Matthew Richardson

Biography

Matthew Richardson is a partner in the firm’s Cybersecurity & Data Privacy and Digital Commerce groups. Matthew provides clients with cutting-edge legal solutions in the digital realm; and his experience bridges the dynamic intersection of corporate transactional law and the intricate world of high-tech legislation, making him an invaluable asset to clients navigating the complexities of the digital age.

Matthew’s acumen extends through data protection and privacy, intellectual property, commercial law, cybercrime and public law, with an emphasis on the legalities surrounding digital commerce and fintech. His practice is bolstered by an in-depth knowledge of franchising and an astute understanding of issues like cyber harassment, digital forensics and the nuances of electronic communications.

His robust legal portfolio is complemented by an impressive array of advanced engineering qualifications, which equip him with the rare ability to grasp and articulate the technical nuances of IT and high-tech cases with remarkable speed and clarity. Matthew is responsible for several advancements in IT law, including the first injunction served by Twitter, and the first injunction to prevent the use of an illegal bit-torrent. He has also represented and advised in many related areas, including novel hi-tech injunctions, online harassment, data protection matters, domain name disputes, online infringement of moral rights, online infringement of trademarks and copyright, software contracts, telecoms disputes, negligence in software design, online breach of confidence, multijurisdictional IT matters, database rights and bitcoin disputes.

As an authority in data protection and cybersecurity law, his experience is sought after globally. He has consulted for governments on legislative frameworks and advised multinational data controllers and processors on their privacy regimes, representing clients in some of the most significant global data protection and cyber law cases. Matthew excels in partnering with clients to quickly respond effectively to data breaches and cyberattacks, providing critical guidance in establishing robust incident response protocols, ensuring swift and compliant navigation through these complex and often critical situations. His experience in this space is preventative and reactive, offering a comprehensive approach to every cybersecurity challenge he is engaged to help with. He is also well-versed in the tactics and procedures necessary to retrieve stolen funds stemming from cyberattacks and breaches; from conducting investigations and liaising with financial institutions to bringing the matter to the courtroom, he prides himself in helping clients create and implement plans and procedures to safeguard their businesses from future incidents.

In the courtroom, Matthew represents clients in multifaceted domains, including high-profile proceedings and cases featuring super-injunctions and anonymous parties. A fully qualified barrister in England, he has represented clients at all levels, from the County Court to the Supreme Court, as well as in the Employment Appeals Tribunal and several other specialist tribunals. His judicial contributions also include a term as a magistrate in Central London, further testifying to his breadth of legal experience and commitment to public service, and he is also admitted to the Bar of the Eastern Caribbean Supreme Court (BVI).

His publication "Cyber Crime: Law and Practice" (2nd Edition, 2019) is hailed as a seminal practitioner text and reflects his status as a thought leader in this rapidly developing field.

Outside the courtroom, Matthew dedicates time to educating others as a frequent lecturer on legal considerations related to data and privacy, franchising and startup. His insights are sought for conferences and academic forums, where he speaks on the evolving challenges and legal considerations in the technology and digital landscape.

His legal prowess, augmented by his technical skill and global perspective, solidifies his reputation as a leading lawyer in corporate, cyber, data privacy and digital commerce laws and as a trusted advisor to those he represents.

Work Highlights

Healthcare company that had $24 million stolen in a business email compromise fraud. We were able to act quickly while the breach was ongoing, recovering $23.4 million.

Financial services company in a complex global data breach affecting more than 1 million individuals. We advised on reporting obligations in 190 jurisdictions worldwide, working with regulators and achieving a “best case scenario” outcome for the client, avoiding regulatory exposure in the tens of millions of dollars.

International hotel chain in recovering multiple millions in stolen funds after bank accounts were compromised. Worked closely with regulators to prevent this breach from delaying an M&A transaction and helped preserve enterprise value in the multiple millions of dollars.

International membership organization in recovering $3.8 million after the organization suffered a breach and lost $4 million, where the breach was not noticed for several months.

Data start-up company that was due to be sold and had few data protection procedures in place, jeopardizing the sale. We put procedures and policies in place, and organized the data to facilitate the sale.

Online search engine in advising on corporate, regulatory and data privacy matters.

Membership-based marketing group in a cyber security breach.

Restaurant chain in recovery of corporate data after a data breach incident.

Online social casino in a data breach response.

