John L. Landolfi
Practice Areas
- Crisis Management
- eControl
- Information Technology, New Media and Advertising
- Intellectual Property, Entertainment, and Technology Protection
- Labor and Employment
- Litigation
- Privacy & Data Security
Industries
Education
- The Ohio State University Michael E. Moritz College of Law, J.D., 1989, with Honors
- Westminster College, B.A., 1986, magna cum laude
Bar & Court Admissions
John is a partner in the Vorys Columbus office. He is a leader of the firm's consumer products and retail law practice, and chair of the firm's privacy & data security practice. John is also a member of the litigation group and Vorys eControl.
John has 30 years of experience representing retail clients. In that time, he has developed a holistic approach to overcoming the constantly evolving challenges of the retail industry. John’s unique, comprehensive strategies have a proven record of helping his clients achieve their business objectives.
John’s practice includes defending and advising national retailers on matters related to privacy and cybersecurity, consumer protection laws, retail operations, advertising, loyalty and gift card programs, pricing, marketing, promotions, payment mechanisms, waste management, theft prevention, employment and wage issues, compliance, class actions and Attorney General actions, and commercial disputes. John makes it his business to become familiar with all legal matters relating to retail companies. He has significant experience handling all aspects of litigation arising from these areas, including class actions throughout the country. Additionally, John serves as general counsel for nationwide retailers, helping them with day-to-day decisions while maintaining consistency with their long-term strategic goals.
John maintains an active privacy and data security practice, advising companies regarding privacy compliance and technology, including privacy policy creation, behavioral advertising, information sharing, cybersecurity, electronic marketing, social media, compliance with state and federal laws impacting the collection and use of information, compliance with federal consumer protection laws, information and security programs, incident response and data breaches. John has significant experience counseling clients facing data breaches, including responding to data breaches on behalf of large national retailers and grocery chains.
John is a frequent speaker on various retail topics including privacy, cybersecurity, advertising, promotions, and sweepstakes. He has also given presentations on a variety of topics related to privacy and data security to professional associations, including the Association of Corporate Counsel (Central Ohio Chapter).
Career highlights include:
- Defending a national grocery chain in class action litigation with respect to significant data breaches
- Advising and defending multiple financial institutions with respect to data breaches
- Advising and defending a national retailer with respect to a data breach
- Advising a regional grocery chain with respect to the theft of personal information
- Advising an energy company with respect to a large data breach
- Serving as a data breach coach for several large national retailers
- Defending national retailers in TCPA cases throughout the country
- Defending a national energy company in a TCPA class action
- Representing national retailers in anti-counterfeiting cases across the country
- Obtaining a preliminary injunction on behalf of a national clothing client in a trademark counterfeiting action
- Advising retail clients on national advertising campaigns and promotions
- Defending a large automobile dealership in a putative state class action involving truth in lending, retail installment sales, fair credit reporting and various state law claims
- Representing a national retail chain in investigations by the New York City Department of Consumer Affairs into alleged deceptive return and exchange practices
- Representing a national retail chain in claims brought by the Ohio Attorney General arising from claims of fraud, deceptive practice and violations of various state laws
- Representing a national retail chain in a breach of lease claim resulting from damage caused by Hurricane Katrina
- Defending national retailers in putative class actions brought in courts throughout the nation arising from wage and hour claims and involving consumer protection matters
John has been recognized by the Best Lawyers in America and Ohio Super Lawyers for his legal work.
John is a member of the American Bar Association, the Ohio State Bar Association and the Columbus Bar Association.
