Matthew's cross-disciplinary practice focuses on data privacy, cybersecurity, crisis management, and incident response for a broad range of industries. He is well-versed in multi-jurisdictional privacy compliance; cyber risk identification, mitigation, and response strategies; complex information governance and data management issues; and cross-border electronic discovery. His diverse experience at the intersection of litigation, informational and operational technology, and data management enables him to provide clients with comprehensive business-oriented counsel proactively and in real time.

Matthew routinely counsels clients on considerations arising under a wide range of domestic and international privacy and security laws, standards, and best practices. Such frameworks and standards include the California Consumer Privacy Act of 2018 (CCPA), the Illinois Biometric Information Privacy Act (BIPA), the EU's General Protection Data Regulation (GDPR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and Brazil's General Data Protection Act (LGPD), as well as regulatory guidance and international standards relating to privacy and security, such as NIST or ISO standards.

In addition, Matthew has managed dozens of cyber and privacy incidents for multi-national companies through all aspects of investigation, remediation, notification, regulatory engagement, and litigation. With his keen awareness of the enforcement landscape, Matthew assists clients with incident and crisis response preparedness. As part of this, Matthew works hand-in-hand with clients to develop tabletop exercises, simulations and drills for individuals in a variety of roles to help identify and address gaps in procedures and protocols for emergent situations.