Fields Howell Welcomes Three Associates

Fields Howell is excited to announce additions to our team in our Atlanta and Miami offices.


Alery Delgado

Our Miami office welcomed associate attorney Alery Delgado in August. Alery graduated from St. Thomas School of Law where she earned her Juris Doctor cum laude. She worked for nine years as a paralegal and law clerk at various law offices in Miami while completing her degrees, including interning in the Litigation Division of the City of Miami Attorney’s Office.

Alery comes to Fields Howell after spending seven years at Lydecker Diaz. As an associate attorney there, she worked on cases involving general litigation, premises liability, products liability, first party property, among others. Alery brings to Fields Howell her expertise in complex insurance defense litigation, including premises liability, negligent security, automobile negligence, wrongful death, and insurance coverage claims.


Fields Howell’s Atlanta office continues its growth with two new associates. Michael F. Burgess and Kathryn E. Sheppard are recent law school graduates who gained extensive experience with the firm as summer associates in 2017.

Michael F. Burgess

Michael graduated with honors from Emory University School of Law in 2018. While in school, Michael was the Managing Editor of the Emory Corporate Governance and Accountability Review. He also served as the Treasurer for the National Security & Military Law Society. Prior to gaining experience with Fields Howell, Michael served as a court services intern at Roswell Municipal Court. During school, he worked as a legal intern for the Environmental Finance Center at the UNC School of Government. He also gained valuable experience as an extern for the Southeast Region of the Federal Trade Commission.

Michael returns to the firm as a first year associate practicing insurance coverage and defense regarding commercial property and commercial general liability claims.

Kathryn E. Sheppard

Kathryn (Kaylee) graduated cum laude from University of Georgia School of Law in 2018. There, she served as President of the Business Law Society and on the Editorial Board for the Journal of Intellectual Property. Before joining Fields Howell as a summer associate, Kaylee interned at The Home Depot headquarters through UGA’s Corporate Counsel Externship Program. She was a judicial intern to Chief Judge Ethelyn N. Simpson and Judge Charles E. Auslander, III of the Western Judicial State Court and also participated in the Mediation Clinic at UGA where she mediated over a dozen cases.

She has a rich history in law and insurance, having earned a Bachelor’s of Business Administration in Risk Management and Insurance from the University of Georgia in 2015. She also has certificates in Legal Studies and Business Professionalism and served as the Philanthropy Chair of the Insurance Society.

Cryptocurrency: Key Areas of Concern For Attorneys

By:   Fields Howell Attorneys Jennifer Wolak, Samantha Rowles, & Adam Adler and ProQuest’s Vice President, Claims Advocate Lead Jennifer Groszek. 

Cryptocurrency is a rapidly evolving area and certainly will impact attorneys in the E&O space. Attorneys must understand what cryptocurrency is and how it works. Current law does not provide any federal agency with plenary authority over cryptocurrency. Various agencies (the SEC, CFTC, IRS, and DOJ) are promulgating guidance and engaging in enforcement actions. This patchwork approach creates uncertainty and can be a minefield for attorneys offering advice in this space. The increasing popularity of cryptocurrency combined with its regulatory uncertainty has also created a situation in which attorneys may feel pressure to accept digital coins as a form of payment, but face increased risks and ethical pitfalls when doing so.

Areas of concern involve whether initial coin offerings (ICOs) could be classified as a securities, fraud, tax implications and potential ethical issues with attorneys accepting payment in bitcoin and other cryptocurrencies… Full Article






Cyber News “In Brief”

By: Jennifer Wolak, Adam Adler and Samantha Lemery Rowles

Welcome to our Cyber News “In Brief” post, here’s a quick overview of some of the significant recent headlines.

Case Updates
Under Armour recently announced that its nutrition app, MyFitnessPal, has suffered a data breach that impacted approximately 150 million users.  The app allows users to track their caloric intake and exercise.  The breach allegedly did not compromise credit card information or birthdays.  Instead, the breach compromised usernames, emails, and passwords.  These email addresses can be particularly valuable to spammers.  Some of the password information stolen was protected by “bcrypt,” which converts the information into an unintelligible format that could take longer and more resources to unravel.  Other information, however, may have been stored in a less protected format.

Dating app Grindr has indicated that it will stop sharing the HIV status of its users with other companies.  According to media reports, user information was sent to two companies that test the performance of Grindr’s products and allegedly to create new features.  Grindr has insisted that it had security measures in place to protect users’ privacy, such as the encryption of sensitive information.  Grindr also insisted that it never sells any user information and will isolate the information going forward.

