle manufacturers, by successfully compelling individual arbitrations and upholding the motions despite appeal
• Favorably resolved a large data breach against a virtual calling center services provider, involving the allegedly loss of employee data due to ransomware
• Defeated the first European General Data Protection Regulation (GDPR) filed in the United States, against one of the US’ largest online advertising platforms, by dispositive motion
• Obtained a favorable settlement on behalf of a major blockchain company and its CEO, against one of the world’s largest online video platforms, for videos posted on platform impersonating company and CEO
• Defeated a putatively large California-based class action involving credit cards receipt and the Fair and Accurate Credit Transactions Act, on motion to dismiss
• Favorably resolved a national class action alleging the loss of personal health information arising from a data breach, relating to a healthcare scheduling application
• Defeated by motion for summary judgment a California class action alleging illegal recording of data, carrying potential liability over nine figures in alleged damages
• Defeated two plaintiff companies seeking over $75 million on dispositive motions, for the alleged failures of crypto-certificates relating to tens of thousands of payment terminals
• Obtained a “no action” letter from regulators, in a matter involving over six million database records potentially compromised
• Prevailed on summary judgment in a landmark trademark case on concurrent use, in a dispute between two of the U.S.’s most recognized brands involved in connected cars and car sharing
• Obtained dismissal and costs against class action claims alleging illegal recording by customer support of retailer, seeking tens of millions of dollars in statutory damages
• Obtained a district court and then an appellate court win, in case against the Consumer Financial Protection Bureau alleging that a data sourcing company may be a consumer reporting agency
• Obtained a favorable resolution in a dispute involving the cyberhack of an initial cryptocurrency offering on a social media platform
• Obtained favorable resolution against over a dozen business claimants, who alleged that they were substantially overcharged for years of targeted advertising services, involving tens of millions of transactions
• Obtained dismissal in a data misuse class action involving short-term loans data, after successful motion practice, where plaintiffs sought billions of dollars in damages for millions of users, on the basis of the Fair Credit and Reporting Act
• Defeated class certification in a precedential data misuse class action involving driver and vehicle data, which could have negatively affected the ability to use millions of public records nationwide
• Obtained a favorable resolution in a competitor patent litigation involving a mechanical patent on behalf of a national retailer, after successful motions to dismiss, where plaintiff sought over $50 million in damages
• Obtained a favorable resolution in a data breach litigation involving malicious intrusion through a vendor network that affected millions of consumer records
• Obtained dismissals in a competitor patent litigation involving mechanical patents, partly by collateral IPR proceedings
• Obtained dismissal with prejudice on motions to dismiss brought by an alleged class of millions of users seeking billions of dollars in statutory damages, in a data misuse class action involving sound-based beacon technology for one of basketball’s favorite teams
• Prevented litigation in a pre-litigation dispute involving vulnerability in malware protection software relating to millions of application users
• Obtained a favorable resolution in a data breach class action involving malicious code injection in one of the web’s most popular social influencer websites
• Obtained a favorable resolution in a data breach class action involving the alleged vulnerability of a popular payment application, relating to the records of over 200,000 consumers
• Prevented litigation in a pre-litigation dispute involving predictive artificial intelligence technology for use in online marketing data analytics
• Obtained a dismissal, without filing motions to dismiss, in one of the Southern United States’ largest data breaches allegedly involving over six million vote records
• Obtained a release without payment, in Telephone Consumer Protection Act litigation involving one of U.S. broadband carriers, where billions of dollars were at issue
• Obtained a favorable de minimus settlement on behalf of certain directors and officers, in a case alleging investor subscription fraud and misappropriation of trade secrets relating to a hospitality invention

Publications

Author, BSF Insights: Annual Global Data Privacy Review, January 2020

Author, BSF Insights: Global Data Privacy Review, August 2019

Co-author, Georgia Supreme Court Adds to Patchwork of State Data Privacy Laws, Bloomberg Law, June 19, 2019

Co-author, Data Privacy: Developments in Regulatory Enforcement, Pratt's Privacy & Cybersecurity Law Report, LexisNexis, January 2019

Author, Data Privacy: The Current Legal Landscape – 2018 Reviewed, January 15, 2019

Author, Data Privacy: The Current Legal Landscape – September 2018, September 26, 2018

Co-author, Private Equity Quarterly, April 2018

Author, Data Privacy: The Current Legal Landscape – Annual Edition, February 22, 2018

Co-author, Annual Report: 2017 Consumer Financial Services Year in Review and a Look Ahead, January 10, 2018

Co-author, Top Data Governance Issues from 2017 and What to Watch in 2018, National Law Review, January 2018

Co-author, Insights on Article III Standing Under Ill. Biometrics Law, Law360, November 30, 2017

