Skip to Main Content
Professional Photo



Matt White is co-chair of Baker Donelson's Financial Services Cybersecurity and Data Privacy Team, and a member of the Firm's Incident Response Team, which has been named an Authorized Breach Coach® by NetDiligence. He regularly advises clients on matters related to cybersecurity, data privacy, technology, and artificial intelligence (AI). Matt focuses on counseling his clients on a wide range of issues including compliance, policies and procedures, training, transactions, contracts, incident response, regulatory investigations, and litigation.

Featured Videos

Top Cybersecurity and Data Privacy Issues for Financial Institutions in 2024 January 17, 2024
Evolving Technology: Cybersecurity and Data Privacy in the Era of ChatGPT May 17, 2023
Top 10 Cybersecurity and Privacy Issues for 2023 January 25, 2023
Ethical Issues in Defensible Disposition December 16, 2022
The CPRA is On the Way: What Your Financial Institution Needs to Do November 9, 2022
Cybersecurity and Privacy – Trending Topics for Financial Institutions September 22, 2022

Featured Experience

Represented numerous financial institutions with regard to compliance with privacy and cybersecurity laws and regulations, including GLBA, CCPA, CPRA, GDPR, HIPAA, FCRA, and TCPA.

Assisted numerous clients with remediation and reporting of security incidents, including those caused by ransomware, phishing, malware, employee misconduct, and other cyber-attacks.

Counseled multiple clients on compliance with U.S. privacy laws and privacy notices.

Professional Biography

Matt White is a Certified Information Privacy Professional (CIPP/US, CIPP/E), a Certified Information Privacy Technologist (CIPT), and a Certified Information Privacy Manager (CIPM). Matt is also a Payment Card Industry Professional (PCIP). His practice focuses on representing financial institutions, including banks, credit unions, lenders, Fintechs, insurance companies, InsurTechs, investment advisory firms, and broker-dealer firms, as well as other highly regulated businesses. He counsels clients on all aspects of privacy and cybersecurity, including litigation and breach response, privacy compliance, transactional diligence, and the defense of regulatory actions.

Matt particularly focuses on helping businesses implement policies, procedures, contracts, and best practices concerning cybersecurity, data privacy, technology, and AI, and assisting clients in strategically navigating through cyber incidents and litigation.

Matt also provides strategic advice to his clients concerning artificial intelligence (AI), biometrics, blockchain technology, smart contracts, cryptocurrencies, and other digital assets including non-fungible tokens (NFTs). He provides sophisticated and knowledgeable counsel on the novel issues clients encounter in this rapidly evolving space. He assists clients with AI program development, including implementing and managing issues related to AI applications, contracts, services, and solutions, including generative AI, deep learning, machine learning, and natural language processing. He has also advised clients on relevant regulations including federal and state money transmitter laws, AML/KYC, privacy and cybersecurity, as well as whether tokens are considered securities. Matt has deep experience in financial services regulation, securities, commodities, and broker-dealer regulation, cybersecurity and data privacy, and in litigation, and draws on that experience to anticipate, recognize, and address the legal, regulatory, and compliance issues his clients face relating to blockchain and digital assets. As the decentralized finance (DeFi) ecosystem continues to evolve, Matt can advise clients ranging from platforms, exchanges, issuers, application developers, startups, and other innovators who are operating in this cutting-edge environment, to investors, hedge funds, and established financial firms that are interested in exploring the legal implications of and strategically increasing their exposure to the DeFi markets. He has also represented victims of DeFi fraud in assessing their recovery and litigation options.

He routinely advises clients on data privacy and security matters arising from a variety of state and federal laws and regulations including the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Health Insurance Portability and Accountability Act (HIPAA), the Fair and Accurate Credit Transactions Act (FACTA), the Telephone Consumer Protection Act (TCPA), the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), the Electronic Communications Privacy Act (ECPA), the Stored Communications Act (SCA), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) and other state privacy laws, and the New York Department of Financial Services Cybersecurity Regulation. He also counsels clients on global data protection laws including the General Data Protection Regulation (GDPR), and on compliance with Payment Card Industry (PCI-DSS) requirements.

Matt has significant experience:

  • Counseling on the investigation, response, notification, and defense of data breaches and incidents;
  • Advising clients on privacy, information security, supply chain and vendor management, contracts, insurance, document retention, e-discovery, and data and technology issues;
  • Assisting clients with compliance-related matters including internal policy creation and training;
  • Preparing customized website and mobile device policies and notices including terms of use, privacy policies, state-specific notices, and cookie notices; and
  • Representing clients in responding to regulatory investigations and in litigation and class action matters involving cybersecurity and data privacy issues.