Grindr is just one example of the recent media focus on data-sharing practices and the privacy disclosures that companies use to disclose these practices.  Facebook has been in the spotlight for its purported knowledge of Cambridge Analytica’s harvesting of data from up to 87 million users.  There are allegations that this information was then used to influence the recent U.S. presidential election.  Cambridge Analytica gathered the data through a personality app.  Facebook announced that it will notify users as to whether their data was at issue.  A link also will be provided to allow users to delete apps and prevent them from collecting information.  According to some reports, Facebook has suspended CubeYou, a data analytics company, due to CubeYou’s alleged gathering of data via quizzes and then sharing that information with marketing companies.  We expect to see more of these types of suspensions.

Most of us voluntarily put quite a bit of personal information on publicly available social media apps but how much control should we have over how that information is used?  How should these data-sharing practices be regulated and to what extent?  By some accounts, Facebook’s Mark Zuckerberg has indicated that he may not be willing to impose the EU General Data Protection Regulation (the “GDPR”) as the standard without exception worldwide but eventually, there may not be a choice in the matter.  Zuckerberg will testify before Congress this week.

Apps are not the only targets – Retailers Saks Fifth Avenue and Lord & Taylor recently announced that 5 million credit and debit cards have been compromised.  It appears the card information may have been stolen from stores using the “chip and signature” standard but it is not clear whether the information was subject to encryption.   Recently, hackers posted the stolen information on the dark web.  The hack allegedly was committed by a group known as JokerStash (also known as Fin7), which may have been behind the Whole Foods and Chipotle breaches as well.  By some reports, the group has disclosed 125,000 credit card numbers thus far and promised to release more shortly.

It appears Sears, Delta, and Best Buy all were affected by a recent breach.  According to media reports, all three companies use the same third-party firm, [24], to provide online and mobile chat services for customers.  Some customer payment information may have been compromised.  [24] has maintained that it has confidence in the security of its platform.

Loyalty programs could also present a significant vulnerability.  Panera recently was hit by a data breach.  We understand the records targeted belonged to customers that enrolled in the loyalty program.  As a result, names, emails, physical addresses, birthdays, and the last four digits of credit card numbers may have been compromised.  By some accounts, Panera allegedly was warned that its website was exposing sensitive data but did not immediately fix the issue.  There have been conflicting reports regarding the number of consumers affected.

In drone news, the Trump administration has recently asked Congress to give the Departments of Homeland Security and Justice the ability to track and destroy drones that could be used by terrorist groups to deliver harmful substances or conduct reconnaissance.  There is some concern that the proposal could lead to power that is unnecessarily broad.

The information in this blog post (“post”) is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. No information contained in this post should be construed as legal advice from Fields Howell or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the reader’s state, country or other appropriate licensing jurisdiction.

Four Takeaways From California’s Data Breach Suit Against Experian

On March 6, 2018, the state of California filed a lawsuit seeking civil penalties against credit reporting agency Experian Data Corporation and others.  This case has important implications for companies that collect or store consumers’ personal identifying information (“PII”), including possible exposure to hefty fines at the hands of state and local government entities for failure to comply with breach notification laws.

Case Background

California filed suit against Experian, Court Ventures, Inc. (“CVI”), and U.S., LLC (“USI”) (collectively, the “Defendants”), alleging that the Defendants failed to notify victims that their PII was stolen in a large-scale data breach.  This lawsuit comes on the heels of another suit that California filed against Equifax in September 2017 under a similar theory following the data breach that company experienced.

CVI and USI aggregate and sell access to consumers’ PII.  According to the Complaint, CVI and USI entered a Data Sharing Agreement and pooled their aggregated consumer PII.  This provided paying customers with access to a larger database of PII (the “Database”).  In March 2012, Experian allegedly acquired CVI and became a party to the Data Sharing Agreement.

In July 2010, Heiu Minh Ngo allegedly posed as a private investigator and purchased access to the Database.  Ngo then sold access to Database information to criminals via two illicit websites.  As many as 30M consumers’ PII may have been compromised.  According to media reports, criminals stole $65M by filing fraudulent tax returns using PII obtained via Ngo’s illicit websites.

California’s Basis for its Suit

California has sued the Defendants under California’s unfair competition and breach notification laws.  The breach notification law provides:

A person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose a breach of the security of the system following discovery or notification of the breach in the security of the data to a resident of California (1) whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person…. Cal. Civ. Code § 1798.82(a)

The statute requires that disclosure “shall be made in the most expedient time possible and without unreasonable delay.” Id.

