Aaron Charfoos is an accomplished cybersecurity, privacy, and data protection trial lawyer. Aaron litigated his first privacy case in 2010, building on a decade of experience in patent and technology cases. Since then he has litigated various data breach and trade secret theft cases for clients. He has also guided clients through numerous data breaches and has defended clients in regulatory investigations brought by various U.S. and international regulatory bodies.
Aaron is particularly skilled in guiding clients through cybersecurity vulnerability disclosures, including the Meltdown and Spectre computer chip vulnerabilities, supply chain interdictions, and various other matters, some of which have involved both congressional and regulatory investigations.
Building on this knowledge of post-breach risks, Aaron helps companies in numerous industries (health care, financial services, technology, consumer products, and others) to develop global privacy and data security programs. This includes compliance with the EU's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and other worldwide privacy regimes.
Aaron is an adjunct professor at the Mitchell Hamline School of Law where he lectures on international data privacy, global data breach response, and data governance.
He is also a certified information privacy professional for the U.S. Sector (CIPP/US) and served as co-chair of the Chicago KnowledgeNet Chapter. Aaron retains a strong commitment to pro bono activities representing small intellectual property owners and local animal welfare organizations and serves on the Board of Directors for Temple Sholom of Chicago.
The following represents experience acquired prior to joining Jones Day.
Privacy and Data Security
Represented diversified financial services group in a data breach litigation brought against a check processing and payday loan company for negligently allowing client's check information to be compromised resulting in millions of dollars of fraudulent checks to be written.
Represented a global manufacturer on a data breach and trade secret theft by corporate insiders in China including leading the forensic analysis, isolating any additional malicious code left behind, and leading the litigation strategy.
Counseled one of the world's largest e-commerce and payments processing companies in all aspects of its GDPR compliance and cross-border data transfer systems.
Advised a major international manufacturing conglomerate on its privacy and data security systems, with a particular emphasis on meeting GDPR requirements.
Advised an OEM auto parts company in response to a data breach relating to the theft of W-2 information for employees across seven states.
Guided one of the several of world's largest automakers on the development of its privacy and data security programs for their U.S. autonomous vehicle fleets and various aftermarket parts.
Advised one of the largest construction equipment rental companies on the development of its privacy and data security programs for its Canadian and European affiliates and protecting data transfers from that region.
Advised a U.S. college on a school wide review of its privacy and data security programs, particularly with respect to information received from international applicants.
Represented a major financial institution in its development of its privacy and data protection program including compliance with European Union privacy and data transfer laws and data breach response plans.
Worked with a large, multinational automobile parts supplier on the development of its privacy policies and data breach response plan.
Represented a Fortune 20 company on a modernization outsourcing contract that was terminated by its former customer. The customer alleged that certain personally identifiable information was visible on public terminals even after users logged off. After a six-week bench trial, the court found that no data breach had occurred among other findings for the client.
Represented a financial services firm against two large competitors in a trade secret, misappropriation, trademark infringement, and breach of copyright lawsuit related to Exchange Traded Funds.
Advised a national automotive parts supplier on its Privacy Shield certification and compliance.
Advised an international metal manufacturer on compliance with the European General Data Protection Regulation, including reviewing and revising external facing privacy notices.
Lead trial counsel in a patent litigation filed against a Chinese competitor in the medical device field. After commencement of discovery and claim construction, secured a major victory for client when the competitor agreed to withdraw all accused products from the market.
Represented a Fortune 20 company on a modernization outsourcing contract that was terminated by its former customer. After successfully compelling the customer to produce tens of thousands of documents improperly held under various claims of privilege, scored a significant victory prior to trial, winning summary judgment against the customer on all of its fraud claims. After a six-week bench trial, the Marion County Superior Court awarded client more than $52 million on its claims against the former customer for payment for services rendered. The court simultaneously dismissed the customer's claims for breach of contract, including its claim for more than $1.3 billion in damages. Also successfully defended against a data privacy breach claim brought by the customer.
Defended a corporation in a lawsuit relating to mobile device management. Prior to trial, plaintiff dropped one of its patents from the litigation, and the court invalidated more than half of the claims in the remaining patent. The case was tried to a verdict in 2012. After the verdict, the judge granted defendant's JMOL motion, finding that defendant did not infringe the plaintiff's patent. Awarded one of the top 25 defense verdicts in California in 2012.
Represented plaintiffs in a multipatent lawsuit relating to peritoneal dialysis. Defendant conceded infringement on a number of patents prior to trial. The case was tried to verdict in 2010.
Defended two corporations in a patent infringement litigation. After the U.S. District Court for the District of Delaware ruled in client's favor on claim construction, the plaintiffs stipulated judgment in client's favor. The U.S. Court of Appeals for the Federal Circuit affirmed the district court's claim construction and upheld the judgment of no infringement.
Represented Chicago's largest no-kill animal organization in the prosecution of a trademark in the U.S. Patent and Trademark Office. In addition, performed a comprehensive IP asset evaluation for client to determine other areas of potential protection.
Illinois Supreme Court Rules that Plaintiff Is "Aggrieved" Under State Biometrics Statute Despite Alleging No Injury
- April 19, 2018
Hackers and the GDPR Are Coming: How Health Care Companies Can Prepare, Jones Day 2018 Health Care and Life Sciences Forum:
- March 6, 2018
Privacy and GDPR Compliance Requirements in 2018
- Northwestern University (J.D. cum laude 2002; B.A. with honors 1997)
- Illinois, U.S. Courts of Appeals for the Ninth and Federal Circuits, U.S. District Court for the Northern District of Illinois, and U.S. District Court of the Northern District of Illinois Trial Bar
Recognized multiple times in:
Illinois Super Lawyers for IP litigation
The Best Lawyers in America for privacy and data security law