Elfin L. Noce

Elfin Noce is special counsel in the Intellectual Property Practice Group in the firm's Washington, D.C. office. He also is a member of the Privacy and Cybersecurity Team.

Areas of Practice

Elfin counsels his clients on a wide range of data privacy and cybersecurity matters.

Elfin’s practice includes managing cyber breach response, drafting incident response plans, breach simulations, drafting privacy policies, negotiating and drafting complex technology agreements, and defending companies in cybersecurity litigation. His experience spans a wide range of privacy regimes, including CCPA, GDPR, telecommunications privacy (both the Cable Act and CPNI regulations), HIPAA, GLBA, TCPA, automated license plate reader regulations, and CALEA.

As in-house counsel at Charter Communications, Elfin led the company in operationalizing privacy, cybersecurity and technology matters. He advised on internal policies, breach investigation and response, drafting and negotiating privacy and data security contracts, and responding to legal requests for subscriber information.

He previously worked in-house advising a large employer health care plan with over 100,000 members on a wide range of legal issues, focusing in particular on the intricacies of HIPAA, including negotiating business associate agreements, day-to-day compliance issues, training, and notice drafting.

Elfin holds a CIPP/US certification from the International Association of Privacy Professionals.

Elfin also volunteers his time with the Washington Legal Clinic for the Homeless, assisting those in the Washington, DC area who are homeless, or at risk of becoming homeless, and in need of legal assistance.

Articles

Eye on Privacy Blog Posts

• "A Wake-Up Call for Data Privacy in the Telecom Sector," June 24, 2024
• "Don’t Forget Deception: FTC and Biometrics," June 13, 2023

• "EyeMed Data Breach Multistate Settlement," May 18, 2023

• "White House Releases Guidance on AI," November 10, 2022
• "NYDFS’s $4.5 Million EyeMed Cyber Settlement Reminder To Industry," November 1, 2022
• "Implications of SEC’s Scrutiny of Data Use Representations," November 16, 2021
• "Connecticut Enacts New Cybersecurity Safe Harbor," July 22, 2021

• "What Does the Fifth Circuit’s Vacating of HHS HIPAA Fines Mean for Companies This Year?" February 8, 2021

• "FTC Settles Over Alleged Failure to Manage Service Providers," January 7, 2021

• "FTC Settles with Travel Services Provider Over Security Issues," December 28, 2020

• "NIST Finalizes Guidance on Security and Privacy Control Baselines – SP 800-53B," November 6, 2020

• "Israel Follows Europe’s Lead on Privacy Shield," October 12, 2020

• "NIST Issues Long-Awaited Final Guidance on Security and Privacy Controls – SP 800-53," October 5, 2020

• "NIST Issues Draft Guidance on Security and Privacy Control Baselines – SP 800-53B," August 6, 2020

• "NIST Proposes Draft Enhanced Security Requirements for Protecting CUI," July 28, 2020

• "Maine Internet Privacy Law Survives Challenge," July 21, 2020

• "NIST Releases Cybersecurity Guidance for Manufacturers of IoT Devices," June 18, 2020

• "European Parliament Weighs in on Automated Decision-Making," February 24, 2020

• "FTC Finalizes Five Settlements Regarding Privacy Shield Claims," January 22, 2020

• "NAI’s 2020 Code Effective January 1 Along with CCPA," December 17, 2019

• "New European Data Protection Board Guidance on Data Protection by Design and by Default," December 10, 2019

• "A Single Text Message May Not Violate TCPA," October 7, 2019

• "What To Do About Employees Under CCPA: An Update," September 19, 2019 
• "Illinois Joins States Requiring Breach Notice to AG," September 3, 2019
• "New York SHIELD Act Expands Breach Notice Requirements Starting in October," August 27, 2019 
• "Preparing for New York’s New Data Security Requirements," August 26, 2019 
• "Maryland Adds Requirements to Breach Notice Law," July 2, 2019 
• "Texas Breach Law Will Change in 2020, To Require Attorney General Notification," June 25, 2019 
• "Maine Passes Broadband Privacy Bill," June 12, 2019 
• "Washington Enacts Restrictions on Applicant Wage and Salary Questions," June 10, 2019 
• "Feds Want New IoT Guidance to Address Security Vulnerabilities," May 22, 2019 
• "New Jersey Breach Notice Law Expands To Cover Online Account Breaches," May 16, 2019 
• "Utah Requires Law Enforcement Search Warrants," May 14, 2019 
• "Happy First Day of Spring! Ohio Insurance Law Effective Today," March 20, 2019 
• "Cyber Concerns Lead to EU Recall of a Connected Kids Devices," February 13, 2019 
• "Court Finds Cybersecurity-Related Claims Sufficient in Securities Class Action," February 6, 2019 

FCC Law Blog Posts

• "Dialing Up Accountability: FCC’s Warning Shot to Mobile Network Operators on CPNI," May 14, 2024

• "Shutting Down the Cell Phone Scammers: The FCC Adopts Rules to Crack Down on Fraudulent Practices against Wireless Phone Users," November 30, 2023

• "ALERT: The FCC Fines Companies $20 Million for Failing to Safeguard Customer Proprietary Network Information," August 31, 2023

• "Ninth Circuit Rejects Challenges to FCC’s One-Touch Make-Ready, Small Cell Deployment, and Local Moratoria Orders," August 18, 2020

Government Contracts & Investigations Blog Posts

• "IoT Legislation Advances in Congress," September 29, 2020

Healthcare Law Blog Posts

• "HIPAA Web Tracking Guidance Vacated," June 21, 2024
• "Caught in the Web: Hospital Associations Sue OCR on Third-Party Web Tracking Guidance," November 7, 2023

Media Mentions

Events

Memberships

Certified Information Privacy Professional/U.S., International Association of Privacy Professionals