Professional and Community Activities
- The Ohio State University Alumni Association, Lifetime Member
- American Cancer Society, Franklin County Advisory Board of Directors, Past President, 2006-2008
- Westminister College, Board of Trustees, 2004-2009
- Ohio State Bar Association, Council of Delegates, 2002-2014
- Children’s Hospital, Development Board, Annual Campaign, Past Chair
- The Ohio State University, Student Loan Foundation, Board of Trustees, Past Member; Alumni Award for Distinguished Teaching, Selection Committee, 2010-2012
- Scioto Country Club, Board of Trustees, President, 2014
- Upper Arlington High School Booster Club, Vice President, 2014
Honors & Awards
- Columbus CEO, Top Lawyers in Columbus, 2010-2021
- The Best Lawyers in America, Commercial Litigation, 2009-2022
- Fellow of the Columbus Bar Foundation since 1998
- Fellow of the Ohio State Bar Foundation since 2001
- Ohio Super Lawyers, Business Litigation, 2004-2016, 2018-2019
- Columbus Bar Association Community Service Award, 1999
- Columbus Junior Chamber of Commerce 10 Outstanding Young Citizens, 1998
- Columbus Junior Chamber of Commerce Distinguished Service Award, 1998
- The Ohio State University William Oxley Thompson Alumni Award, 1998
- Martindale-Hubbell AV Peer Review Rated
News
- 6/29/2022Vorys is pleased to announce that 59 of the firm’s attorneys have been recognized among the leading practitioners in the Columbus area in the 2022 edition of Columbus CEO’s Best Lawyers.
- 8/19/2021One hundred and sixteen lawyers from Vorys were recently selected by their peers for inclusion in the Best Lawyers in America® 2022 edition. In addition, 34 Vorys attorneys were named to the 2022 Best Lawyers in America “Ones to Watch” list.
- 8/20/2020One hundred and twelve lawyers from Vorys, Sater, Seymour and Pease LLP were recently selected by their peers for inclusion in the Best Lawyers in America® 2021 edition. In addition, 26 Vorys attorneys were named to the inaugural Best Lawyers in America “Ones to Watch” list.
- 8/15/2019One hundred and thirteen lawyers from Vorys, Sater, Seymour and Pease LLP were recently selected by their peers for inclusion in The Best Lawyers in America® 2020.
- 12/5/2018Vorys is pleased to announce that 48 attorneys from the firm have been named 2019 Ohio Super Lawyers and Rising Stars.
- 8/15/2018One hundred and thirteen lawyers from Vorys, Sater, Seymour and Pease LLP were recently selected by their peers for inclusion in The Best Lawyers in America® 2019.
- 12/5/2017Vorys is pleased to announce that 56 attorneys from the firm have been named 2018 Ohio Super Lawyers and Rising Stars.
- 8/17/2017One hundred and eight lawyers from Vorys, Sater, Seymour and Pease were recently selected by their peers for inclusion in The Best Lawyers in America® 2018.
- 3/28/2017This year, 54 Vorys attorneys were listed in the 2017 Columbus CEO “Top Lawyers” List.
- 8/15/2016One-hundred and eleven lawyers from Vorys, Sater, Seymour and Pease were recently selected by their peers for inclusion in The Best Lawyers in America® 2017.
- 12/2/2015Vorys is pleased to announce that 63 attorneys from the firm have been named 2016 Ohio Super Lawyers and Rising Stars.
- 12/2/2015John Landolfi, a partner in the Vorys Columbus office and a member of the litigation group, spoke with NBC4- Columbus about a data breach that VTech says occurred in November. According to the story, personal information of about 5 million VTech customers and their children may have been stolen by hackers.
- 8/17/2015One-hundred and eighteen lawyers from Vorys were recently selected by their peers for inclusion in The Best Lawyers in America® 2016.
- 1/28/2015John Landolfi, a partner in the Vorys Columbus office and a member of the litigation group, talked with 610 WTVN’s Joel Riley about the cybersecurity and privacy proposals that were announced by President Obama during his 2015 State of the Union address
- 12/3/2014Vorys is pleased to announce that 74 attorneys from the firm have been named 2015 Ohio Super Lawyers and Rising Stars.
- 8/18/2014One-hundred and ten lawyers from Vorys, Sater, Seymour and Pease were recently selected by their peers for inclusion in The Best Lawyers in America® 2015.
