Bloomberg Law
Free Newsletter Sign Up
Bloomberg Law
Free Newsletter Sign Up

They’ve Got Next: Privacy and Cybersecurity Fresh Face Kristin Hadgis

Oct. 29, 2021, 9:00 AM

In many data breach class actions, Article III standing—whether plaintiffs have alleged the injury necessary to bring their claims in federal court—is a major question mark.

Morgan Lewis partner Kristin Hadgis tackled that very question in Hendrick v. Aramark Corp., securing dismissal of the proposed class action for food services provider Aramark. The Philadelphia-based Fortune 500 company had been accused in a July 2016 lawsuit of violating the Fair and Accurate Credit Transactions Act by allegedly having one of its stores printing more than the last five digits of the named plaintiff’s credit card number in violation of the law.

Hadgis drafted the briefing for the issue and helped develop case strategy. The April 2017 decision was significant given that neither the U.S. Court of Appeals for the Third Circuit nor the U.S. District Court for the Eastern District of Pennsylvania had addressed Article III standing in a FACTA action since the U.S. Supreme Court’s 2016 decision in Spokeo Inc. v. Robins.

“That was the first time this court had addressed the issue since Spokeo, so it’s an important win for me,” Hadgis said.

Hadgis, who hails from Westchester County, New York, went to Franklin & Marshall College in Lancaster, Pennsylvania, where she studied government and developed a love for reading and writing.

After working as a real estate department legal assistant in New York for two years—and learning that transactions practice wasn’t really for her—she landed at Villanova University Charles Widger School of Law. She had a summer gig at Morgan Lewis and clerked post-grad in the Eastern District of Pennsylvania before returning to the firm as an associate, where she’s remained ever since.

“Kristin was a great associate from the moment she joined us, and then we got to her fourth or fifth year she turned to focus on privacy and cyber, she went from being great to truly elite and among the best we have,” said Greg Parks, co-leader of the firm’s privacy and cybersecurity practice.

Hadgis handles a variety of matters across the practice—including litigation, privacy counseling, and incident response—but she has carved out a niche at the intersection of retail, e-commerce, and technology, helping consumer-facing businesses update privacy policies and comply with novel laws such as the California Consumer Privacy Act.

She prides herself on a practical approach to privacy compliance, having helped companies navigate the CCPA and other laws by creating flowcharts and templates for clients that break key takeaways into “business-friendly material.”

In litigation, Hadgis has also worked with a Morgan Lewis team to consolidate a series of consumer-led lawsuits against the Hudson’s Bay Co. following a payment security card incident involving Saks Fifth Avenue, Saks OFF 5th, and Lord & Taylor.

In May 2019, she helped secure partial dismissal of claims brought in the U.S. District Court for the Southern District of New York by one of the consumers for lack of standing since the plaintiff’s bank promptly canceled her debit card.

“For us it was significant because some courts found risk of future harm alone is enough for standing,” Hadgis said. “But here the Southern District of New York held allegations of future harm were not enough in that case.”

The consolidated case has a final approval hearing scheduled for early next year, she said.

Through it all, Hadgis had made approachability and resourcefulness part of her brand, Parks said.

“Every time I introduce a client to Kristin, I can be sure that within a couple of weeks they’ll say she’s great and so down-to-earth and nice and gives the advice in a way that makes us feel good,” Parks said. “That’s a rare trait and something you can’t teach—how to give the right advice in a way that the client likes.”

Outside of traditional client work, Hadgis provides pro bono privacy counseling for several nonprofits, including Philadelphia organizations focused on cancer awareness and funding as well as those combatting homelessness. That includes helping nascent organizations craft online privacy policies for their websites, she said.

Hadgis also acts as Morgan Lewis’ assignment coordinator for data privacy and cybersecurity work, matching associates to partners for projects.

It’s a natural fit for Hadgis, who also makes it a goal to informally mentor younger attorneys, especially women, who are breaking into the space.

“Partners took time to train me and invest in me,” Hadgis said. “I really want to pay that forward and mentor associates within the privacy group and outside of it.”

To contact the reporter on this story: Jake Holland in Washington at

To contact the editors responsible for this story: Kibkabe Araya at; Lisa Helem at

To read more articles log in.

Learn more about a Bloomberg Law subscription.