Todd M. Hinnen
Drawing on years of high-level government and private practice experience, Todd guides clients on the most consequential privacy, data security, and national security matters.
Todd Hinnen counsels clients and litigates on their behalf in privacy, data security, compliance with law enforcement, and national security matters. He works closely with the U.S. Department of Justice (DOJ) and the Intelligence Community.
Todd is a longtime leader in the development, implementation, and enforcement of national security law and policy. He advises companies establishing subsidiaries that seek to do business with the U.S. government and mitigate foreign ownership, control, or influence (FOCI) concerns; comply with U.S. export control laws like the International Traffic in Arms Regulations (ITAR) and national security laws; and protect themselves while working with U.S. intelligence agencies.
An authority on cybercrime and cybersecurity, Todd helps companies develop and implement cybersecurity and network incident response plans, adhere to regulations and industry standards regarding network security, and manage breach response and customer notification. He represents telecommunications and internet companies, defense contractors, energy companies, global logistics companies, and companies complying with HIPAA privacy and security rules.
Todd provides experienced guidance on privacy issues relating to companies' collection, use, storage, protection, sharing, and disposal of personal and other types of regulated information. He counsels businesses on the full range of privacy issues they may face and represents companies from small startups to Fortune 500 industries including telecommunications, internet services, cloud computing services, interactive gaming, defense contracting, and retail sales. Todd also advises companies on international data transfer laws such as the U.S.-EU Safe Harbor Framework and represents companies in privacy-related litigation.
Todd is an experienced litigator and appellate advocate in both civil and criminal cases before state and federal courts. Todd's appellate advocacy experience also includes supervising the DOJ's National Security Appellate Unit and briefing a wide variety of civil and criminal matters to the U.S. Courts of Appeal for the First, Fourth, Fifth, Seventh, Ninth, and Eleventh Circuits and the Supreme Court of the United States.
Todd’s clients range from emerging technology companies to the nation's largest telecommunications and internet companies. He helps them lawfully comply with law enforcement processes while protecting their customers' privacy. This work is informed by his experience in government, counseling federal and state investigators how to lawfully obtain evidence from telephone carriers, internet service providers, other communications service providers, and remote storage and computing providers using the Wiretap Act, Pen Register/Trap and Trace laws, and the Stored Communications Act.
Prior to joining Perkins Coie, Todd served as Deputy Assistant Attorney General in the National Security Division in charge of the division’s internet and cybersecurity, appellate, terrorist financing, and international outreach and capacity building practices. He has provided legal advice and counsel to the departments and agencies in the U.S. Intelligence Community and represented the U.S. government before the U.S. Foreign Intelligence Service Court and in national security delegations to Algeria, Colombia, Egypt, Pakistan, Yemen, and European countries. Todd served as chief counsel to then-Senator Joseph R. Biden, Jr. and staff director of the Senate Judiciary Committee’s Subcommittee on Crime and Drugs. He also served under President George W. Bush as a director in the National Security Council’s Directorate for Combating Terrorism.
Areas of focus
Industries
Services
Education & Credentials
Education
- Harvard Law School, cum laude, 1997
- Amherst College, Physics, Philosophy, magna cum laude, 1993
Bar and Court Admissions
-
Washington
Related Employment
- Obama-Biden Presidential Transition, Justice & Civil Rights Team, 2008-2009
- American University Law School, Washington, D.C., Adjunct Professor, 2004-2008
- Davis Wright Tremaine, Litigation Associate, Seattle, WA, 1997-2000
Clerkships
- Hon. Richard C. Tallman, U.S. Court of Appeals for the Ninth Circuit
Professional Recognition
Listed in Thomson Reuters “Stand-out Lawyers,” 2024
Listed in Lawdragon 500 Leading Global Cyber Lawyers, 2024
Named among BTI Client Service All-Stars, 2019
Professional Experience
Class Action Defense
S.A. and P.B. v. University of Washington
Superior Court for the State of Washington, King County
Lead counsel for the University of Washington in putative class action arising from an alleged data breach involving the personal information and protected health information of approximately one million patients of UW Medicine. Plaintiffs asserted multiple statutory and common law claims, including for violation of Washington’s Breach Notice Statute, Uniform Health-Care Information Act, AIDS Omnibus Act, and Release of Records for Research Act, as well as for negligence, breach of fiduciary duty, breach of express and implied contract, and unjust enrichment. Perkins Coie achieved dismissal of all claims with statutory damages at the pleadings stage, then twice defeated class certification, after which plaintiffs dismissed all remaining claims with prejudice.