- 12/4/2013Eighty-one attorneys from Vorys, Sater, Seymour and Pease LLP have been named 2014 Ohio Super Lawyers and Rising Stars. 57 Vorys attorneys were named 2014 Ohio Super Lawyer and 24 Vorys attorneys were named 2014 Ohio Rising Stars.
- 8/14/2013One hundred and eleven lawyers from Vorys, Sater, Seymour and Pease were recently selected by their peers for inclusion in The Best Lawyers in America® 2014.
- 12/17/2012Seventy-Seven attorneys from Vorys, Sater, Seymour and Pease have been named 2013 Ohio Super Lawyers and Rising Stars.
- 8/23/2012One hundred and twenty-six lawyers from Vorys were recently selected by their peers for inclusion in The Best Lawyers in America® 2013.
- 2/3/2012John Landolfi, a partner in the Vorys Columbus office and chair of the firm’s technology committee, was quoted in a Columbus Business First article about the savings businesses have realized from the use of video conferencing technology.
- 12/16/2011
- 9/6/2011
- 3/17/2011
- 8/9/2010
- 12/22/2009
- 8/4/2009
- 12/29/2008
Events
- 10/12/2021In this webinar, we explored what legal teams and brand managers should consider when expanding into a new sales channel – whether online D2C or brick-and-mortar.
- 9/30/2021Vorys Partner John Landolfi co-hosted a webinar for the Jewelers Vigilance Committee titled "Cyberattacks on the Rise: A Chat with Legal Experts on How to Protect Your Business in a Technology-Based World".
- 7/13/2021Vorys attorneys conducted a presentation at the NRF Retail Law Summit 2021 titled "Ecommerce: Legal Issues Tangled in the Web."
- 2/2/2021Vorys eCommerce litigators Daren Garcia, Martha Motley, John Landolfi and George Stevens hosted a webinar in which they discussed frequently seen types of eCommerce-related litigation that companies face today and best practices for successfully navigating these issues.
- 3/3/2020Vorys Attorneys John Landolfi and Chris Ingram presented at the Ohio Insurance Institute Continuing Legal Education (CLE) Symposium on March 3, 2020.
- 5/30/2019Vorys Partner John Landolfi spoke at the 2019 Cybersecurity and Privacy Protection Conference on May 30-31, 2019.
- 6/19/2018On June 19, 2018, Vorys Partner John Landolfi participated in the Ohio Office of Small Business and Entrepreneurship’s professional development webinar series.
- 5/14/2018Vorys attorneys Chris Ingram and John Landolfi presented at the 2018 Central Ohio InfoSec Summit on May 14, 2018.
- 4/26/2018Vorys attorneys Whitney Gibson, Adam Sherman, Anthony Ehler and John Landolfi presented Trends in Internet and Ecommerce Law: What Every In-House Counsel Should Know on April 26, 2018.
- 5/9/2017Vorys attorneys Heather Enlow-Novitsky and John Landolfi were speakers at the webinar titled "Privacy Pitfalls for Retailers in Marketing" hosted by Vorys, Sater, Seymour and Pease LLP on May 9, 2017.
- 5/4/2016Vorys and Grant Thornton hosted the 2016 Cleveland Privacy Summit on May 4.
- 10/15/2015Vorys and The Ohio State University Moritz College of Law presented a two-day program, In-House Essential Conference on October 15-16, 2015.
- 10/9/2015Vorys attorneys Adam Brandt, Adam Miller and John Landolfi were speakers the 2015 Director’s Summit on October 9, 2015
- 4/30/2015Vorys attorneys Craig Auge, Jason Elvers, Chris Ingram, John Landolfi and Eric Whisler presented at the Advertising & Marketing Law 2015 CLE hosted by the Central Ohio Chapter – Association of Corporate Counsel on April 30, 2015.
- 4/15/2015Vorys co-hosted with Dix & Eaton and AIG to present "Perspectives on Cybersecurity: Proactively Protecting Data and Responding to Data Breaches" on April 15, 2015.
