Aaron D.Charfoos


Chicago + 1.312.269.4242

Aaron Charfoos is an accomplished cybersecurity, privacy, and data protection trial lawyer. Aaron litigated his first privacy case in 2010, building on a decade of experience in patent and technology cases. Since then he has litigated various data breach and trade secret theft cases for clients. He has also guided clients through numerous data breaches and has defended clients in regulatory investigations brought by various U.S. and international regulatory bodies.

Aaron is particularly skilled in guiding clients through cybersecurity vulnerability disclosures, including the Meltdown and Spectre computer chip vulnerabilities, supply chain interdictions, and various other matters, some of which have involved both congressional and regulatory investigations.

Building on this knowledge of post-breach risks, Aaron helps companies in numerous industries (health care, financial services, technology, consumer products, and others) to develop global privacy and data security programs. This includes compliance with the EU's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and other worldwide privacy regimes.

Aaron is an adjunct professor at the Mitchell Hamline School of Law where he lectures on international data privacy, global data breach response, and data governance.

He is also a certified information privacy professional for the U.S. Sector (CIPP/US) and served as co-chair of the Chicago KnowledgeNet Chapter. Aaron retains a strong commitment to pro bono activities representing small intellectual property owners and local animal welfare organizations and serves on the Board of Directors for Temple Sholom of Chicago.


  • BioFire Diagnostics defends trade secret and breach of contract case relating to medical diagnostic technologiesJones Day is representing BioFire Diagnostics, LLC in a $100 million trade secret and breach of contract action brought by US Medical Networks LLC relating to medical diagnostic technologies.
  • LORD Corporation acquired by Parker Hannifin for $3.675 billionJones Day advised LORD Corporation in its $3.675 billion acquisition by Parker Hannifin Corporation.
  • Conagra Brands sells Direct Store Delivery snacks business to Utz Quality Foods, LLCJones Day advised Conagra Brands, Inc. in connection with its divestiture of its Direct Store Delivery snacks business to Utz Quality Foods, LLC.
  • Global manufacturing company responds to disclosure of potential vulnerabilities in its productsJones Day lead a global manufacturing company's response to the disclosure of potential vulnerabilities in its products.
  • Silicon Valley information technology company investigates its international supply chain and network securityJones Day is leading an internal investigation into a multinational information technology company's supply chain and computer network security, and is representing the company in a related SEC investigation.
  • Computer hardware company responds to alleged supply network security attackJones Day is representing a computer hardware company in response to an alleged supply network cybersecurity attack.
  • Norwest Equity Partners acquires Arteriors HomeJones Day represented Norwest Equity Partners in connection with the acquisition and related financing of 4M Capital, Ltd. d/b/a Arteriors Home, a leading designer and supplier of artisanal lighting, furnishings, and home décor accessories.
  • LendingTree acquires ValuePenguin for $105 millionJones Day advised LendingTree, Inc. in its $105 million acquisition of Value Holding Inc., the parent company of ValuePenguin.com, a personal finance website that conducts in-depth research and analysis on a variety of topics from insurance to credit cards.
  • PolyOne acquires Fiber-Line for $120 millionJones Day advised PolyOne Corporation, a premier global provider of specialized polymer materials, services, and solutions, in its $120 million acquisition of Fiber-Line, a global leader in customized engineered fibers and composite materials.
  • Conagra Brands acquires Pinnacle Foods for $10.9 billion in cash and stockJones Day advised Conagra Brands, Inc. in connection with the acquisition and related financing of Pinnacle Foods Inc. in a $10.9 billion merger.
  • Marathon Petroleum acquires Andeavor in deal valued at $23.3 billionJones Day advised Marathon Petroleum Corp. (NYSE: MPC) in connection with the acquisition and related financing of Andeavor (NYSE: ANDV) to create a leading U.S. refining, marketing, and midstream company.
  • Global pharmaceutical company implements global data governance structureJones Day is assisting a global pharmaceutical company in implementing a global data governance structure including clinical data, sales and marketing data, and employee information.
  • Access solutions and products company responds to EU GDPR data breach following failure of servers at data center impacting EU residentsJones Day is representing an access solutions and products company in a EU GDPR data breach following a failure of servers at a data center impacting EU residents, as well as notifying relevant Supervisory Authority.
  • eCommerce and digital marketing company responds to unauthorized disclosure of personal data in public marketing campaignJones Day represented an eCommerce and digital marketing company in response to unauthorized disclosure of personal data in a public marketing campaign including reporting and coordination with Supervisory Authority in the EU.
  • The following represents experience acquired prior to joining Jones Day.

