Covington & Burling LLP operates as a limited liability partnership worldwide, with the practice in England and Wales conducted by an affiliated
limited liability multinational partnership, Covington & Burling LLP, which is formed under the laws of the State of Delaware in the United States
and authorized and regulated by the Solicitors Regulation Authority with registration number 77071..
Caleb Skeath advises clients on a broad range of cybersecurity and privacy issues, including cybersecurity incident response, cybersecurity and privacy compliance obligations, internal investigations, regulatory inquiries, and defending against class-action litigation. Caleb holds a Certified Information Systems Security Professional (CISSP) certification.
Caleb specializes in assisting clients in responding to a wide variety of cybersecurity incidents, ranging from advanced persistent threats to theft or misuse of personal information or attacks utilizing destructive malware. Such assistance may include protecting the response to, and investigation of an incident under the attorney-client privilege, supervising response or investigation activities and interfacing with IT or information security personnel, and advising on engagement with internal stakeholders, vendors, and other third parties to maximize privilege protections, including the negotiation of appropriate contractual terms. Caleb has also advised numerous clients on assessing post-incident notification obligations under applicable state and federal law, developing communications strategies for internal and external stakeholders, and assessing and protecting against potential litigation or regulatory risk following an incident. In addition, he has advised several clients on responding to post-incident regulatory inquiries, including inquiries from the Federal Trade Commission and state Attorneys General.
In addition to advising clients following cybersecurity incidents, Caleb also assists clients with pre-incident cybersecurity compliance and preparation activities. He reviews and drafts cybersecurity policies and procedures on behalf of clients, including drafting incident response plans and advising on training and tabletop exercises for such plans. Caleb also routinely advises clients on compliance with cybersecurity guidance and best practices, including “reasonable” security practices.
Caleb also maintains an active privacy practice, focusing on advising technology, education, financial, and other clients on compliance with generally applicable and sector-specific federal and state privacy laws, including FERPA, FCRA, GLBA, TCPA, and COPPA. He has assisted clients in drafting and reviewing privacy policies and terms of service, designing products and services to comply with applicable privacy laws while maximizing utility and user experience, and drafting and reviewing contracts or other agreements for potential privacy issues.
Advise multiple Fortune 100 clients following data and cybersecurity incidents, including subsequent internal investigations, state and federal notification obligations, and associated regulatory and litigation risks.
Represent multinational clients in responding to and successfully resolving Federal Trade Commission inquiries regarding cybersecurity, data privacy, and advertising issues.
Advise clients on compliance with regulatory and statutory cybersecurity obligations at the federal and state levels, including guidance on “reasonable” cybersecurity measures.
Advise educational technology clients regarding compliance with FERPA, COPPA, and other federal and state educational privacy laws, including the development of new educational technology offerings and negotiation of agreements involving educational data.
Represent clients facing putative class action claims under the Telephone Consumer Protection Act (TCPA) and Fair Credit Reporting Act (FCRA), including successful resolution of claims through dismissal and summary judgment.
Counsel financial clients regarding compliance with Graham-Leach-Bliley Act (GLBA) and FCRA regulations for the clients’ products and services, including assessment of legal risks and drafting of consumer notices.
Review clients’ privacy policies and terms of service for compliance with legal requirements and possible litigation or regulatory risks.
Assist with internal investigations of potential employee misconduct, including unauthorized use of or access to systems or networks, for multinational clients.
Represent a Chapter 11 bankruptcy trustee in connection with multiple adversary litigation proceedings on behalf of the estate.
University of Pennsylvania Law Review, Senior Editor
Levy Scholar
Supreme Court Clinic
American University, B.A./B.S., 2010
magna cum laude
Bar Admissions
District of Columbia
Virginia
Pro Bono
Provide guidance on FERPA and state educational privacy law requirements to a private school for children with special needs and a non-profit educational technology provider.
Draft comment to FTC on educational technology issues for non-profit educational technology provider.
Draft and review website privacy policies and terms of service for nonprofit clients.
Memberships and Affiliations
Certified Information Systems Security Professional (CISSP)
Previous Experience
United States Attorney’s Office for the District of Columbia, Intern (2012)
Racial Justice Improvement Project, American Bar Association, Lead Data & Research Coordinator (2010)
U.S. Department of Justice, Office of International Affairs, Intern (2009)
Back
