Gregory T. Parks helps companies manage data security incident response and litigation, privacy and cybersecurity compliance, class actions, attorney general investigations loyalty and gift card programs, retail operations, payment mechanisms, shoplifting prevention, and matters for retail, ecommerce, and other consumer-facing companies. For more than 20 years, Greg’s focus has been data security incident response and crisis management and any resulting litigation. Greg manages all phases of such litigation, trial, and appeal work. Greg is the primary leader of Morgan Lewis’s privacy and cybersecurity practice and a co-leader of the retail and ecommerce team.
Greg’s work in the privacy space includes compliance and implementation consulting for more than 500 companies on laws such as the California Consumer Protection Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the European General Data Protection Regulation (GDPR), the state data breach notification laws, the Fair Credit Reporting Act (FCRA), the FTC Red Flags rule, PCI-DSS mandates for credit card security, CAN-SPAM marketing email laws, the Telephone Consumer Protection Act (TCPA), FinCEN and other anti–money laundering rules, the Children’s Online Privacy Protection Act, the Massachusetts Data Security Regulations, and a myriad of other global, federal, state, and local privacy laws.
With more than 20 years of experience with the unique problems and challenges facing retailers, Greg counsels these clients through consumer class actions, real estate litigation, privacy and data security concerns, product and premises liability cases, and similar issues. His operational and compliance counseling involves matters arising from credit cards, gift cards, employee background checks, anti–money laundering plans, advertising and sales, data collection and privacy, and loyalty, layaway, and shoplifting prevention programs.
In the aftermath of data security incidents—he’s advised on more than 2,000 in his career—Greg helps clients craft immediate responses. He counsels them on how best to give notice to affected individuals or government and consumer reporting entities, following proper compliance protocol while keeping brand and public relations issues front of mind. He also represents these companies on any class action and other litigation or investigations stemming from the incidents, and instructs them on implementing policies and procedures to prevent and mitigate future breaches.
Results may vary depending on your particular facts and legal circumstances
Results may vary depending on your particular facts and legal circumstances.
Listed, Lawdragon’s 500 Leading Global Cyber Lawyers, Princeton, Privacy, Cybersecurity, Data Incident Response (2024)
Listed, The Best Lawyers in America, Privacy and Data Security Law (2023, 2024)
Listed, BTI Consulting Group, Client Service All-Star (2020)
Recommended, Media, technology and telecoms: Cyber law (including data privacy and data protection), The Legal 500 US (2019–2023)
Recommended, Dispute resolution: General commercial disputes; Recommended, Media, technology and telecoms: Cyber law (including data privacy and data protection); The Legal 500 US (2018)
Listed, Law360, Retail and eCommerce MVP (2014–2015)
Member, American Bar Association
Member, Philadelphia Bar Association
Member, International Association of Privacy Professionals
Fellow, Temple University’s Academy of Advocacy
Listed, The Legal Intelligencer, Lawyers on the Fast Track (2009)
No aspect of this advertisement has been approved by the Supreme Court of New Jersey. A description of the selection methodology for the above awards can be found here.