    Privacy and Data Security

    Represented diversified financial services group in a data breach litigation brought against a check processing and payday loan company for negligently allowing client's check information to be compromised resulting in millions of dollars of fraudulent checks to be written.

    Represented a global manufacturer on a data breach and trade secret theft by corporate insiders in China including leading the forensic analysis, isolating any additional malicious code left behind, and leading the litigation strategy.

    Counseled one of the world's largest e-commerce and payments processing companies in all aspects of its GDPR compliance and cross-border data transfer systems.

    Advised a major international manufacturing conglomerate on its privacy and data security systems, with a particular emphasis on meeting GDPR requirements.

    Advised an OEM auto parts company in response to a data breach relating to the theft of W-2 information for employees across seven states.

    Guided one of the several of world's largest automakers on the development of its privacy and data security programs for their U.S. autonomous vehicle fleets and various aftermarket parts.

    Advised one of the largest construction equipment rental companies on the development of its privacy and data security programs for its Canadian and European affiliates and protecting data transfers from that region.

    Advised a U.S. college on a school wide review of its privacy and data security programs, particularly with respect to information received from international applicants.

    Represented a major financial institution in its development of its privacy and data protection program including compliance with European Union privacy and data transfer laws and data breach response plans.

    Worked with a large, multinational automobile parts supplier on the development of its privacy policies and data breach response plan.

    Represented a Fortune 20 company on a modernization outsourcing contract that was terminated by its former customer. The customer alleged that certain personally identifiable information was visible on public terminals even after users logged off. After a six-week bench trial, the court found that no data breach had occurred among other findings for the client.

    Represented a financial services firm against two large competitors in a trade secret, misappropriation, trademark infringement, and breach of copyright lawsuit related to Exchange Traded Funds.

    Advised a national automotive parts supplier on its Privacy Shield certification and compliance.

    Advised an international metal manufacturer on compliance with the European General Data Protection Regulation, including reviewing and revising external facing privacy notices.

    Intellectual Property

    Lead trial counsel in a patent litigation filed against a Chinese competitor in the medical device field. After commencement of discovery and claim construction, secured a major victory for client when the competitor agreed to withdraw all accused products from the market.

    Represented a Fortune 20 company on a modernization outsourcing contract that was terminated by its former customer. After successfully compelling the customer to produce tens of thousands of documents improperly held under various claims of privilege, scored a significant victory prior to trial, winning summary judgment against the customer on all of its fraud claims. After a six-week bench trial, the Marion County Superior Court awarded client more than $52 million on its claims against the former customer for payment for services rendered. The court simultaneously dismissed the customer's claims for breach of contract, including its claim for more than $1.3 billion in damages. Also successfully defended against a data privacy breach claim brought by the customer.

    Defended a corporation in a lawsuit relating to mobile device management. Prior to trial, plaintiff dropped one of its patents from the litigation, and the court invalidated more than half of the claims in the remaining patent. The case was tried to a verdict in 2012. After the verdict, the judge granted defendant's JMOL motion, finding that defendant did not infringe the plaintiff's patent. Awarded one of the top 25 defense verdicts in California in 2012.

    Represented plaintiffs in a multipatent lawsuit relating to peritoneal dialysis. Defendant conceded infringement on a number of patents prior to trial. The case was tried to verdict in 2010.

    Defended two corporations in a patent infringement litigation. After the U.S. District Court for the District of Delaware ruled in client's favor on claim construction, the plaintiffs stipulated judgment in client's favor. The U.S. Court of Appeals for the Federal Circuit affirmed the district court's claim construction and upheld the judgment of no infringement.

    Represented Chicago's largest no-kill animal organization in the prosecution of a trademark in the U.S. Patent and Trademark Office. In addition, performed a comprehensive IP asset evaluation for client to determine other areas of potential protection.

    Speaking Engagements

    • April 19, 2018
      Hackers and the GDPR Are Coming: How Health Care Companies Can Prepare, Jones Day 2018 Health Care and Life Sciences Forum:
    • March 6, 2018
      Privacy and GDPR Compliance Requirements in 2018
    We use cookies to deliver our online services. Details of the cookies and other tracking technologies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you consent to our use of cookies.