Philip N. Yannella

Partner

Philadelphia

Tel 215.864.8180
Fax 215.864.8999

Phil is a litigator and a Practice Co-Leader of Ballard Spahr's Privacy and Data Security Group. In his role, Phil regularly counsels clients on data, privacy, and cybersecurity issues relating to the use of digital information. He represents financial institutions, media organizations, tech companies, online platforms, life sciences companies, global manufacturers, gaming companies, and higher eds.

Phil has counseled and represented clients in a wide array of privacy and data security litigations including lawsuits filed under the Telephone Consumer Protection Act (TCPA), Defense of Trade Secrets Act (DTSA), Computer Fraud and Abuse Act (CFAA), Stored Communications Act (SCA), Video Privacy Protection Act (VPPA), and Illinois Biometric Information Protection Act (BIPA), as well as state wiretap and data breach class actions and website accessibility claims. He has extensive experience coaching clients through data breaches. He has handled over 500 breaches for clients to date, managing breach notification in all 50 states and more than 35 foreign jurisdictions, and has led the defense of numerous regulatory investigations relating to data breaches, including those brought by state Attorney Generals, the OCC, NY DFS, the UK Information Commissions Office (ICO), and Canadian privacy regulators.

Services

Experience

Complex Litigation & Regulatory Investigations

Duplantis v. Hubbard Radio, Washington DC (D. Md. 2022). Obtained dismissal in a putative class action under the Video Privacy Protection Act (VPPA), alleging that Hubbard shares video viewing history of subscribers via use of Meta Pixel.
Ade v. Hubbard Broadcasting, Inc. (N.D. Ill. 2022). Obtained dismissal of a putative class action under the Video Privacy Protection Act (VPPA), alleging that Hubbard shares video viewing history of subscribers via use of Meta Pixel.
Chapman v. Pennsylvania Department of Health (M.D. Pa. 2021). Obtained dismissal of Pennsylvania Department of Health in class action premised on vendor’s breach of personal medical information collected as part of COVID-19 tracking program.

Keystone Valley Regional Volleyball Association v. SportsEngine (E.D. Pa. 2021). Successful representation of Sports Engine, a SaaS provider and affiliate of NBC Sports, in an action seeking a preliminary injunction to require Sports Engine to implement additional security controls in its software.
Lathorio Scott v. Playboy (C.D. Ca. 2021). Obtained dismissal of Playboy in wiretap litigation under Florida state law premised on company’s use of “session replay” software.
Data Aggregator Investigation (2021). Representation of major data aggregator in NY DFS investigation relating to the exposure of driver’s license information in online insurance quote tools.
Ung v. Universal Acceptance Corp. (D. Mn. 2016). Successful representation of an auto finance company in a bet-the-company TCPA (Telephone Consumer Protection Act) action with damage allegations of more than $100 million. Defeated class certification and prevailed on summary judgment on grounds that UAC had not used an auto-dialer within meaning of TCPA.
Dasher v. RBC Bank, MDL No. 2036 (S.D. Fla. 2012). Successful representation of national bank in overdraft litigation, asserting eight-figure losses relating to use of decisioning tools for processing of debit card transactions that trigger overdraft fees. Successful defense of settlement against objector claims in Eleventh Circuit.
Casayuran v. PNC Bank, MDL No. 2036 (S.D. Fla. 2011). Successful representation of national bank in overdraft litigation, asserting nine-figure losses relating to use of decisioning tools for processing of debit card transactions that trigger overdraft fees.
In re Seroquel Products Liability Litigation, MDL. No. 1769 (M.D. Fla 2009). Representation of Astra Zeneca regarding effect of French, German and U.K. data protection laws on discovery of clinical trial and other information in U.S. products liability litigation.
In re Vioxx (N.J. Superior Court 2007). Successful representation of Merck in a civil action seeking publication of anonymized clinical data valued at $1 billion. Using a re-identification analysis, successfully persuaded the court that publication would reveal private health information of 95 percent of clinical trial patients. Represented party regarding effect of French blocking statute and U.K. Data Protection Act on discovery in U.S. litigation.