Author, Data Privacy: The Current Legal Landscape – Mid-Year Update, October 2017, October 11, 2017

Author, Current Autonomous Vehicle Technology Standards for Privacy and Security: What Are They and What Do They Mean?, Bloomberg Law, October 9, 2017

Author, A Lawyer’s Guide to NIST’s ‘Security and Privacy Controls,’ Law360, September 6, 2017

Author, Venturing Into the Land of Location Data Collection, Law360, August 11, 2017

Author, Data Privacy: The Current Legal Landscape – Annual Edition, February 10, 2017

Author, A Lawyer’s Guide to the NIST’s New Special Publication, Law360, December 21, 2016

Author, Why the Manner in Which Fintech Companies Use and Distribute APIs and SDKs Must Change, November 2016

Author, Data Privacy: The Current Legal Landscape – Quarterly Update, October 2016, November 4, 2016

Author, Are Some Courts Trying to Circumvent the Analysis Required by Spokeo?, August 3, 2016

Author, Practical Advice on Applying for the EU-U.S. Privacy Shield Program, July 29, 2016

Author, The Technology Lawyer and Connected Things, Law360, July 28, 2016

Author, Data Privacy: The Current Legal Landscape – Quarterly Update, June 2016

Author, 2016 Spring Update on U.S.-EU Privacy Shield Program, April 11, 2016

Author, Underwriting in an Even More Connected World, PLUS Journal, March 2016

Author, Privacy Issues With the FDA in Mobile Healthcare, Connected Devices, and the Internet of Things, March 3, 2016

Author, Data Privacy: The Current Legal Landscape, March 2, 2016

Author, EU Data Security Reform May Foreshadow US Trends, Law360, January 22, 2016

Author, Why 2016 Will Be a Big Year for Big Data, Law360, January 13, 2016

Author, Beyond Breach Litigation – Trends in Tracking Litigation, November 24, 2015

Author, Navigating Through Landmines – A Practical Roadmap, November 24, 2015

Author, To Address Cyber Vulnerability, Address the Human Factor, Daily Journal, October 29, 2015

Author, Expect Greater FTC Scrutiny in Wake of Schrems, Law360, October 27, 2015

Author, Data Breach Does Not Necessarily Imply Breach of Duty, Daily Journal, September 11, 2015

Author, IoT Providers Should Heed FTC Authority, Daily Journal, September 1, 2015

Author, Executives Must Get Down and Dirty With Cybersecurity, Daily Journal, June 5, 2015

Author, Does Holland v. Yahoo! Prove That The Ninth Circuit Will Remain the Post-Clapper Outlier? KDV Alert, June 5, 2015

Author, Regulate Privacy Without Stifling Innovation, Daily Journal, March 11, 2015

Author, Tesla’s Patent Strategy: ‘Good Faith’ or Preemptive, Intellectual Property Today, February 16, 2015.

Author, Open-Sourcing and Crowdsourcing Cybersecurity, Daily Journal, January 23, 2015

Author, Six Cybersecurity Lessons of 2014, Daily Journal, December 26, 2014

Author, With Privacy Policies, Do What You Say, Daily Journal, November 6, 2014

Author, Opportunities Abound to Optimize Your Cyber Liability Insurance to Your Needs, Financier Worldwide, September 4, 2014

Author, Expect More Stringent Regulations Over ‘Big Data’ to Emerge, Daily Journal, August 5, 2014

Author, Throwing Stones at Google’s Glass House, Daily Journal, July 7, 2014

Author, The Unforeseen Privacy Issues of Wearable Tech, Daily Journal, June 11, 2014

Author, Heartbleed – Pervasive OpenSSL Bugs Require Both Technical and Business Mitigation, KDV Alert, April 14, 2014

Author, Ruling Helps Define Scope of Insurance Brokers’ Duties, Daily Journal, March 17, 2014

Author, In Practice: New Rules, Newer TIC Products, The Recorder, May 16, 2013

Author, Changing Discovery Practices, The Recorder, January 18, 2013

Speaking Engagements

Social Media Influencers And Other Marketing Pitfalls, Sharing Economy Global Summit, February 5, 2020

Global Privacy Considerations For The Sharing Economy, Sharing Economy Global Summit, February 5, 2020

Social Media and eCommerce as a Global Product, 31st Annual IVY-SVAGC All Hands Meeting 2019, November 18, 2019

Defending Lawsuits Arising Out of a Cyber Event, inTouch Live Second Annual Business Symposium, October 15, 2019

Cyber Insurance and Blockchain & Cryptocurrency, NetDiligence Cyber Risk Summit, October 2, 2019

Data Breach & Misuse Class Actions, 2019 Class Action Litigation Conference, September 20, 2019

