Overview

Mark H. Francis is a New York cybersecurity, data privacy and intellectual property attorney advising clients on a wide array of "tech and data" counseling, transactional and litigation matters.

Counseling. Mr. Francis focuses on data strategy and information governance, cybersecurity, technical controls, cross-border data transfers, and data privacy laws. In that capacity, Mr. Francis advises clients on Federal Trade Commission (FTC) Section 5 requirements (unfair and deceptive practices), Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act (FCRA), Children's Online Privacy Protection Act (COPPA), California Consumer Privacy Act (CCPA), Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act of 2003, state privacy laws, PCI Data Security Standard (DSS), card brand operating regulations, National Institute of Standards and Technology (NIST) and International Organization for Standardization (ISO) standards and other related legal and regulatory requirements.

Tech Agreements and Corporate Transactions. Mr. Francis regularly advises clients on data and intellectual property agreements and technology transactions, including master service agreements and statements of work (SOWs), open source and proprietary software licenses, IP/data transfers and licenses, software as a service (SaaS) and cloud computing agreements. He also works with deal teams on data and technology risks and representations in corporate transactions.

Crisis Management and Incident Response. Mr. Francis has counseled dozens of clients on U.S. and global data breaches and other security incident s across a number of industries, including healthcare, financial services, retail, technology, consulting, industrial and telecommunications. He advises clients on internal and forensic investigations, regulatory and individual notifications and interactions with law enforcement and other third parties.

Cybersecurity and Data Privacy Litigation and Regulatory Actions. Mr. Francis represents clients in regulatory and state Attorney General investigations, data breach class actions and PCI assessments.

Intellectual Property Counseling and Litigation. Mr. Francis represents clients in a wide range of intellectual property (IP) litigation in federal courts across the country. His IP matters have often involved complex technologies such as wired and wireless communications, cloud computing, mobile operating systems, virtual machines, web browsers, encryption, image processing and semiconductor devices. He is a registered patent attorney with the U.S. Patent and Trademark Office and assists clients with patent prosecution, as well as copyright and trademark procurement.

Mr. Francis is an International Information System Security Certification Consortium (ISC)2 Certified Information Systems Security Professional (CISSP) and EC-Council Certified Ethical Hacker (CEH). He is also an International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional/United States (CIPP/US), IAPP Certified Information Privacy Technologist (CIPT) and IAPP Fellow of Information Privacy (FIP).

In addition, Mr. Francis is an accredited attorney for the preparation, presentation and prosecution of claims for veterans' benefits before the U.S. Department of Veterans Affairs (VA).

Experience

  • Advise clients across multiple industry sectors on California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR) and related data privacy compliance projects
  • Advise clients on data strategy and utilization with intellectual property, contractual and technical controls for data rights management
  • Advise a financial services provider on third-party risk management, outsourcing and services agreements
  • Advise a healthcare services provider on customer agreements
  • Counsel clients on software, cloud services and outsourcing agreements, including in connection with data and intellectual property (IP) rights, cybersecurity and data privacy, service level agreements and international considerations
  • Advise medical device manufacturers and digital health providers on cybersecurity programs and customer contracts
  • Counsel clients in response to cyber incidents and data breaches to manage business and legal exposure, including oversight of forensic investigations, notifications, and compliance with legal and contractual obligations
  • Conduct cybersecurity assessments and provide counseling on cyber governance, policies and practices, including in connection with the National Institute of Standards and Technology (NIST) Cybersecurity Framework, International Organization for Standardization (ISO) 27000-series, Payment Card Industry Data Security Standard (PCI DSS), NIST 800-53 and Risk Management Framework (800-37), Critical Security Controls (CSC), Cloud Security Alliance (CSA) Cloud Controls Matrix, Open Web Application Security Project (OWASP) Top 10 and other industry standards
  • Advise on written information security policies, privacy policies, incident response plans and other corporate policies addressing information governance, technical infrastructure and cybersecurity risk management
  • Conduct merger and acquisition (M&A) due diligence in regard to cybersecurity practices, data privacy, cross-border data transfers, software and open source considerations, PCI compliance and IP rights

