Pamela Jones Harbour

Partner

Washington, D.C.
T 202.861.1558  |  F 202.861.1783
New York
T 212.589.4212  |  F 212.589.4201

Pamela Jones Harbour serves as Co-Leader of BakerHostetler's national Privacy and Data Protection team, with a practice focusing in the areas of privacy, data protection, and antitrust law. Pamela is recognized for her knowledge in the evolving areas of competition and consumer protection law as they relate to privacy and data security issues. Pamela served as a Federal Trade Commissioner for almost seven years and spent a decade with the New York State Attorney General's Office.

Pamela was the 2010 recipient of the Electronic Privacy Information Center's (EPIC) "Champion of Freedom Award" for her defense of consumer privacy as an FTC Commissioner. While at the FTC, Pamela was frequently a leading or solo dissenter in situations where she advocated to vigorously uphold the letter and spirit of the nation's antitrust and consumer protection laws.

Select Experience

Privacy, Data, and Consumer Protection
  • Retained by Chief Legal Officer of financial services company to conduct federal and multistate data breach notification assessments, including managing forensic investigation and notification process for data breach involving data owners and third party vendors.
Antitrust/Competition
  • Represented third party in connection with $1.4 billion acquisition of portfolio company of a global asset management firm by an aviation and aeronautics corporation. Raised vertical foreclosure theories before the Department of Justice successfully attaining second request for third party.
  • Matter of Google/DoubleClick: Issued landmark Dissenting Statement in Google/DoubleClick, expressing strong belief that the FTC's analysis should have reconciled the antitrust and privacy issues raised by the merger, in keeping with the agency's dual competition and consumer protection mission and expertise. Views on privacy implications of transaction were primary impetus for invitation to testify in January 2008 as an expert witness before European Parliament on Google/DoubleClick merger and its competition and privacy implications.
  • State Oil v. Khan: Argued oil industry maximum price fixing case in the U.S. Supreme Court on behalf of 37 amici states, urging Supreme Court to maintain the per se rule against all vertical price fixing.
More »