- 3/26/2015Vorys attorneys Chris Ingram, Jonathan Ishee, John Landolfi, Angel Lisinski and Eric Whisler participated in a panel titled “Monthly Update for February 2015,” on March 26, 2015.
- 3/23/2015Vorys Partner John Landolfi was a speaker at the 2015 Central Ohio InfoSec Summit on March 23, 2015.
- 4/24/2014Vorys partners John Landolfi and Lisa Pierce Reisz presented "Data Breach Response: The Benefits of Effective Preparation" to the Central Ohio Chapter - Association of Corporate Counsel on April 24, 2014.
Insights
- 6/10/2022Last week, the U.S. House and Senate released a discussion draft of the American Data Privacy and Protection Act (ADPPA). This is the first bipartisan data privacy bill released at the federal level. The introduction of the ADPPA comes in the wake of a profusion of comprehensive state data privacy laws passed and considered over the last few months. To date, five states have passed comprehensive privacy laws, including Connecticut just last month. If passed, the ADPPA would largely preempt state privacy laws, with some narrow exceptions.
- 5/25/2022On May 10, 2022, Connecticut became the fifth state to pass a comprehensive privacy law.
- 3/25/2022On March 24, 2022, Utah Governor Spencer Cox signed into law the fourth state comprehensive privacy law in the United States.
- 3/8/2022The Rise of “Zero-Click” Hacks Provides Cautionary Tale when Using Personal Devices for Business UseA new threat, known as “zero-click” hacks, is emerging from well documented state-sponsored spyware schemes.
- 2/21/2022On January 28, 2022, California Attorney General Rob Bonta sent notices to several businesses offering loyalty programs to California consumers, alleging noncompliance with the California Consumer Privacy Act (CCPA) for failure to provide adequate notice of their financial incentive programs.
- 2/3/2022It is expected to be another big year for privacy laws as many states will look to join California, Virginia, and Colorado in passing comprehensive privacy laws.
- 10/29/2021In a 3-2 decision, the Federal Trade Commission (FTC) announced on Wednesday important updates to its Standards for Safeguarding Customer Information.
- 8/18/2021Download a quick primer on recent trends in state name/image/likeness laws
- 7/7/2021Last week, Ohio Governor Mike DeWine signed an executive order allowing collegiate athletes to benefit from their name, image, and likeness in Ohio. Governor DeWine’s executive order came only a few days after Ohio’s promising name/image/likeness (NIL) bill stalled in the House of Representatives.
- 6/9/2021This week, the Colorado House of Representatives passed a new state privacy bill by a vote of 57-7.
- 5/5/2021Florida lawmakers failed to pass an expansive privacy law before the legislative session adjourned last Friday.
- 4/26/2021Last week, the Florida House of Representatives passed a new privacy bill, House Bill 969, by a vote of 118-1.
- 3/3/2021Yesterday, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA) into law.
- 2/22/2021Last week, Virginia’s Senate and House of Delegates sent identical versions of a new privacy bill to Virginia Governor Ralph Northam’s desk.
- 1/20/2021After failing to pass in 2019 and 2020, the Washington state legislature has introduced a comprehensive consumer privacy law for a third year in a row.
- 1/8/2021On January 6, New York legislators introduced Assembly Bill 27, the Biometric Privacy Act (BPA).
- 12/14/2020On December 10, 2020, the California Attorney General proposed modifications to its recent California Consumer Privacy Act (CCPA) regulations.
- 11/10/2020On November 4, New Jersey joined eight other states with a statewide ban on single-use plastic bags.
- 11/4/2020California voters are set to approve the California Privacy Rights Act of 2020 (CPRA).
- 9/29/2020Governor Gavin Newson signed a bill on Friday, September 25 to amend the California Consumer Privacy Act (CCPA) to exempt certain health information from the CCPA, among other things.
- 9/28/2020On September 23, at a U.S. Chamber of Commerce event, Indiana Attorney General Curtis Hill announced his intention to establish a rule to give businesses an incentive to implement cybersecurity plans to protect Indiana consumers’ information from cyberattacks.