Some of Matthew’s notable matters prior to joining Brown Rudnick include:

Private individual in obtaining landmark privacy injunction: Obtained a landmark injunction in the High Court of England and Wales in London’s Technology and Construction Court prohibiting downloading specific files shared via BitTorrent technology. After Matthew’s client’s mobile phone, containing intimate photos, was stolen, criminals uploaded the intimate photos to a bit torrent site and subjected her to blackmail and harassment. Matthew was able to secure a court injunction that stopped the file seeding and criminalized the conduct, an important ruling protecting individual privacy rights in the U.K. AMP v. Persons Unknown.

Lifestyle Management in obtaining groundbreaking injunction: Obtained a groundbreaking injunction for Lifestyle Management, an investor services company, against a disgruntled former employee. The former employee created several “grudge” sites using similar domain names to Lifestyle’s main website, but which denigrated Lifestyle and disclosed confidential Lifestyle information. The High Court of England and Wales in London’s Technology and Construction Court granted the injunction, directing the former employee to remove the offending content. Lifestyle Management v. Frater.

Private individual in first-of-its-kind service effected on Twitter: In a first-of-its-kind case, Matthew effected service of process on defendant via direct messaging on Twitter. Matthew’s client, a solicitor and political blogger, sought to stop an unknown individual impersonating him on Twitter. After the defendant identified himself on the social media platform, settlement was reached. This case was widely reported in the press for its novel use of social media for service in the Chancery Division of the High Court of England and Wales. Donal Blaney v. Persons Unknown.

Solicitor in alleging conspiracy by the Law Society: Matthew represented a tax solicitor who had been subject to a criminal investigation instituted by the Serious Fraud Office and then struck from the Roll of Solicitors by the Law Society. Matthew represented the solicitor in High Court proceedings against the Solicitors Disciplinary Tribunal and other individuals, alleging that his client had been the victim of a conspiracy. Baxendale-Walker v. Middleton & Ors.

Lender in UK Supreme Court case. Matthew represented a lender in a Supreme Court case against individual borrowers which revolved around the definition of “credit” under the Consumer Credit Act. Southern Pacific Personal Loans v. Walker.

Education

George Mason University Antonin Scalia Law School – LL.M., U.S. Law

Northeastern University – Doctor of Law and Policy (DLP)

Inns of Court School of Law – Bar Vocation Course

College of Law, London – Graduate Diploma in Law

St. Peter’s College, Oxford – MEng. (Hons)

Bar Admissions

District of Columbia

Barrister, England & Wales

Barrister, Eastern Caribbean Supreme Court (BVI)

News
"SEC cybersecurity enforcement outlook uncertain as Trump 2.0 looms," CFO Dive (December 17, 2024)
"AI Surge, Vendor Risks Fuel Election Security Concerns," Law360 (October 25, 2024)
"For Some Companies, the Real Cost of a Cyberattack Is Telling Everyone About It," WSJ (October 16, 2024)
"In ChannelE2E, Partner Matthew Richardson Explains the Liability Implications of the Global CrowdStrike Incident" (July 25, 2024)
"CrowdStrike Outage: Legal Experts Weigh in on Liability Implications," ChannelE2E (July 23, 2024)
"Has my data been breached in 2024?" ConsumerAffairs (May 30, 2024)
"In The Computer & Internet Lawyer, Partner Matthew Richardson Highlights Rogue AI Chatbots" (May 7, 2024)
"In NYLJ, Partner Matthew Richardson and Associate Morgan Jones Offer Guidance on Responding to Data Breaches" (March 6, 2024)
"In Law360 Interview, Partner Matthew Richardson Reveals What GCs Should Know as More States Pass Privacy Reforms" (July 26, 2023)
"What GCs Should Know As More States Pass Privacy Reforms," Law360 (July 24, 2023)
"Partner Matthew Richardson Discusses EU-US Data Transfer Deal in Law360 Analysis" (July 17, 2023)
"EU-US Data Transfer Deal Finalized, But Will It Stick Around?" Law360 (July 10, 2023)
“Firm’s Tech-Focused Groups Set New Records for Deal Activity in 2022” (March 2, 2023)
“Legal Tech's Predictions for Privacy in 2023,” Legaltech News (January 17, 2023)
“Brown Rudnick Nabs Anderson Kill Crypto, E-Commerce Team,” Law360 (September 1, 2022)
“Firm’s Digital Commerce Practice Becomes Global Powerhouse With Addition of Multipartner Group,” Brown Rudnick Press Release (September 1, 2022)

