Philip N. Yannella


Phil is a litigator and a Practice Co-Leader of Ballard Spahr's Privacy and Data Security Group. In his role, Phil regularly counsels clients on data, privacy, and cybersecurity issues relating to the use of digital information. He represents financial institutions, media organizations, tech companies, online platforms, life sciences companies, global manufacturers, gaming companies, and higher eds.

Phil has counseled and represented clients in a wide array of privacy and data security litigations including lawsuits filed under the Telephone Consumer Protection Act (TCPA), Defense of Trade Secrets Act (DTSA), Computer Fraud and Abuse Act (CFAA), Stored Communications Act (SCA), Video Privacy Protection Act (VPPA), and Illinois Biometric Information Protection Act (BIPA), as well as state wiretap and data breach class actions and website accessibility claims. He has extensive experience coaching clients through data breaches. He has handled over 500 breaches for clients to date, managing breach notification in all 50 states and more than 35 foreign jurisdictions, and has led the defense of numerous regulatory investigations relating to data breaches, including those brought by state Attorney Generals, the OCC, NY DFS, the UK Information Commissions Office (ICO), and Canadian privacy regulators.


Complex Litigation & Regulatory Investigations

  • Duplantis v. Hubbard Radio, Washington DC (D. Md. 2022). Obtained dismissal in a putative class action under the Video Privacy Protection Act (VPPA), alleging that Hubbard shares video viewing history of subscribers via use of Meta Pixel.
  • Ade v. Hubbard Broadcasting, Inc. (N.D. Ill. 2022). Obtained dismissal of a putative class action under the Video Privacy Protection Act (VPPA), alleging that Hubbard shares video viewing history of subscribers via use of Meta Pixel.
  • Chapman v. Pennsylvania Department of Health (M.D. Pa. 2021). Obtained dismissal of Pennsylvania Department of Health in class action premised on vendor’s breach of personal medical information collected as part of COVID-19 tracking program.

Crisis Management & Incident Response

  • Represented an international fintech in connection with ransomware attack of vendor systems by Maze/Ragnar threat actors. Attack resulted in exfiltration and exposure of 500 GB of customer data. Assisted in defense of client in follow-on SEC investigation.
  • Representing international toy manufacturer in ransomware attack by Hive threat actors, managing US and EU reporting obligations.
  • Represented international household appliance manufacturer in ransomware attack involving exfiltration of 50 GB of consumer and employee data.

Privacy Counseling

  • Advised clients in identifying technologies that constitute AI under existing privacy laws, such as GDPR and CCPA, that trigger additional compliance requirements and risk assessments. These technologies include employee screening and monitoring tools, facial recognition AI, etc.
  • Advised clients regarding AI biometric scanning technologies covered under U.S. biometric laws
  • Counseled multiple tech startups on compliance with U.S. biometric laws in connection with development of facial surveillance software.

Professional Highlights

Professional Activities

The Sedona Conference Institute
Member, International Data Privacy, eDiscovery, and Cross-Border Data Transfer Issues Working Groups

Defense Research Institute



Recognition & Accomplishments

JD Supra Readers' Choice Award, Top Author in Cybersecurity and Data Privacy, 2023

The Legal 500 US, Dispute resolution - E-discovery, 2019

Speaking Engagements

Speaker, "Risk Management & Cyber Security: What You Don't Know Can Kill You," CEO Connection Mid-Market Convention, Philadelphia, September 23, 2019

"Emerging Data Security Laws: An Innovation Opportunity," Comcast Labs Connect's Security by the Schuylkill, Philadelphia, April 16, 2019

Speaker, "The California Consumer Privacy Act: What Comes Next?" Ballard Spahr webinar, March 20, 2019


Co-author, "Utah Privacy Law Would Be First to Require Search Warrant for Government to Access Stored Data," The National Law Review, March 28, 2019

Author, "European Union Discovery Presents Compliance Headaches for U.S. Litigants," The Legal Intelligencer, February 5, 2018



Temple University James E. Beasley School of Law (J.D. 1997)
Member, Political and Civil Rights Law Review
Member, Temple Moot Court
Recipient, Trial Advocacy Program's Outstanding Advocate Award

Temple University (B.A., summa cum laude, 1991)


New Jersey


U.S. District Court for the Eastern District of Pennsylvania

U.S. Court of Appeals for the Third Circuit