  • Bath Authority, LLC v. Anzzi LLC (E.D. Pa.): Representing defendant in intellectual property dispute; see 2018 WL 5112889 (E.D. Pa. Oct. 19, 2018)
  • Enslin v. The Coca-Cola Company, et al. (E.D. Pa.): Represented defendant in purported class action for alleged data breach, summary judgment granted for defendants and affirmed on appeal; see 2017 WL 3727033 (E.D. Pa. Aug. 29, 2017), aff’d, 739 Fed. App’x. 91 (3d Cir. June 20, 2018)
  • Epstone, Inc. v. Soho Studio, Corp. (S.D.N.Y.): Represented defendant in intellectual property dispute; settled on favorable terms
  • Oracle America, Inc. v. Google, Inc. (N.D. Cal.): Represented defendant Google in first trial of a patent and copyright litigation involving virtual machine technology and application programming interfaces (APIs) used in the Android operating system. After a five-week jury trial, the Court held that APIs are not copyrightable as a matter of law and the jury returned a unanimous verdict rejecting all claims of patent infringement
  • Mobile Enhancement Solutions LLC v. Nokia Corp. et al. (N.D. Tex.): Represented defendants Microsoft and Nokia in a patent litigation involving Long-Term Evolution (LTE) and acoustic technologies
  • Lake Cherokee Hard Drive Tech., LLC v. MediaTek USA Inc. et al. (E.D. Tex.): Represented defendant Hewlett Packard in a patent litigation involving error correction codes for optical disks; case against HP was dismissed
  • National Cheng Kung University v. Nokia Corporation et al. (E.D. Tex.): Represented defendant Nokia in a patent litigation involving the removal of unwanted objects from captured images; case against Nokia dismissed
  • Parallel Iron LLC v. Cloudera Inc. et al. (D. Del.): Represented defendant Nokia in a patent litigation involving the Hadoop distributed file system (HDFS) for computer clusters; settled on favorable terms
  • CRS LLC v. Cellco Partnership d/b/a Verizon Wireless (D. Del.): Represented defendant Verizon Wireless in a patent litigation involving content adaptation technology for mobile devices; settled on favorable terms
  • Textscape LLC v. Google Inc. (N.D. Cal.): Represented defendant Google in a patent litigation involving web browser user interfaces; patent invalidated during reexamination proceedings and the case dismissed
  • Michael S Sutton Ltd. v. Nokia Corporation et al. (E.D. Tex.; Fed. Cir.): Represented defendant Nokia in patent litigation relating to multimedia messaging for mobile devices; judgment entered for Nokia by the district court and affirmed by the Federal Circuit

Credentials

Education
  • Fordham University School of Law, J.D.
  • Fordham University, MBA
  • City University of New York, B.S.
Bar Admissions/Licenses
  • New Jersey
  • New York
Court Admissions
  • U.S. Court of Appeals for the Federal Circuit
  • U.S. Court of Appeals for the Third Circuit
  • U.S. District Court for the Southern District of New York
  • U.S. District Court for the Eastern District of New York
  • U.S. District Court for the Northern District of New York
  • U.S. District Court for the District of New Jersey
  • U.S. District Court for the District of Colorado
  • U.S. District Court for the Eastern District of Texas
  • U.S. Patent and Trademark Office
Memberships
  • American Bar Association
  • International Association of Privacy Professionals (IAPP), Training Advisory Board, 2017-2018
  • InfraGard, New York Metro InfraGard Members Alliance, Board of Directors, 2018-2019 
  • International Information System Security Certification Consortium (ISC)²
  • EC-Council
Honors & Awards
  • Rising Stars, New York Super Lawyers magazine, 2015-2017
  • Nathan Burkan Memorial Award, Fordham University School of Law, 2006

Publications

Speaking Engagements

News