Photo of Thea McCullough

Thea McCullough

Thea McCullough counsels national and multinational companies across industries as a member of the Data Privacy and Cybersecurity, Litigation, and Public Policy practice groups.

Thea advises clients on a broad range of privacy issues, such as privacy policies and data practices, responses to regulatory inquiries, and compliance obligations under federal and state privacy regulations, including biometric privacy laws. She also represents clients before the Federal Trade Commission in privacy enforcement actions and in consumer protection litigation.

Thea draws on her past experience across all branches of government to inform her practice and to advise clients on public policy matters. Most recently, Thea served as a clerk for the U.S. District Court for the Eastern District of Texas. Prior to beginning her legal career, Thea served as the communications director for the White House National Space Council, where she spearheaded messaging campaigns for Presidential Space Policy Directives and the administration's civil, commercial, and defense space policy initiatives, and previously as the communications director for the U.S. House Committee on Science, Space, and Technology, where she managed the communications team and developed messaging strategies for policy and legislation covering several issue areas, including cybersecurity, advanced technologies, space, energy, environment, and oversight. She also served as a national spokesperson for President Trump's 2020 campaign.

Thea is admitted to the DC Bar under DC App. R. 46-A (Emergency Examination Waiver); Practice Supervised by DC Bar members.

U.S. Senate Majority Leader Chuck Schumer (D-NY) yesterday, July 23, initiated procedural steps that will likely lead to swift Senate passage of the Kids Online Safety Act (“KOSA”) and the Children and Teens’ Online Privacy Protection Act (“COPPA 2.0”).  Both bills have been under consideration in the Senate and the House of Representatives for some time, which we have previously covered.  Schumer’s action will likely bring the two bills in a single package to the Senate Floor as soon as Thursday, July 25. The future of the legislation in the House, however, is less certain.Continue Reading KOSA, COPPA 2.0 Likely to Pass U.S. Senate

An Illinois federal court has dismissed a proposed class action alleging X Corp. violated the state’s Biometric Information Privacy Act (“BIPA”) through its use of PhotoDNA software to create “hashes” of images to scan for nudity and related content. The court held that Plaintiff failed to allege that the hashes identified photo subjects and therefore failed to allege that the hashes constituted biometric identifiers. Martell v. X Corp., 2024 WL 3011353, at *4 (N.D. Ill. June 13, 2024).Continue Reading Illinois Federal Court Dismisses BIPA Suit Against X, Holding “Biometric Identifiers” Must Identify Individuals

Likely spurred by plaintiffs’ recent successes in cases under Illinois’s Biometric Information Privacy Act (“BIPA”), a new wave of class actions is emerging under Illinois’s Genetic Information Privacy Act (“GIPA”). While BIPA regulates the collection, use, and disclosure of biometric data, GIPA regulates that of genetic testing information. Each has a private right of action and provides for significant statutory damages, even potentially where plaintiffs allege a violation of the rule without actual damages.[1] From its 1998 enactment until last year, there were few GIPA cases, and they were largely focused on claims related to genetic testing companies.[2] More recently, plaintiffs have brought dozens of cases against employers alleging GIPA violations based on allegations of employers requesting family medical history through pre-employment physical exams. This article explores GIPA’s background, the current landscape and key issues, and considerations for employers.Continue Reading Employers Beware: New Wave of Illinois Genetic Information Privacy Act Litigation