Photo of Timothy A. Butler

Tim Butler helps companies thrive by developing tailored strategies to address their regulatory compliance challenges and vigorously defending them in government enforcement actions and bet-the-company lawsuits.

A former prosecuting attorney for the Federal Trade Commission (FTC) and former senior official in the Georgia Attorney General’s Office, Tim has led the defense of dozens of government investigations and enforcement actions brought by the FTC, the Consumer Financial Protection Bureau (CFPB), and the various state attorneys general. Tim also regularly defends clients in bet-the-company lawsuits, including complex business disputes and consumer class actions alleging privacy, false advertising, and unfair or deceptive business practice claims.

Tim is an experienced guide for companies struggling with regulatory complexity. He offers clear advice that helps his clients meet the demands of the ever-growing set of laws and regulations governing data privacy and cybersecurity, advertising and marketing practices, and consumer financial products and services. Clients rely on Tim’s business-minded and practical strategies to address their most difficult regulatory compliance challenges.

A graduate of the University of Chicago and Stanford Law School, Tim is a prolific author and regularly speaks to industry and trade groups about the evolving privacy landscape, about cutting-edge issues affecting payments and fintech companies, and about developments at the FTC, the CFPB, and within the state attorneys general community.

On April 4, 2024, the CFPB issued a report titled “Banking in Video Games and Virtual Worlds” that examines the financial and privacy risks to consumers in online video gaming marketplaces.

The CFPB’s report explains that gaming platforms facilitate the storage and exchange of valuable assets while collecting large amounts of data from their users.

On Oct. 19, 2023, the CFPB released a proposed rule that, if finalized in its present form, would require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s proposed rule, called the “Personal Financial Data Rights” rule, would implement Section 1033 of Title

On Nov. 9, 2022, the New York Department of Financial Services (NYDFS) issued a proposed second amendment to its 2017 cybersecurity regulation for financial service companies.[1] In July 2022, NYDFS issued a draft version of the changes, but the current amendment has significant changes. Most of the proposed changes will take effect 180 days

Go-To Guide:

  • The Safeguards Rule compliance deadline is delayed by six months
  • Eight subsections of the Safeguards Rule are affected by the delay
  • The new effective date for compliance is June 9, 2023
  • The FTC cited implementation challenges for small business as the reason for the delay.

On Nov. 15, 2022, the Federal Trade Commission