Experience

Privacy, Data, and Consumer Protection
  • Retained by Chief Legal Officer of financial services company to conduct federal and multistate data breach notification assessments, including managing forensic investigation and notification process for data breach involving data owners and third party vendors.
  • Counseled health fitness company in complying with FTC requirements for safeguarding data, including the Children's Online Privacy Protection Act (COPPA) and CAN-SPAM.
  • Advised Fortune 500 global technology company on legal implications of children's online privacy issues.
  • Retained by clothing retailer regarding the use of sales promotions pursuant to Federal Trade Commission Advertising Guidelines.
  • Represented online subscription fashion retailer before the FTC regarding issues of common enterprise and Section 5 substantiation theories.
  • Defended technology-based financial services firm in the tax preparation industry against allegations by FTC, New York State, and Florida Attorneys General in matter related to a telemarketing program with customers seeking to launch home-based businesses, where regulators alleged Telemarketing Sales Rule, Section 5, and business opportunity violations, including $200 million in damages.
  • Represented industry-wide joint defense group in responding to civil investigative demands issued by the Consumer Financial Protection Bureau (CFPB) to financial services companies.
  • Conducted state-by-state analysis of breach notification laws applicable to personal data held by mortgage company.
  • Conducted data breach notification assessment, including managing forensic investigation and notification process for data breach involving government contractor.
  • Conducted data breach assessment for data leakage involving health information from a university medical center database.
  • Conducted analysis of privacy-related procedures to determine vulnerabilities and assess compliance with privacy laws in the U.S.
  • Advised clients on European Data Privacy Directive, including compliance programs and cross-border transfers in the context of normal business operations.
  • Assisted client to comply with EU eCookie Directive.
  • Represented Fortune 50 global technology company before the Federal Trade Commission regarding privacy and online authentication services.
  • Represented multinational software corporation in dispute with multinational Internet competitor. Retained on a five-country policy engagement related to competitive implications of privacy and data security and potential exclusionary online conduct by a dominant firm.
  • During term as FTC Commissioner served in leadership role for numerous privacy matters:
    • The FTC Workshop on Behavioral Advertising and Online Profiling: Helped formulate workshop which explored privacy implications of online profiling.
    • The FTC Workshop on RFID Technology: Helped formulate workshop which explored emergence of radio frequency identification technology and its implications for businesses and consumers.
    • U.S. v. ChoicePoint Inc.: Negotiated, at Commission level, $10 million civil penalty and $5 million redress for data security breach which led to compromise of financial records of more than 163,000 consumers and FCRA violations.
    • Sears Holding Management Corp.: Negotiated, at Commission level, consent order challenging company's practice of inviting consumers to download software allowing online browsing to be monitored without adequate disclosure
    • CVS Caremark Corp.: Negotiated, at Commission level, consent order alleging pharmacy chain failed to implement reasonable procedures for securely disposing of personal information.
    • TJX Companies, Inc.: Negotiated, at Commission level, consent order alleging company created unnecessary risk by storing and transmitting personal information in plain text and failing to use readily available security.
    • Reed Elsevier Inc.:  Negotiated, at Commission level, consent order alleging companies created unnecessary risk to personal information by failing to require periodic changes of user credentials.
    • Guidance Software: Negotiated, at Commission level, consent order alleging company's failure to take reasonable security measures to protect sensitive consumer data contradicted security promises on website.
    • DSW, Inc.: Negotiated, at Commission level, consent order challenging as unfair trade practice shoe store’s failure to take appropriate security measures to protect sensitive consumer data.
    • BJ's Wholesale Club: Negotiated, at Commission level, consent order challenging as unfair practice warehouse store’s failure to take appropriate security measures to protect sensitive consumer information.
Antitrust/Competition
  • Represented third party in connection with $1.4 billion acquisition of portfolio company of a global asset management firm by an aviation and aeronautics corporation. Raised vertical foreclosure theories before the Department of Justice successfully attaining second request for third party.
  • Represented medical association and produced legal analysis of potential anticompetitive consequences related to the disclosure of medical device prices.
  • Represented Fortune 50 global technology company domestically and abroad on the legal and policy implications of competition and privacy in online markets.
  • Advised State Attorneys General on issues of antitrust law as they relate to search engines and consumer privacy.
  • Advised foreign governments in Asia, India, Europe, Israel, Australia, and New Zealand on privacy and competitive implications of online markets.
  • Testified in Congress as expert witness regarding data as an antitrust product market and related privacy implications.
  • Represented private equity investment firm, backed by major airline, to buy and merge two Canadian airlines.
  • Authored and submitted innovative “Open Letter to the Supreme Court” in the Leegin case, where court considered the longstanding antitrust prohibition on resale price maintenance (RPM). Has testified numerous times in Congress and oversaw series of public FTC workshops to empirically examine the effects of RPM on consumer prices.
  • Matter of Google/DoubleClick: Issued landmark Dissenting Statement in Google/DoubleClick, expressing strong belief that the FTC's analysis should have reconciled the antitrust and privacy issues raised by the merger, in keeping with the agency's dual competition and consumer protection mission and expertise. Views on privacy implications of transaction were primary impetus for invitation to testify in January 2008 as an expert witness before European Parliament on Google/DoubleClick merger and its competition and privacy implications.
  • State Oil v. Khan: Argued oil industry maximum price fixing case in the U.S. Supreme Court on behalf of 37 amici states, urging Supreme Court to maintain the per se rule against all vertical price fixing.
  • New York v. Reebok: Lead Counsel in 50-state RPM suit resulting in multimillion-dollar national consumer settlement. Argued case on behalf of states in U.S. Court of Appeals for the Second Circuit.
  • State v. Keds: Lead Counsel in 50-state RPM suit resulting in multimillion-dollar national consumer settlement.
  • State v. Primestar Partners: led three-year multi-state/U.S. DOJ investigation of cable television industry, resulting in a 45-state settlement with the nation's largest cable companies curbing the industry's monopolistic practices and opening the market to other forms of competition.
  • States v. Mitsubishi:  co-counsel in 50-state suit resulting in multimillion-dollar national consumer settlement.
  • New York v. Brown: landmark application of antitrust principles in New York's successful commerce clause challenge to restrictive New Jersey agricultural regulations.