Matt also has extensive experience representing financial institutions, broker-dealers, investment advisors, and other companies in litigation, arbitration, regulatory and compliance matters, and in investigations and enforcement proceedings. He regularly represents national and regional securities firms and their registered representatives in a wide array of matters including customer-initiated arbitrations and litigation, enforcement proceedings and investigations by the SEC, FINRA and other self-regulatory organizations and state securities regulators, intra-industry disputes such as "raiding" claims, and claims related to non-competition agreements, the theft of trade secrets, and expungement.

As an experienced litigator, Matt has represented clients in numerous complex commercial and general business litigation. He has successfully litigated trial and appellate matters in both state and federal courts, and in mediation and arbitration. Matt has also defended financial institutions and other corporations in class action litigation, with a focus on defending privacy and data breach class actions.

You can connect with Matt on LinkedIn.

  • Represented numerous financial institutions with regard to compliance with privacy and cybersecurity laws and regulations, including GLBA, CCPA, CPRA, GDPR, HIPAA, FCRA, and TCPA.

  • Assisted numerous clients with remediation and reporting of security incidents, including those caused by ransomware, phishing, malware, employee misconduct, and other cyber-attacks.

  • Counseled multiple clients on compliance with U.S. privacy laws and privacy notices.

  • Represented a company in class action litigation alleging violations of the FTC Guidelines arising out of a data breach.

  • Represented numerous broker-dealers and registered investment advisers in litigation and in arbitrations involving claims of unsuitability, unauthorized trading, misrepresentation, churning, failure to supervise and breach of fiduciary duty.

  • Successfully defended broker-dealers and registered investment advisers in SEC enforcement actions.

  • Successfully defended broker-dealers in FINRA enforcement actions.

  • Successfully defended a corporate executive in an SEC insider trading investigation.

  • Successfully defended the officer of a company in a SEC inquiry regarding alleged material misrepresentations.

  • Represented numerous broker-dealer firms and their registered representatives in responding to subpoenas, document requests from regulators, and informal inquiries as well as formal SRO investigations involving investment banking activities, alleged sales practice violations, failure to supervise and other matters.

  • Represented the officers of a public company in bankruptcy and in a parallel criminal investigation, civil litigation, and regulatory investigation.

  • Successfully defended a financial institution on appeal in a U.S. Court of Appeals case arising out of the disposition of a business unit in which former employees claimed $2.4 million in damages for the alleged breach of a payment agreement. Obtained affirmance in the client's favor.

  • Represented a mortgage company in a case before the Tennessee Court of Appeals in which the Court held that there is no private right of action to enforce the Home Affordable Modification Program.
  • Won a dismissal of action alleging breach of contract and fraud filed in a U.S. District Court based on lack of personal jurisdiction.

  • Represented a local government in litigation arising from school system consolidation.
  • Defended broker-dealer in a federal court action alleging violations of federal and state securities laws, aiding and abetting breach of fiduciary duties, and commercial bribery in the wake of the bankruptcy of a registered investment adviser.