- 9/2/2020On Sunday, August 30th, the California Legislature passed AB 1281, a bill extending the business-to-business and employee carve-outs to California Consumer Privacy Act (CCPA) compliance until January 1, 2022.
- 6/26/2020On June 24, the California Privacy Rights Act (CPRA) became eligible for the November 2020 general election ballot in California. The CPRA would expand and amend the recently-operable California Consumer Privacy Act (CCPA).
- 6/5/2020On June 1, California Attorney General Xavier Becerra submitted the final proposed regulations to the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL).
- 5/7/2020U.S. Senators Roger Wicker, John Thune, Jerry Moran, and Marsha Blackburn recently announced their plan to introduce the COVID-19 Consumer Data Protection Act, seeking to provide Americans more transparency and control over the collection and use of “covered data” during the COVID-19 public health emergency.
- 4/14/2020Although the draft regulations implementing the California Consumer Privacy Act (CCPA) have not been finalized, businesses are already encountering a wave of CCPA class action lawsuits.
- 4/13/2020With tens of millions of Americans suddenly working from home data privacy issues have taken on new urgency.
- 3/12/2020Yesterday, California Attorney General Xavier Becerra released a third set of draft regulations (the New Modifications) implementing the California Consumer Privacy Act (CCPA).
- 2/18/2020Washington legislators recently reintroduced the Washington Privacy Act (WPA). Learn more about this draft bill.
- 2/10/2020On February 7, 2020, California Attorney General Xavier Becerra released proposed modifications (the Modifications) to the previously-released draft regulations implementing the California Consumer Privacy Act (CCPA).
- 10/16/2019Last Friday, California Governor Gavin Newsom signed several last-minute amendments to the California Consumer Privacy Act (CCPA).
- 7/30/2019On July 9, 2019, the California Consumer Privacy Act (CCPA) amendment picture got a little clearer as the California Senate Judiciary Committee advanced several amendments while also eroding and eliminating others.
- 7/26/2019Governor Cuomo signed the Stop Hacks and Improve Electronic Data Act (SHIELD) on July 25, 2019, providing stronger protections for New Yorkers by imposing strict cybersecurity requirements on all companies, broadening the Attorney General’s oversight over data breaches, and expanding data breach notification requirements.
- 6/7/2019Last week Nevada amended its law that governs online privacy policy disclosures to now give Nevada residents the right to opt out of the sale of certain personal information.
- 5/28/2019Earlier this month, New Jersey joined a growing list of states which require companies to provide notification under their respective data breach laws where non-traditional personal informational is compromised.
- 5/15/2019Governor Jay Inslee recently signed Substitute House Bill 1071, amending Washington’s data breach notification law.
- 2/18/2019Ohio recently added comprehensive cybersecurity requirements to its insurance laws through Substitute Senate Bill 273, which take effect on or about March 19, 2019.
- 1/23/2019Massachusetts Governor Charlie Baker recently signed House Bill 4806, amending the state’s data breach notification law. In relevant part, the amendment expands the information that must be reported to Massachusetts regulators in connection with a data breach involving the personal information of Massachusetts residents, imposes new requirements on compromised entities, and adds some clarification to when entities are required to issue notice of a breach. These changes take effect on April 11, 2019.
- 11/5/2018Recently, the Securities and Exchange Commission (SEC) imposed a $1 million penalty against Voya Financial Advisors, Inc. (VFA).
- 10/31/2018Canada’s new mandatory breach-notification requirements in the Personal Information Protection and Electronic Documents Act (PIPEDA) take effect on November 1, 2018.
- 8/6/2018On August 3, Governor John Kasich signed Senate Bill 220, also known as the Ohio Data Protection Act.
- 6/29/2018Yesterday, California enacted the California Consumer Privacy Act of 2018. The law imposes new regulations on the collection, use, and disclosure of consumers’ personal information that will significantly impact companies doing business in California.