More Money, More Problems: Fellows Alumni Panel, Eight Annual LCLD Fellows Alumni Leadership Problems, June 22, 2019

Beyond Bitcoin: What Blockchain Technology Means to The Risk Professional, Risk And Insurance Management Society, April 29, 2019

Headed for Court in 2019/2020: Top Unresolved Issues In Privacy Laws And Regulations, Silicon Valley Association of General Counsel, April 19, 2019

AI Transparency, Explanability And Privacy, Practicing Law Institute, February 22, 2019

Global Privacy Laws: Privacy, IP, and Localization Trends For 2019, Berkeley Center For Law & Technology, January 15, 2019

Financial Privacy and Security, American Bar Association: Ninth Annual National Institute on Consumer Financial Services Basics, October 11, 2018

Blockchain and Its Impact on Insurance, NetDiligence Cyber Risk Summit, October 3, 2018

Data Use In a New Connected World (2018), Southern California Association of Corporate Counsel, August 8, 2018

Piracy Privacy: Autonomous Cars & Privacy Concerns, KUCI 889, June 11, 2018

Data Privacy 101 For Real Estate Attorneys (2018), California Association of Realtors, May 4, 2018

Data Breach! The Impact of Recent High-Profile Data Breaches, February 20, 2018

Regulation Update, Advisen Cyber Risk Insights Conference, February 13, 2018

What Does It Take to Insure a Law Firm Against Cyber Risks?, Duff & Phelps’ Law Firm Cyber Security Summit, February 8, 2018

Diversity and Tech, UC Hastings School of the Law, January 29, 2018

Connected Things and Autonomous Cars: The Future of Post-Spokeo Litigation, Berkeley Information Privacy Law Association, October 31, 2017

PCI Compliance and the Security of Payments, NetDiligence Cyber Risk & Privacy Liability Forum, October 12, 2017

How to Underwrite Emerging Connective Technologies, PLUS, October 2, 2017

Patent Damages, UC Berkeley School of Law, September 1, 2017

Data Use in a New Connected World (2017), May-June 2017

Data Privacy 101 for Real Estate Attorneys (2017), February 23, 2017

Cross-Border Privacy Issues and Jurisdictional Differences, 32nd Global Legal & IP ConfEx, February 23, 2017

Employment Law: Five Areas to Watch in 2017, LexisNexis, February 22, 2017

B2B Privacy Claims, Data Privacy Litigation & Investigation Forum 2017 (HB Litigation Conferences), January 24, 2017

Regulator and Enforcement Perspectives: Role of Government Agencies and How to Work With Them, Data Privacy Litigation & Investigation Forum 2017 (HB Litigation Conferences), January 24, 2017

Developments With Cyber Liability Litigation, Handling Privacy Class Actions in Light of Spokeo Decision, and Recent Developments in Cyber Insurance Coverage Litigation, ACI 14th Advanced Forum on Cyber & Data Risk Insurance, December 1, 2016

Advanced Data Use and Security – Lessons From Privacy Litigation, ACC SoCal ACCess, November 2, 2016

Standard of Care, NetDiligence Cyber Risk & Privacy Liability Forum, October 18, 2016

Big Data in the Privacy Context: Impact of the FTC’s Report on Use of Big Data and a Look Into How Big Data Will Be Regulated in the Future, ACI 20th Advanced Global Legal and Compliance Forum, October 13, 2016

On Augmented Reality, KUCI 889, August 29, 2016

Unresolved Issues and Advanced Strategies in Data Privacy Litigation, August 23, 2016

Cross-Device Targeting: What Is It?; What Are the Risks?; What Should a Compliance Regime Look Like?; and a Brief Focus on Regulation and Self-Regulation Regarding Targeted Advertising to Mobile Devices, ACI 19th Advanced Global Legal and Compliance Forum on Cyber Security and Data Privacy and Protection, June 24, 2016

The Three T’s of the Digital Economy: Technology, Threat and Trust, Chertoff Group Security Series, May 19, 2016

The Apple vs FBI Crypto Debate, The Information Security Media Group (iSMG), March 23, 2016

High Exposure Litigation, The CEU Institute, March 22, 2016

Privacy Issues in Mobile Healthcare, March 3, 2016

Cars, Cars, Cars!!! ABA Midyear Meeting, February 4, 2016

The Rising Specter of Cyber Risks for Directors and Officers, PLUS, August 3, 2015

On Emerging Cyber-Breach Cases, KUCI 889, July 6, 2015

On Writing Privacy Policies, KUCI 889, February 16, 2015

Privacy Piracy: Wearable Technology and Big Data Regulations, KUCI 889, September 10, 2014

On ‘Canvas Fingerprinting,’ Daily Journal video interview, August 27, 2014