  • Member – International Association of Privacy Professionals (CIPP/US, CIPP/E, CIPM)
    • Co-Chair, IAPP KnowledgeNet Memphis Chapter
  • Distinguished™ Peer Review Rated by Martindale-Hubbell
  • Selected to Mid-South Rising Stars by Mid-South Super Lawyers (2014 – 2023)
  • Named a 2018 Best of the Bar Ace Associate by the Memphis Business Journal
  • Named a 2016 Top 40 Under 40 by the Memphis Business Journal
  • Recipient – Baker Donelson Firmwide Pro Bono Award (2016, 2018)
  • Member – American Bar Association
    • Securities Litigation Committee
  • Member – Memphis Bar Association
  • Member – Tennessee Bar Association
  • Member – Virginia Bar Association
  • Member – Bar Association of the District of Columbia
  • Member – DRI
    • Commercial Litigation Committee
    • Government Enforcement and Corporate Compliance Committee
    • Securities Enforcement Subcommittee
    • Complex Commercial Litigation Subcommittee
  • Community Co-Chair – DRI Complex Commercial Litigation SLG
  • Member – Financial Markets Association, Seminar Planning Committee
  • Member – Leo Bearman, Sr. American Inn of Court
  • Named a Tennessee Supreme Court Attorney for Justice
  • Member – Financial Services Department Diversity Committee
  • Member – FBI Citizens Academy Alumni Association
  • President – Memphis Area Gator Club
  • "Brave New World? Examining Artificial Intelligence and Its Impact on Financial Services Legal Practice," Financial Markets Association's Legal & Legislative Conference (November 2023)
  • "Cybersecurity Preparedness: Current Threats and Key Principles for Managing Critical Risks," Employee Training (October 2023)
  • "Artificial Intelligence: What You Need to Know," CLE Webinar (October 2023)
  • "Cybersecurity and Data Privacy: Regulations, Cyber Threats, and AI – Key Issues that Lawyers Must Understand," Tennessee Bar Association (October 2023)
  • "Artificial Intelligence in the Legal Profession: What You Need to Know," Legal Department Training (October 2023)
  • "Incident Response (IR) Planning: What a Comprehensive IR Plan Must Have in Today's Environment From a Legal and Safety Standpoint," Security and Incident Response Webinar (June 2023)
  • "Incident Response – Working with Law Enforcement," Memphis CISO Working Group, Quarterly Meeting (May 2023)
  • "The Road Ahead: Privacy and technology," International Association of Privacy Professionals (IAPP) Memphis KnowledgeNet (May 2023)
  • Panelist – "The Cybersecurity Landscape: A Look at Current and Future Challenges," 2022 Forum Series presented by Pinnacle, Nashville, Tennessee (December 2022)
  • "Virtual Memphis KnowledgeNet," International Association of Privacy Professionals (IAPP) Memphis KnowledgeNet (December 2022)
  • Panelist – "Cybersecurity Dinner Panel," Arctic Wolf, Nashville, Tennessee (August 2022)
  • Co-presenter – "Banking and Financial Industry Trends for In-House Counsel," Webinar (August 2022)
  • Panelist – "Cybersecurity Networking Lunch," Arctic Wolf, Nashville, Tennessee (February 2022)
  • "Cybersecurity in the Construction Industry," Southeast Construction Owners and Associates Roundtable (SCOAR), Winter Meeting, Point Clear, Alabama (February 2022)
  • "Navigating the Intersection of Security and Privacy," Vendor Risk Connect North America (December 2021)
  • "Must Know for Cyber Security – Threats, Regulations & Best Practices," Association of Insurance Compliance Professionals (AICP) Annual Conference, San Diego, California (October 2021)
  • "Broker-Dealer/Registered Investment Adviser Legal and Compliance Update," Webinar (September 2021)
  • "Where Privacy and Security Intersect," International Association of Privacy Professionals (IAPP) Memphis KnowledgeNet Presentation (September 2021)
  • "Data Inventory, Retention, and Privacy," International Association of Privacy Professionals (IAPP) Memphis KnowledgeNet Presentation (June 2021)
  • "State Legislation Update: California and Copy-Cat States," International Association of Privacy Professionals (IAPP) Memphis KnowledgeNet Presentation (March 2021)
  • "California Privacy Update: CPRA & CCPA," National Association of Mutual Insurance Companies (NAMIC) (January 2021)
  • "Data Incident Virtual Tabletop Exercise," International Association of Privacy Professionals (IAPP) Memphis and Nashville KnowledgeNet Presentation (December 2020)
  • "Gramm Leach Bliley Act—What is Your Bank Required to Do?," Tennessee Bankers Association's Strategic Technology, Risk & Security Conference (September 2020)
  • "Updates in Privacy Law," International Association of Privacy Professionals (IAPP) Memphis KnowledgeNet Presentation (June 2020)
  • "The California Consumer Privacy Act: Examining the Exemptions, Proposed Regulations, and Compliance Issues for Insurance Companies," National Association of Mutual Insurance Companies (NAMIC) (January 2020)
  • "Legal Issues Confronting Inside Counsel" (November 2019)
  • "How to Prepare for the SEC's New Standards of Conduct Rulemaking Package" (September 2019)
  • Panelist – "BCP, Data Security and Cybersecurity: Avoiding Pitfalls and Mitigating Risk," FMA's 27th Annual Securities Compliance Seminar (April 2018)
  • Speaker/Panelist – "Taking and Defending Effective Depositions," Tennessee Bar Association's TennBarU (April 2013)
  • "Encountering and Avoiding Ethical Traps," Tennessee Bar Association's TennBarU (February 2013)



  • University of Florida, Levin College of Law, J.D., cum laude
    • Research Editor, Florida Law Review
    • Member – Florida Journal of Technology Law and Policy
    • Member – Florida Entertainment Law Review
    • Officer – Corporate and Securities Litigation Group
    • Placed First in the Florida Intramural Securities Moot Court Competition
    • Book Awards in Legal Drafting and Advanced Techniques in Appellate Advocacy
    • Dean's List
  • University of Florida, B.A., magna cum laude


  • Tennessee, 2012
  • District of Columbia, 2010
  • Virginia, 2009
  • U.S. District Court for the Western, Middle, and Eastern Districts of Tennessee
  • U.S. District Court for the Eastern and Western Districts of Virginia
  • U.S. District Court for the District of Columbia
  • U.S. Court of Federal Claims
  • U.S. Court of Appeals for the Federal Circuit
  • U.S. Court of Appeals for the Sixth Circuit

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept