Ashley L. Shively
Ashley L. Shively is a privacy attorney and class action litigator in Holland & Knight's San Francisco office.
Ms. Shively counsels public and private companies on consumer protection and data privacy issues with respect to product development, sign-up and point-of-sale procedures, digital marketing, regulatory compliance, incident response, and state and federal enforcement. She regularly advises on the Children's Online Privacy Protection Act (COPPA), Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003, Fair Credit Reporting Act (FCRA), Gramm-Leach-Bliley Act (GLBA), state privacy and unfair and deceptive practices laws, and similar legal and regulatory requirements. At present, she is particularly focused on the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (VCDPA) and analogous legislation under consideration this year in other states.
Ms. Shively focuses her litigation practice on the defense of financial institutions and businesses in consumer class and individual actions, including privacy, data breach, false advertising, unfair business practices, call recording and website wiretap claims. She has extensive experience litigating class actions under the Truth in Lending Act (TILA), Telephone Consumer Protection Act (TCPA) and state wiretap acts, including the California Invasion of Privacy Act (CIPA).
Ms. Shively also handles complex litigation matters, from mass tort and federal multidistrict litigation to commercial contract disputes.
Immediately after law school, Ms. Shively worked in the complex and civil divisions of the Superior Court of California of the County of Alameda. She also externed during law school for the Honorable Frank C. Damrell in the U.S. District Court for the Eastern District of California and the Honorable Robert L. Dondero in the Superior Court of California of the County of San Francisco.
Ms. Shively serves as the coordinator for Holland & Knight’s 2022 Rising Star Class and is the San Francisco office coordinator for the firm's Women's Initiative.
- Advise clients on the adoption and implementation of data privacy programs in light of evolving laws and regulations, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (CDPA) and European Union General Data Protection Regulation (GDPR)
- Counsel a global brand on reconciling obligations as to employees under applicable privacy laws, particularly with respect to employee privacy notices and rights requests
- Counsel business-to-business (B2B)- and business-to-consumer (B2C)-facing entities in the immediate aftermath of data breach and other security incidents (ransomware, wire fraud, phishing, etc.), including insurance and vendor issues, remediation, forensic investigation, required notifications and law enforcement considerations
- Prepare a new chief privacy officer for meetings with executive stakeholders on company's ransomware preparedness; draft ransomware protocols for general counsel and legal department in the event of a ransomware attack; and make recommendations on breach response preparedness
- Advise financial technology (FinTech) clients on call center and text message scripting for compliance with state call recording laws and the Telephone Consumer Protection Act (TCPA)
- Advise a not-for-profit real estate organization on preparation for New York City's Tenant Data Privacy Act (TDPA), a law intended to address perceived privacy-related issues concerning smart access systems in multifamily buildings; also advised regarding an innovative cloud services agreement designed to help residents improve their credit scores by reporting rent payments
- Counsel a not-for-profit organization on data privacy issues in connection with disclosures to donors and supporters
- Advise multiple clients on the development of global privacy policies, customer terms and conditions, and other consumer-facing policies and internal data protection policies and procedures
- Counsel e-commerce businesses across industry sectors on consumer protection issues, including compliance with state automatic renewal laws and the Federal Trade Commission's (FTC) guidance regarding testimonials and endorsements
- Counsel public, private and nonprofit organizations on data protection and consumer privacy issues, including California's Shine the Light Act and the Illinois Biometric Information Privacy Act (BIPA), as well as state and federal consumer protection obligations
- Conduct merger and acquisition (M&A) due diligence in regard to cybersecurity practices, data privacy and cross-border data transfers
- Represent a non-bank mortgage lender in a data breach class action involving data from self-insured employee health plan
- Represented a financial technology (FinTech) client in investigation by enforcement division of federal regulator on consumer protection issues
- Defended pharmaceutical division of foreign entity in antitrust class action and secured dismissal with prejudice of key claims at the pleading stage (U.S. District Court for the Northern District of California)
- Secured dismissal with prejudice on first round of motion practice in a Telephone Consumer Protection Act (TCPA) class action filed against technology company (U.S. District Court for the Northern District of California)
- Represented a private educational institution in series of nationwide putative class actions alleging violations of various consumer protection statutes (U.S. District Court for the Central District of California)
- Secured a seven-figure reduction in attorneys' fee award on litigated fee motion in connection with settlement of certified nationwide class (U.S. District Court for the Northern District of California)
- Defeated class certification on behalf of financial institution in a TCPA action (U.S. District Court for the Northern District of California)
- Defended a student loan servicer in putative class action alleging call recordings in violation of the state wiretap act, California Invasion of Privacy Act (CIPA) (U.S. District Court for the Northern District of California)
- Defeated class certification and obtained summary judgment on behalf of an auto-finance company in coordinated TCPA class actions (U.S. District Court for the Northern District of Illinois)
- Represented a music streaming service in false advertising class action and negotiated favorable individual settlement (U.S. District Court for the Southern District of New York)
- Represented a global brand in lawsuit against its advertising agency and publishers related to transparency in digital advertising and ad fraud (Superior Court of California, San Francisco County)
- Represented a healthcare provider in a data breach class action under California's Customer Records Act and Confidentiality of Medical Information Act (Superior Court of California, Contra Costa County)
- Negotiated a favorable class settlement on behalf of an auto-finance company for alleged violations of California's Rees-Levering Act related to post-repossession notices (Superior Court of California, Contra Costa County)
- Defense of mandate lawsuits and response in three appellate proceedings arising from rulings / judgments in favor of state agency in facilities dispute, followed by settlement that yielded multiyear facilities agreement (Superior Court of California, Santa Clara County)
- Defended a beverage company in right of publicity action (Superior Court of California, San Diego County)
- Represented a technology platform in dispute with advertising agency and digital publishers over click fraud, malware and other forms of ad fraud (Superior Court of California, San Francisco County)
- Defended a cosmetics company in a putative class action alleging violations of California's Song-Beverly Consumer Warranty Act related to ZIP code recording at point-of-sale and secured approval of class settlement (Superior Court of California, San Francisco County)
- Seminal published opinion affirming right of state agency to maintain privacy of unpublished researchers' files (Superior Court of California, Yolo County and Court of Appeals of California, Third District)
- Defended a state agency in mandamus action filed by Public Records Act requestor related to unpublished researched files and sensitive identifying information (Superior Court of California, Yolo County)
- University of California Davis School of Law, J.D.
- Johns Hopkins University, M.A., Government
- Johns Hopkins University, B.A.
- U.S. Court of Appeals for the Ninth Circuit
- U.S. District Court for the Northern District of California
- U.S. District Court for the Central District of California
- U.S. District Court for the Eastern District of California
- U.S. District Court for the Southern District of California
- U.S. District Court for the Northern District of Illinois
- American Bar Association
- The Bar Association of San Francisco
- Holland & Knight Pro Bono All-Star, 2020
- Holland & Knight Rising Star, Class of 2020