Barnes v. Hanna Andersson et al.
U.S. District Court for the Northern District of California
Successfully defended Hanna Andersson in the first data breach putative class action filed under the California Consumer Privacy Act (CCPA), also alleging claims under California’s Unfair Competition Law, Cal. Civ. Code Section 17200 and for negligence. Obtained preliminary approval of class settlement with terms very favorable to Hanna Andersson, pending final approval.
Customer v. Client
Superior Court for the State of Washington for King County
Defending client in putative data breach class action alleging common law and statutory causes of action arising out of alleged public exposure of personal information.
Hoffman v. Pet360, Inc.
Superior Court of New Jersey, Bergen County
Obtained dismissal with prejudice of consumer protection and privacy class action complaint. No. BER-L-19308-14 (N.J. Super. 2014).
In re Search Warrant No. 16-960-M-01 to Google, Nos. 16-960-M-01, 16-1061
U.S. District Court for the Eastern District of Pennsylvania
Represent Google in ongoing litigation regarding whether a search warrant issued pursuant to the Stored Communications Act, 18 U.S.C. §§ 2701-2710, can be used to compel a communications service provider to seize customer communications stored outside the United States and disclose them to the government.
Matter of Search of Content that is Stored at Premises Controlled by Google, No. 16-mc-80263
U.S. District Court for the Northern District of California
Represent Google in ongoing litigation regarding whether a search warrant issued pursuant to the Stored Communications Act, 18 U.S.C. §§ 2701-2710, can be used to compel a communications service provider to seize customer communications stored outside the United States and disclose them to the government.
In re: Two email accounts stored at Google, Inc., No. 17-M-1235
U.S. District Court for the Eastern District of Wisconsin
Represent Google in ongoing litigation regarding whether a search warrant issued pursuant to the Stored Communications Act, 18 U.S.C. §§ 2701-2710, can be used to compel a communications service provider to seize customer communications stored outside the United States and disclose them to the government.
In the Matter of the Search of Information Associated with [Redacted]@gmail.com That Is Stored at Premises Controlled by Google, Inc., No. 17-mj-757 (GMH)
U.S. District Court for the District of Columbia
Represent Google in ongoing litigation regarding whether a search warrant issued pursuant to the Stored Communications Act, 18 U.S.C. §§ 2701-2710, can be used to compel a communications service provider to seize customer communications stored outside the United States and disclose them to the government.
Sarkar v. Doe
Court of Appeals of Michigan
Represented Google and Twitter as amici curiae arguing that the First Amendment requires a litigant that seeks to unmask an anonymous online speaker for purposes of filing a defamation claim to first make an evidentiary showing in support of the claim. The Michigan Court of Appeals agreed that the First Amendment barred disclosure of the anonymous speaker’s identity.
HMTQ v. Imperial Tobacco Canada
Supreme Court of British Columbia
Provided on behalf of the Office of the Information & Privacy Commissioner for British Columbia an opinion on the applicability of U.S. law to documents disclosed to a U.S. party in discovery and the U.S. government’s ability to compel production of such documents.
ABC v. DEF
U.S. Court of Appeals for the Second Circuit
U.S. District Court for the Southern District of New York
Represented Google Inc. in action to enforce National Security Letter (NSL) and in bid to disclose Google’s identity as the recipient of a NSL. Pursuant to a stipulated agreement and order, Google was authorized to disclose its identity as the recipient of the NSL in question.
Telecommunications Regulatory Board of Puerto Rico v. CTIA-The Wireless Association
U.S. Circuit Court of Appeals for the First Circuit
U.S. District Court for the District of Puerto Rico
Represented CTIA-The Wireless Association before trial and appellate courts in case arguing the Puerto Rico law requiring pre-paid wireless telephone service providers to disclose to the Telecommunications Regulatory Board information regarding their customers or subscribers so the Board could create a registry was unconstitutional because it was preempted by the federal Stored Communications Act. CTIA-The Wireless Association prevailed at all levels. The Puerto Rico law was held unconstitutional.
Maryland v. King
U.S. Supreme Court
Representing Veterans for Common Sense as amicus curiae, argued that the warrantless collection and analysis of DNA from a person who has been arrested for a criminal offense constitutes an intrusion of privacy interests protected by the Fourth Amendment.
Cloud Computing Provider
Federal Trade Commission
Represented cloud computing provider in Federal Trade Commission investigation under Section 5 of the FTC Act regarding security practices for mobile access to cloud computing service. Investigation closed.
Insights
