Biography
Matthew Coleman is a trusted advisor to global companies on privacy, artificial intelligence (AI), cybersecurity, and data governance. He is known for helping organizations develop world-class products enabled by digital trust and for implementing practical, scalable solutions to complex regulatory requirements in the digital age. His work bridges legal strategy and technical implementation, enabling clients to innovate while maintaining strong compliance foundations.
At Orrick, Matthew leads the data protection team, supporting clients in building comprehensive privacy, AI, and cybersecurity programs that comply with state, federal, and international laws. He guides clients through compliance with regulations such as the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), U.S. state AI laws, Illinois’ Biometric Information Privacy Act, Washington’s My Health My Data Act, CAN-SPAM, COPPA, FCRA, GLBA, TCPA, and state-specific breach notification and biometric privacy statutes. His guidance ensures that companies meet legal requirements while preserving flexibility for innovation and growth.
Matthew is deeply involved in mergers and acquisitions and data licensing transactions, identifying privacy and data security risks and helping clients structure deals to achieve business objectives securely and efficiently. He also counsels organizations on cybersecurity preparedness, including leading rapid responses to data breaches. His responsibilities include overseeing investigations, coordinating remediation efforts, managing consumer and regulatory notifications, and engaging with government authorities as needed.
A key aspect of Matthew’s practice is advising on self-regulatory frameworks for privacy and security, including NIST, ISO, AICPA, and OECD standards for AI risk management and cybersecurity. He helps clients align with industry best practices such as the Digital Advertising Alliance (DAA), European Interactive Digital Advertising Alliance (EDAA), Interactive Advertising Bureau (IAB), Network Advertising Initiative (NAI), Payment Card Industry Data Security Standard (PCI DSS), EU-U.S. Data Privacy Framework, Binding Corporate Rules (BCRs), and Asia-Pacific Economic Cooperation Cross-Border Privacy Rules (APEC CBPRs).
In addition to regulatory work, Matthew serves as product counsel for emerging technologies such as AI and blockchain. His expertise in data management enables clients to satisfy regulatory obligations while promoting innovation and interoperability. He applies a risk-based approach to policy development that governs the lifecycle of personal information and manages data relationships with vendors, employees, acquired entities, and creditors. By integrating privacy into product development and change management processes, he supports organizations in embedding privacy by design.
Matthew’s insights are informed by his prior experience with the Federal Trade Commission (FTC). Before joining Orrick, he was Enterprise Privacy Solutions Manager at TrustArc (formerly TRUSTe), a privacy consulting and certification firm in San Francisco. He has also served as an adjunct professor of Privacy Law at Santa Clara University.
Matthew is a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional (CIPP/US), demonstrating his specialization in U.S. privacy law. His commitment to advancing best practices in global data protection makes him a sought-after counselor for organizations navigating the evolving landscape of privacy, cybersecurity, and digital trust.
