

Nicole approaches her legal practice from both a global and a business perspective: she advises clients in a way that factors the broader ramifications of the legal issue before them, in addition to practical considerations. In this, she strives for effective and efficient advocacy.
A member of Ifrah Law’s Privacy Law team, Nicole is a certified privacy professional with expertise in European privacy law (CIPP/E), in particular the GDPR. She helps companies to navigate the changing face of privacy regulations and to keep their business practices and partnerships in compliance with the law both domestically and abroad. She regularly advises clients on:
- Public-facing privacy statements
- Internal privacy policies
- Data protection agreements
- Data retention practices
- Data breach response procedures
- Employee privacy training
Helping to serve the firm’s litigation and enforcement practices, Nicole’s work also includes federal agency investigations and enforcement, bid protests and business litigation, and white collar defense. She has worked on matters involving the Federal Trade Commission, Department of Justice, Internal Revenue Service, Offices of Inspector General of several federal agencies, and Attorneys General of numerous states. Nicole also has worked on many matters in which clients have proactively opposed government action – before administrative as well as judicial bodies. When necessary, she has taken policy issues to congressional offices and committees.
Some of her representative matters include:
- For a U.S.-based eSports company that operates in a number of jurisdictions around the globe, Nicole counseled on GDPR compliance measures and requirements, helping the company to revise its policies, notices and consents, identify E.U.-based compliance support, and strategize compliance best practices for their business.
- For a U.S.-based online advertising company that is regularly rated as one of the top CPA networks, with clients worldwide, Nicole helped the company on ground-up GDPR compliance, including internal policies, partner contracts, customer-facing notices and consents, and compliance best practices. She continues to advise the company on GDPR compliance issues as questions arise.
Professional + Community
- Certified Information Privacy Professional/Europe (CIPP/E) Certification, International Association of Privacy Professionals
- President and Member of the Board of Directors of the Alliance Francaise de Charlottesville
- Former Member of the Board of Trustees for the International School of Charlottesville
- Regular Contributor for the Foundation for Economic Education
"The Legal Fallout For Harvey Weinstein’s Hired Hands"
Law360
Read moreA. Jeff Ifrah, Moderator, "Mock Trial: United States v. Ginger McKenna", iGNA 2015, Planet Hollywood Resort & Casino in Las Vegas, Nevada
"You’ll Never Guess Who’s Trying to Hack Your iPhone"
FEE.org
Read more"Are You Prepared For a Government Probe?", National Defense Magazine
Securing Dismissal of a False Claims Qui Tam Suit
Jeff Ifrah successfully represented global health care leader Merck in a False Claims Act qui tam suit and got the case dismissed.
The suit involved a whistleblower that worked for a health care buying company (a group purchasing organization that purchases supplies and drugs). Terminated from the buying group, the employee alleged she was retaliated against because of issues she raised about the buying process.
The case was brought before the U.S. District Court for the Northern District of Texas, and 18 drug companies were named as defendants in an alleged bribery scheme. Jeff represented Merck, which was one of the named defendants. He filed a successful motion to dismiss the complaint, based on the former employee’s alarming lack of specificity in her claim.
Not only was our motion to dismiss successful, it was efficient: Jeff won the dismissal roughly one year after Merck and the other defendants were originally served.
(United States ex rel. Fitzgerald v. Novation LLC, et al., S.D. Tex., No. 3:03-CV-01589))
Passage of the 2018 Farm Bill: America’s Amber Waves of Grain Turn Green. What Does It Mean For CBD Oil Products and Advertising?

Much excitement surrounds the 2018 Farm Bill – the Agricultural Improvement Act of 2018 – which President Trump recently signed into law. The hubbub is all about hemp. The new law removes hemp from the Controlled Substances Act and opens markets across the fifty states to hemp and its many derivatives. Farmers and product manufactures… Read More
Ruling in Daniels v. FanDuel Highlights the Value of Sports Data and Contemporary Culture

More good news for sports betting operators exploring U.S. markets: the Indiana Supreme Court has upheld the “newsworthy value” of sports player stats. The ruling will make it harder for leagues and players to exercise control over (or to extract rents from) the distribution of player data. The case, Daniels v. FanDuel, was brought by… Read More
No More Bait and Switch: Subscription-Based Businesses Need to Refine Their Pitch Under California Law

Effective July 1, companies that offer free gift or trial periods for their products or services can no longer bill California consumers automatically at the expiration of the gift or trial period. Companies will be required to provide a “clear and conspicuous” explanation of the price that will be charged—or how the pricing will change—at… Read More
The California Consumer Privacy Act: The Who, What, When, Why…and How.

Make room Europe: California is taking on the data privacy challenge. For the last year or so, the privacy world has been abuzz with how to implement the E.U.’s General Data Protection Regulation. The buzz died down once GDPR went into effect in late May. But no rest for the weary. A little over a… Read More
Employer Liability for Data Breaches: Avoid Getting Eaten By Your Own

When a company suffers a data breach, it is hit with a barrage of issues. For instance, How can it safeguard against another breach? Who should it notify of the breach and when (Authorities? The people whose data was compromised?)? What type of measures should it undertake to minimize possible damage to those whose data… Read More