- 3/20/2018
- 1/2/2018As we begin the New Year, it’s time to re-visit and update your data incident response plan. Companies subject to the Payment Card Industry Data Security Standard (PCI-DSS) are required to do so to ensure compliance.
- 12/5/2017Senate Bill 220, also known as the Data Protection Act, was recently introduced in the Ohio legislature.
- 9/12/2017Some may say that it was only a matter of time. On September 7, 2017 Equifax, one of the country’s three main credit reporting agencies, reported that it has been hacked.
- 8/25/2017The National Institute of Standards and Technology (NIST) recently released an updated draft of its Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations that sets forth cybersecurity guidance for securing devices and software commonly referred to as the “internet of things.” The draft represents NIST’s latest attempt to produce a unified information security framework for the federal government that is now also bleeding into the private sector.
- 8/23/2017Companies doing business in Delaware should be aware of a recent amendment to its cybersecurity and data breach notification law.
- 2/8/2017“Smart” television manufacturer VIZIO, Inc. has agreed to pay $2.2 million to settle charges brought by the Federal Trade Commission (FTC) and New Jersey Attorney General arising from VIZIO’s alleged collection and use of detailed viewing history on 11 million of its smart TVs without consumers’ knowledge or consent.
- 10/27/2016The State of California is rolling out a new tool for consumers to report potential violations of the California Online Privacy Protection Act (CalOPPA).
- 5/16/2016In a highly-anticipated opinion, this morning the U.S. Supreme Court overturned the Ninth Circuit Court of Appeals’ decision in Spokeo, Inc. v. Robins.
- 5/10/2016In the ever-expanding world of e-commerce, businesses often create terms, conditions, notices, policies, or other disclaimers on their websites that apply to consumers across the country.
- 2/10/2016As part of an ongoing effort to improve the federal government’s cybersecurity practices, President Barack Obama signed two executive orders this week establishing a Federal Privacy Council to be filled by Senior Agency Officials from at least 24 federal agencies, and a Commission on Enhancing National Cybersecurity, to be composed of up to 12 members appointed by the President.
- 11/25/2015In an Official Press Release last week, the Federal Trade Commission announced that it has approved final amendments to its Telemarketing Sales Rule that, in large part, help protect consumers by eliminating various payment methods popular amongst scam artists.
- 6/23/2015The Federal Trade Commission (FTC) has recently released its updated “What People are Asking” FAQs regarding its Endorsement Guides. The FTC’s Endorsement Guides help define what the FTC would consider to be a deceptive practice when using endorsements in advertising.
- 1/14/2015Earlier this week, President Obama gave a speech at the FTC laying out an agenda on privacy and data security issues, and indicating that the topic is important enough to the administration that it will be included in his upcoming State of the Union address. Generally, the initiative’s goals include tackling identity theft, protecting the privacy of student data and working toward a general privacy “bill of rights” to provide comprehensive data and privacy protections.
- 6/30/2014On June 20, Florida’s governor signed into law a replacement to its former breach notification statute, called the Florida Information Protection Act of 2014. This law is going into effect very quickly (July 1, 2014), and will be one of the most robust breach notification laws in the country. The Florida law did not necessarily break new ground, but it incorporated into one law many of the recent trends that have been passed in other states.
- 6/2/2014On June 2, 2014, the Supreme Court issued a unanimous decision in the case of Limelight Networks, Inc. v. Akamai Technologies, Inc. (Case No. 12-786), that will have the immediate impact of limiting liability for inducement to infringe under 35 U.S.C. § 271(b) where no party is liable for direct infringement under §271(a). In at least the short-term future, defendants accused in a patent suit of inducing infringement of a method claim, where no one party has performed or controlled the performance of all steps of the method, should have a solid basis for seeking dismissal of that suit for failure to state a cause of action.
- 4/18/2014Fifteen states and the District of Columbia have laws that restrict the collection of personal identification information at the point of sale when payment is made by a credit card. Retailers received good news recently from the U.S. District Court for the District of Columbia in Hancock v. Urban Outfitters.
- 2/11/2011
- 5/19/2010
- 11/20/2009