Publications
Co-author, "New Cybersecurity Requirements for Data Flows from the US to China, Russia and Other Sanctioned Countries," New York Law Journal (May 22, 2025)
"Corporate Boards Must Assess Who’s Responsible for AI Oversight," Bloomberg Law (May 5, 2025)
Co-author, "AI Explosion Complicates Reporting and Regulation for Companies," Bloomberg Law (April 17, 2025)
Co-author, "AI-Washing: SEC Enforcement Awareness," Legaltech News (April 2, 2025)
Co-author, "AI's Takeover of Sports: Navigating the Legal Implications," AI Business (February 26, 2025)
Co-author, "Navigating cybersecurity and corporate espionage risks to the oil and gas industry," Thomson Reuters Westlaw Today (December 20, 2024)
Co-author, "Navigating and mitigating climate-related litigation risks to the oil and gas industry," Thomson Reuters Westlaw Today (December 10, 2024)
"When Chatbots Go Rogue: Lessons for Businesses," The Computer & Internet Lawyer (June 2024)
"US-UK AI Safety Partnership: Implications for Businesses," Brown Rudnick Briefings (April 15, 2024)
Co-author, "Building Your AI Model the Right Way – Part III: A Guide for Boards," Brown Rudnick Briefings (March 26, 2024)
Co-author, "Lessons for Businesses: Navigating AI Claims in a Regulatory Landscape," Brown Rudnick Briefings (March 18, 2024)
"When Chatbots Go Rogue: Lessons for Businesses," Brown Rudnick Briefings (March 18, 2024)
Co-author, "When Global Reach Can Mean Global Breach," New York Law Journal (March 5, 2024)
Co-author, "Kochava: The Geolocation Data Saga," Brown Rudnick Briefings (February 5, 2024)
Co-author, "EU AI Act: Deep Dive into Its Impact on Corporate Finance, VC, Exits," Brown Rudnick Briefings (January 10, 2024)
Co-author, "The EU AI Act: Navigating the First Global AI Regulation for Businesses," Brown Rudnick Briefings (December 16, 2023)
Co-author, "FCC Takes Bold Step in Partnering With State Attorneys General in Enforcement Activity to Protect Consumer Privacy," Brown Rudnick Briefings (December 13, 2023)
"SolarWinds Fraud Case Shows 'Cyber Risks Are Real Risks'," Brown Rudnick Briefings (November 6, 2023)
Co-author, "General Data Protection Regulation Fine ... Overturned!" Brown Rudnick Alert (October 31, 2023)
Co-author, "Biden Administration Releases Sweeping Executive Order Regarding Artificial Intelligence," Brown Rudnick Briefings (October 30, 2023)
"Data Breaches of 2023: And the Award Goes to..." Brown Rudnick Briefings (July 17, 2023)
"What Can the 'Real Slim Shady' Teach Us About Contracts in the AI Era?" Brown Rudnick Briefings (July 12, 2023)
"Good Grief: Will the EU-US Data Privacy Framework Adequacy Decision Stick?" Brown Rudnick Briefings (July 9, 2023)
"AI Chatbots Pose Personal Data Concerns," Brown Rudnick Briefings (April 6, 2023)
Co-author, "Startups and Smaller Companies Are on the Radar for Privacy Enforcement," Brown Rudnick Briefings (October 25, 2022)
“Decoding DAOs Amid CFTC Suit,” Brown Rudnick Briefings (October 5, 2022)
“Cyber Crime: Law and Practice," Wildy Simmonds and Hill, 2nd Ed. (November 1, 2019)

Speaking Engagements
"AI & Data Privacy – Navigating Legal Challenges," Brown Rudnick's Global Blockchain Conference (April 3, 2025)
"Navigating the Intersection of Privacy and AI," Brown Rudnick's The Future of AI Event (September 19, 2024)
"Crisis Management Tips: Navigating the Legal Ramifications of the Global Microsoft Outage," Brown Rudnick Webinar (July 29, 2024)
"Fireside Chat with Chris Cheung of TenSquared and Matthew Richardson of Brown Rudnick," Brown Rudnick Global Blockchain Conference (April 18, 2024)
"What is OK with AI?" Propelify Innovation Festival (October 5, 2023)
“Fireside Chat with Professor Emma Edhem,” Brown Rudnick Global Blockchain Conference (April 20, 2023)

Professional Affiliations
Institution of Engineers and Technologists
Society of Computers and Law
George Mason University Antonin Scalia Law School, Faculty