Crisis Management & Incident Response

Represented an international fintech in connection with ransomware attack of vendor systems by Maze/Ragnar threat actors. Attack resulted in exfiltration and exposure of 500 GB of customer data. Assisted in defense of client in follow-on SEC investigation.
Representing international toy manufacturer in ransomware attack by Hive threat actors, managing US and EU reporting obligations.
Represented international household appliance manufacturer in ransomware attack involving exfiltration of 50 GB of consumer and employee data.

Privacy Counseling

Advised clients in identifying technologies that constitute AI under existing privacy laws, such as GDPR and CCPA, that trigger additional compliance requirements and risk assessments. These technologies include employee screening and monitoring tools, facial recognition AI, etc.
Advised clients regarding AI biometric scanning technologies covered under U.S. biometric laws
Counseled multiple tech startups on compliance with U.S. biometric laws in connection with development of facial surveillance software.

Professional Highlights

Professional Activities

The Sedona Conference Institute
Member, International Data Privacy, eDiscovery, and Cross-Border Data Transfer Issues Working Groups

Defense Research Institute

IAPP

ARMA

Recognition & Accomplishments

JD Supra Readers' Choice Award, Top Author in Cybersecurity and Data Privacy, 2023

The Legal 500 US, Dispute resolution - E-discovery, 2019

Speaking Engagements

Speaker, "Risk Management & Cyber Security: What You Don't Know Can Kill You," CEO Connection Mid-Market Convention, Philadelphia, September 23, 2019

"Emerging Data Security Laws: An Innovation Opportunity," Comcast Labs Connect's Security by the Schuylkill, Philadelphia, April 16, 2019

Speaker, "The California Consumer Privacy Act: What Comes Next?" Ballard Spahr webinar, March 20, 2019

Co-host and Moderator, "Ghosts in the Machine: Data Privacy, Cybersecurity & the Evolving Face of Risk," Thomson Reuters Legal Executive Institute Concordant Crossroads: Regulation and Innovation in the Automotive Industry, New York City, October 2018

"From Brussels with Love: A GDPR Valentine's Day Special," Ballard Spahr webinar, February 14, 2018

"Preventing Internal Breaches: The Critical Role of Corporate Counsel," BloombergLaw/UnitedLex webinar, February 13, 2018

"The Legal Impact of Autonomous Vehicle Connectivity (Part Two)," Thomson Reuters Legal Executive Institute podcast, February 6, 2018

"The State of Cybersecurity Report: A Preview of the 2018 Report," ACC Foundation Cybersecurity Summit, Washington, D.C., February 6, 2018

"Ethics for Discovery 2017," Practising Law Institute, New York, July 12, 2017

"Countdown to GDPR: Practical and Technological Solutions for Compliance," Delaware State Ballard Spahr CLE, Philadelphia, May 10, 2017

"Game of Drones, Autonomous Vehicles, and Other Connected Devices," Delaware State Bar Association, Wilmington, April 12, 2017

"Higher Education and the Changing Administration," Ballard Spahr webinar, February 23, 2017

"The State of Cybersecurity Report," ACC Cybersecurity Summit, Washington, D.C., January 31, 2017

"ACC Foundation Report: Takeaways to Enhance Cybersecurity Preparedness," Ballard Spahr CLE program, Washington, D.C., September, 29, 2016

"Ethics for Discovery 2016," Practising Law Institute, New York, July 25, 2016

"Cyber Insurance," Pennsylvania Bar Institute, Philadelphia, July 11, 2016

"Worst Case Scenario – The State of Cybersecurity and Lessons Learned," ACC Mid-Year Meeting, New York, April 12, 2016