The Complaint alleges the Defendants have yet to notify affected persons of the data theft.  The Complaint seeks penalties of up to $2,500 per violation, plus an additional $2,500 for each affected person who is elderly or disabled.  With an estimated 3.6M affected Californians, this sum could exceed $9B.

Key Takeaways

There are four important takeaways from this case.

– Companies’ exposure from data breaches could increasingly stem from fines and penalties imposed by state and local government entities.

– California’s UCL and breach notice provisions could become an increasingly popular tool for California government entities eager to crack down on privacy or cybersecurity violations.  In fact, a separate suit against Equifax filed in September 2017 seeks to hold Equifax responsible for penalties under the UCL for its alleged six-week delay (and other deficiencies) in providing notification of the breach to victims.

– Security vulnerabilities are not necessarily the product of a technical deficiency.  Indeed, the Complaint alleges that consumers’ PII in this instance was compromised not through any technical vulnerability, but rather through a failure to properly vet Ngo and recognize his large-scale criminal operation.

– Liability for companies could result from agreements reached with third parties or other companies during the course of mergers and acquisitions.  Here, Experian acquired CVI and, thereby became party to the Data Sharing Agreement.  This acquisition, and Experian’s later part in the Data Sharing Agreement, were key vulnerabilities exposing it to potential liability.  Companies would, therefore, be wise to properly vet all agreements with third parties to prevent vulnerabilities that can result from unknown entities’ ability to gain access to the PII they collect.


Written by: Jennifer Wolak & Adam Adler
April 2, 2018

The information in this blog post (“post”) is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. No information contained in this post should be construed as legal advice from Fields Howell or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the reader’s state, country or other appropriate licensing jurisdiction.


Fields Howell Partner Paul Fields Wins 2016 Client Choice Award

Atlanta, GA – On February 17, 2016, the International Law Office (ILO) and Lexology announced the winners of the 2016 Client Choice Awards. Fields Howell LLP is pleased to announce that founding partner, Paul L. Fields, Jr., has been selected as the exclusive winner of the Insurance category for Georgia.

Established in 2005, the Client Choice Awards identify top attorneys by surveying senior in-house counsel on the quality of client service they receive from law firms, rather than relying on peer nominations as many other professional awards do. Using attorney-client relationships to define success, the awards seek partners that excel in their roles and continuously offer outstanding client services. This year’s winners were selected from over 2,500 individual nominations.

Paul’s nomination reflects his twenty-eight years in practicing complex insurance coverage and litigation. Throughout his career, Paul has cultivated long-term relationships with clients and is devoted to the success of their businesses. His professional knowledge and ability to provide individualized attention to his clients have earned him the utmost respect from counsel members all around the world.

To view the complete list of 2016 winners in the US & Canada, click here: Client Choice Awards 2016 Winners

About ILO:

Launched in 1998, ILO is the nexus where global corporate counsel engage with the world’s preeminent law firms, and each other. ILO is a multifaceted online resource for senior international corporate counsel, which provides tailored, quality-assured updates on global legal developments, a database of the world’s major deals and the legal advisers involved, and a comprehensive directory of firms and partners.

About Lexology:

Launched in 2007, Lexology is a daily newsfeed of law firm client alerts, articles and blogs delivered to the desktops of senior business lawyers worldwide on a daily basis. Lexology has built a unique audience of over 260,000 subscribers, over 60% of whom are in-house corporate counsel representing the vast majority of Fortune 500, FT Global 500 and FT Euro 500 companies – including all members of the Association of Corporate Counsel.

Fields Howell Opens Miami Office

We are pleased to announce the addition of our new Miami office, which officially opened its doors on February 1, 2016.

Armando P. Rubio, former partner at Cole Scott & Kissane PA, has joined the firm to lead the Miami office as Partner-in-Charge.

Armando and his team will be assisting the firm with its existing insurance coverage and defense practice, while bringing years of experience and a proven track record in marine liability, product liability and commercial defense. While leading this fully bilingual office in Miami, Armando will continue to handle matters in Florida, Mexico, the Caribbean and throughout Latin America.

We look forward to serving our clients in this new market.

Happy Holidays from Fields Howell

We want to wish all of our clients and partners a wonderful holiday season, and we look forward to doing business with you in 2016! Click the link below to play our holiday game!

(For best gaming experience, play on your mobile device.)

We Have Moved!

We have moved to a new office. Please update your records to reflect our new firm name:

Fields Howell LLP

and new address:

1180 W. Peachtree Street, Suite 1600

Atlanta, GA 30309