Jenny Holmes

Jenny Holmes is the deputy leader of the firm’s Cybersecurity & Privacy team. She is a Certified Information Privacy Professional/United States (CIPP/US), a preeminent credential in the field of privacy. Jenny advises clients on the ever-changing legal landscape of data privacy and cybersecurity law. She develops and implements system-wide privacy and security plans and creates response plans that address the mandates of the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the NY SHIELD Act, among others.

My focus

Privacy ComplianceInternational, federal, and state data privacy laws form a complex patchwork of overlapping—and sometimes conflicting—regulatory guidance. I help companies understand their obligations under these various laws and design comprehensive and compliant privacy programs, including external privacy policies, information security plans, and privacy response plans. Because individual data is often a company’s biggest asset and biggest risk, I establish architecture that enables and ensures safe storage and usage of personal information while also considering the practical needs of a company. Privacy laws are not static, and the strategies I develop are designed to evolve with the changing legal and regulatory data privacy landscape, staying ahead of the NY SHIELD Act, the CCPA, and the GDPR, among others. Data Breach ResponseIn the aftermath of a privacy breach, such as a ransomware attack or a funds transfer fraud incident, I help clients craft practical and cost-effective response plans that adhere to the applicable data privacy laws. This entails working with third-party vendors to ensure complete breach remediation, reviewing forensic reports to understand the root cause, and engaging with local, state, federal, and international law enforcement agencies. I also draft required notices, provide guidance on consumer or employee communications, and design and implement company policies to prevent future breaches and minimize the risk of class-action litigation. M&A Transactional Analysis

When businesses pursue changes to corporate structure, I complete due diligence reviews and advise clients on pre- and post-transaction compliance issues relating to data privacy and cybersecurity. I counsel clients on risk factors and potential liabilities, required corrective actions, and how to implement those corrections.

Looking forward

The combination of the political climate and consumers’ increased expectations will create massive impacts on companies’ data management, requiring increased attention to satisfy legal obligations and protect data.