Timothy J. Nagle



  • Suffolk University Law School, J.D., cum laude; Invited to Order of the Coif
  • University of Virginia, LL.M.
  • Johns Hopkins University, Certificate in Information Systems
  • United States Naval Academy, B.S.

Professional Admissions / Qualifications

  • Virginia

Tim is a member of Reed Smith's Data Security, Privacy & Management practice group. His most recent experience is as in house counsel with a global financial services firm where he supported security, privacy and technology executives. Additionally, with a broad background in security and privacy across government and industry, Tim can support clients in the areas of government contracts, financial services, energy and health care regulatory matters.


  • Tim has drafted and implemented security and privacy policies and practices that comply with the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA) and its Red Flags Rules, the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI-DSS), and the Federal Information Security Management Act (FISMA). 
  • As a member of a corporate data breach response team, he participated in all aspects of a breach including event identification, forensic evaluation, initial response, coordination with external agencies and regulators, and making notifications required by federal and state guidance.
  • As principal legal counsel for the global Chief Information Security Officer, Tim advised on issues involving network security and monitoring, use of authentication and encryption, phishing, and developing issues such as use of social media, mobile device management, response to hacktivist incidents and emergence of the advanced persistent threat. 
  • As counsel for a global security executive, he advised on the use of biometric devices for access to facilities, identification and response to global fraud rings, coordination with law enforcement, and background screening of employees. 
  • He has advised government and private sector network penetration testing teams on appropriate practices, use of social engineering, and code evaluation of operating systems and applications. 
  • Tim has advised on the privacy, security and data analysis aspects of online transactions (website and mobile devices) for consumer and corporate clients and has drafted terms of use, privacy policies and client agreements. 
  • He has drafted and negotiated security, privacy and business continuity terms of vendor agreements, and acquisition, divestiture, and joint venture formation documents. 
  • As counsel to a Chief Data Officer, he has advised on the appropriate collection, use, dissemination and quantitative analysis of large datasets for marketing, risk calculation and monetization purposes.
  • As chair of the National Security Telecommunications Advisory Committee’s Legislative and Regulatory Task Force, and as a bank representative to the Financial Services Sector Coordinating Council, he has been involved in public/private partnership discussions including security standards and assessments, exchange of threat information, and coordination in actual events.

Employment History

  • 2012 - Reed Smith
  • 2006 - Bank of America, Assistant General Counsel
  • 2002 - Northrop Grumman Corporation, Program Manager
  • 2000 - TRW/ Northrop Grumman Corporation, Director, Information Security
  • 1998 - Associate General Counsel, National Security Agency
  • 1995 – Deputy Assistant Judge Advocate General of the Navy for Special Programs

Professional Affiliations

  • Certified information privacy professional- 2006
  • Granted security clearance (Secret)

Notable Quotes

  • "Chinese Hacking Charges Spur Cos. To Turn To US Gov't" Law 360, Allison Grande (May 19, 2014)
  • "How To Avoid SEC’s Coming Cybersecurity Crackdown" Law 360, Allison Grande (April 17, 2014)
  • "Keep Your Financial Data Safe, Says the CFTC; In-House Straight" Corporate Counsel, Marlisse Silver Sweeney (March 10, 2014) 
  • "Cyber Attacks Compliance Teams Tackle Tech Threats" Special Report on Compliance, Compliance Intelligence (September 2013)
  • "Chinese Hackers Deliver Warning With Attacks On NYT, WSJ" Law360, Sean McLernon (January 31, 2013)
  • "Compliance Teams Tackle Tech Threats” Special Report on Compliance, Compliance Intelligence (October 2013)
  • "A Minefield of Legal Risks Come With 'Bring Your Own Device' Policies" Washington Post Business Journal, Catherine Ho (September 30, 2012)