Recognitions

  • New York State Bar Association: Kay Crawford Murray Award for Distinguished Legal Career and Advancing the Professional Development of Women Attorneys (2012)
  • EPIC Champion of Freedom Award (2010)
  • Federal Trade Commission: Award for Distinguished Service, In Recognition of Exemplary Service as Commissioner of FTC (2010)
  • New York State Bar Association, Antitrust Law Section: Annual Award for Distinguished Service to the Section and Legal Profession (2005)

Memberships

  • American  Bar Association
    • Commission on Women in the Profession, Commission Liaison (2001 to 2003)
    • Antitrust Section
      • Consumer Protection officer (2012 to present)
      • Council Member (2010 to  2012)
      • Section Delegate (2001 to 2003)
      • Council Member (2007 to 2001) 
      • State Enforcement Committee, Chair (1995 to 1997)
      • State Enforcement Committee, Vice-Chair (1992 to 1995)
  • New York State Bar Association
    • Antitrust Section
      • Chair (2003 to 2004)
      • Vice Chair (2002 to 2003)
      • Secretary (2001 to 2002)
      • Executive Committee Member (1992 to 2003)
  • Cloud Security Alliance: Legal Working Group
    • Co-Chair (2011)
  • Electronic Privacy Information Center (EPIC): Advisory Board Member (2010 to present)
  • Center for Democracy and Technology
    • Board of Directors (2010 to 2012)
  • Future of Privacy Forum
    • Advisory Board Member (2010 to present)
  • Wired Safety
    • Advisory Board President (2010 to present)
  • New York City Campaign Finance Board: Member (2000 to 2003)
  • New York State Chief Judge Judith Kaye's Commission on Public Access to Court Records: Member (2003 to 2003)

Community

  • Loyola University: Institute for Consumer Antitrust Studies
    • Advisory Board (2001 to 2003, 2010 to present)

Services

Prior Positions

  • Norton Rose Fulbright: Partner (2010 to 2013)
  • Federal Trade Commission: Commissioner (2003 to 2010)
  • Kaye Scholer: Partner (1999 to 2003)
  • New York State Attorney General's Office (1987 to 1999)
  • New York State Department of Transportation (1984 to 1987)

Admissions

  • District of Columbia
  • New York

Education

  • J.D., Indiana University School of Law, 1984
  • B.M., Indiana University School of Music, 1981

Blog

In The Blogs

Previous Next
Data Privacy Monitor
When Acting to Prevent Data Breaches and Comply with Privacy Laws, Remember Overarching Employee Rights
August 26, 2014
The grocery business may be “fresh and easy,” but drafting a confidentiality and data protection policy that withstands the scrutiny of the current National Labor Relations Board (NLRB) is not.  The NLRB, in its recent 2-1 Fresh & Easy...
Read More ->
Data Privacy Monitor
Secret Service Raises Warning About Backoff POS Malware
August 25, 2014
The Secret Service, which investigates financial crimes, issued a security Alert on July 31, 2014, warning of malware named “Backoff” that was being used to steal payment card data from point-of-sale (POS) systems.  The Alert notes that...
Read More ->
Data Privacy Monitor
New Jersey Becomes the Sixth State to Ban the Box for Private Employers
August 25, 2014
Criminal background questions on employment applications will no longer be permitted in New Jersey, effective March 1, 2015. New Jersey joins Hawaii, Illinois, Massachusetts, Minnesota, and Rhode Island to become the sixth state to ban the...
Read More ->
Data Privacy Monitor
New Guidance for Merchants on Ensuring that Service Providers Share Security Responsibility
August 18, 2014
For merchants, long gone are the days of using a card reader with a dial-up connection to their payment processor. Today’s omni-channel retailers rely on multiple third party service providers to complete payment card transactions. These...
Read More ->
Data Privacy Monitor
What Companies Can Do to Protect Themselves in the Face of Yet Another Massive Data Breach
By Jenna N. Felz
August 12, 2014
Last week it was reported that a small group of Russian computer hackers illegally obtained an unprecedented quantity of internet credentials, including 1.2 billion username and password combinations, and over 500 million unique email...
Read More ->