Allen is co-leader of the firm’s Privacy and Cybersecurity Team and an experienced former cybercrime prosecutor. He conducts internal cyber investigations and represents clients in government investigations, regulatory enforcement, consumer litigation, and business disputes arising from cybersecurity incidents. Prior to joining the firm, Allen helped lead the Cyber Unit at the U.S. Attorney’s Office in Washington, D.C., and received two Special Achievement Awards for his work to combat cybercrime.
When a data breach occurs, Allen works with clients’ legal and information security teams to coordinate an effective response, interface with law enforcement, and ensure compliance with data breach laws and regulations. He also counsels clients on data privacy issues, cybersecurity preparedness and due diligence, and legal aspects of computer network defense. Allen is a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals (IAPP).
In addition, Allen is an experienced trial and appellate attorney who represents clients in a broad range of civil and criminal matters. He has handled over 50 trials as well as numerous appeals, motion hearings, and investigations in state and federal court. Allen has been published in several law reviews and is frequently called upon to help address dispositive or complex legal issues that may end up on appeal.
Presentations & Publications
- Business Email Compromise Schemes, ABA White Collar Subcommittee Meeting (June 2018 in Charlotte, NC)
- Preparing for, Responding to, and Recovering from a Data Breach – The Practitioner’s Guide, N.C. Bar Association Health Law Section Annual Meeting (April 2018 in Greensboro, NC)
- Cybersecurity Law, Greensboro Cybersecurity Summit (April 2018 in Greensboro, NC)
- GDPR: Are You and Your Company Ready? British American Business Council of North Carolina (March 2018 in RTP, NC)
- The Internet, Cybercrime, and Key Legal Considerations, 2018 Festival of Legal Learning at University of North Carolina School of Law (February 2018 in Chapel Hill, NC)
- Overview of the GDPR for Colleges and Universities, North Carolina Independent Colleges and Universities (December 2017 in Greensboro, NC)
- How to Best Protect Your Data and Limit Your Legal Liability When Data Is Breached, webcast for NTCA-The Rural Broadband Association (November 2017)
- The Emerging Law of Cyber Defense, Cyber Law and Business Report Interview (October 2017)
- Emerging Fields in Cybersecurity, 2017 RETR3AT Cybersecurity Conference (October 2017 in Montreat, NC)
- The Summer of Ransomware Outbreaks, Outside In Series at Passport, Inc. (October 2017 in Charlotte, NC)
- Data Breach Law Basics, GreerWalker 2017 Not-for-Profit Industry Conference (October 2017 in Charlotte, NC)
- Before, During, and After the Breach, 18th Annual Cybersecurity Symposium at UNC Charlotte (October 2017 in Charlotte, NC)
- The Emerging Law of Active Cyber Defense, 2017 Privacy+Security Forum (October 2017 in Washington, DC)
- The Investigation and Litigation of Cybercrime, University of North Carolina School of Law (September 2017 in Chapel Hill, NC)
- Data Breach Law, (ISC)2 Piedmont Triad Chapter (September 2017 in Winston-Salem, NC)
- The Internet and Cybercrime for Lawyers, CLE presentation (various dates during 2017 in Charlotte, NC; Winston-Salem, NC; and Washington, DC)
- Preparing for GDPR: Insights from Across the Pond, IAPP Charlotte KnowledgeNet (September 2017 in Charlotte, NC)
- Tips for Interacting with Law Enforcement About Cyberattacks, Association of Corporate Counsel Compliance and Ethics Committee Legal Quick Hit (August 2017)
- New Data, New Payments, Let’s Talk Payments (August 2017 in Charlotte, NC)
- The Ransomware Threat: What Business Leaders Need to Know to Defend Against Cyberattacks, German American Chamber of Commerce (August 2017 in Charlotte, NC)
- Emerging Trends in Cyberattacks Against Healthcare Institutions, 13th Academic Medical Center Security & Privacy Conference (June 2017 in Chapel Hill, NC)
- Legal Tips and Issues from the WannaCry Ransomware Attack, Association of Corporate Counsel Compliance and Ethics Committee Webcast (May 2017)
- Getting Ready for WannaCry: Preparing for and Responding to the Largest Ransomware Attack Ever, Association of Corporate Counsel Compliance and Ethics Committee Legal Quick Hit (May 2017)
- Cybersecurity – What’s at Stake for Your Company? National Association of Corporate Directors Carolinas Chapter (May 2017 in Greenville, SC)
- Deception Technology, Fraud & Breach Prevention Summit: Atlanta (April 2017 in Atlanta, GA)
- Web Technology and Cybercrime Investigation, prosecutor training for the U.S. Attorney’s Office for the District of Columbia (March 2017 in Washington, DC)
- Online Investigation Using the Stored Communications Act prosecutor training for the U.S. Attorney’s Office for the District of Columbia (November 2015, July 2016, January 2017, and February 2017 in Washington, DC)
- How to Investigate Fraudulent Email Schemes, prosecutor training for the U.S. Attorney’s Office for the District of Columbia (December 2015 and July 2016 in Washington, DC)
- Bitcoin and Other Virtual Currencies, during U.S. Department of Justice and Qatar Public Prosecution conference entitled The Role of Social Media in Efforts to Combat Terrorism and Terrorism Financing (April 2016 in Doha, Qatar)
- Social Media Investigation, during U.S. Department of Justice and Qatar Public Prosecution conference entitled The Role of Social Media in Efforts to Combat Terrorism and Terrorism Financing (April 2016 in Doha, Qatar)
- SCOTUS Issues Landmark Decision on Cell Phone Location Information with Major Implications for Fourth Amendment Privacy, Business Law Today, American Bar Association Business Law Section (July 17, 2018)
- Refuge from a Jurisprudence of Doubt: Hohfeldian Analysis of Constitutional Law, 61 S.C.L. REV. 141 (2009)
- Joint Criminal Enterprise and Brdanin: Misguided Overcorrection, 47 HARV. INT’L L.J. 307 (2006)
- Good Samaritans, Beware: The Sensenbrenner-King Bill and Assistance to Undocumented Migrants, 9 HARV. LATINO L. REV. 195 (2006)
Any result the lawyer or law firm may have achieved on behalf of clients in other matters does not necessarily indicate similar results can be obtained for other clients.
- Advised an advertising technology company on privacy by design, managing HIPAA de-identification, and complying with the Digital Advertising Alliance principles and related self-regulatory frameworks
- Conducted internal investigations of cyberattacks for several clients, successfully helping a company recover significant funds that had been stolen through a business email compromise scheme.
- Handled multiple data breaches as “breach coach” during incident response, and represented a food services company impacted by a business partner’s ransomware attack.
- As a prosecutor, led numerous criminal investigations into corporate data breaches, business email compromise schemes, “dark web” criminal forums, money laundering using Bitcoin, terrorist use of the Internet, cyberstalking, and other cybercrime, and handled related national security investigations requiring Top Secret security clearance.
- Conducted 16 criminal jury trials, including emotionally charged felony domestic violence trials and armed robbery and kidnapping trials, and presented and cross-examined hundreds of witnesses during trials or before grand juries.