"Advanced Identity & Access Management Techniques," CISO Executive Network: Philadelphia Breakfast Roundtable 2 of 6, April 6, 2016

"The ACC Foundation Cybersecurity Report: Discussion with the ACC President and CEO Veta Richardson," Ballard Spahr CLE program, Philadelphia, February 18, 2016

"A Look at the New Federal Rules and What They Mean for Your Practice," Pennsylvania Bar Institute, Philadelphia, July 30, 2015

"Ethics for Discovery 2015," Practising Law Institute, New York, July 27, 2015

"Ethics for Discovery 2014," Practising Law Institute, New York, July 15, 2014

"How the Proposed Amendments to the Federal Rules of Civil Procedure Will Affect Discovery," Ballard Spahr CLE program, live in Philadelphia and via webinar, June 25, 2014

"E-Discovery Breakfast Briefing: Taking Control in Litigation and Regulatory Matters," The Huron Legal Institute, Philadelphia, May 20, 2014

"Ethics for Discovery 2013," Practising Law Institute, New York, July 22, 2013

"Avoiding the Pitfalls of 'Bring Your Own Device' Policies," Ballard Spahr webinar, June 12, 2013

"New Amendments to Pa. Rules of Civil Procedure On eDiscovery," Pennsylvania Bar Institute, August 8, 2012

"Ethics for Discovery 2012," Practising Law Institute, July 27, 2012

"eDiscovery & Social Media in Litigation: Practical, Legal & Ethical Issues," Camden County Bar Association, May 9, 2012

"Leveraging Predictive Coding To Focus on Litigation Strategy," Navigant Expert Insights webinar, February 8, 2012

"Data Security in the Cloud and its Implications on eDiscovery," IQPC's The 6th eDiscovery for Pharma, Biotech, and Medical Devices Industries Conference, Philadelphia, October 25, 2011

"Taxation of E-Discovery Costs Not Limited to High-Profile Cases, Says Big Firm Partner," Association of Certified E-Discovery Specialists Podcast Interview, August 17, 2011

"Ethics for E-Discovery 2010," Practising Law Institute, July 28, 2010

"Federal Rule of Evidence 502: The Changing Landscape of Discovery in the Electronic Age," Webcast by DRI's Product Liability Committee, June 3, 2010

"Data Security, Corporate Compliance and E-Discovery: Navigating the Data Morass," NJCCA's 7th Annual All-Day Conference, September 24, 2009

"Rule 502 and Its Impact on E-Discovery: Using the New Provisions to Reduce the Costs of Privilege Review Without Increasing the Risks of Waiver," ACI's E-Discovery and Document Management Conference, September 22, 2009

"Designing, Implementing, and Maintaining Document Management Policies that Survive Multi-Jurisdictional and International Discovery of Scientific E-Data," ACI's Document Management, E-Discovery, and Litigation Readiness Conference, April 1, 2008

"Responding to Electronic Discovery Requests and Preparing for Rule 26(f) Conferences," Association of Corporate Counsel's E-Discovery: Bridging the Gap between Legal and IT Seminar, July 9, 2007

"Document Retention and Disposal Management in an E-Discovery World," Ethisphere, October 15, 2006

Publications

Co-author, "Utah Privacy Law Would Be First to Require Search Warrant for Government to Access Stored Data," The National Law Review, March 28, 2019

Author, "European Union Discovery Presents Compliance Headaches for U.S. Litigants," The Legal Intelligencer, February 5, 2018

Related Insights

Credentials

Education

Temple University James E. Beasley School of Law (J.D. 1997)
Member, Political and Civil Rights Law Review
Member, Temple Moot Court
Recipient, Trial Advocacy Program's Outstanding Advocate Award

Temple University (B.A., summa cum laude, 1991)

Admissions

New Jersey

Pennsylvania

U.S. District Court for the Eastern District of Pennsylvania

U.S. Court of Appeals for the Third Circuit