Overview
Laura Jehl serves as global head of the Firm’s Privacy and Cybersecurity Practice. Focusing on the intersection of data, law and emerging technologies, Laura advises clients on a broad range of privacy and cybersecurity issues. She has extensive experience identifying and mitigating privacy and data protection issues arising out of the collection, use and storage of data as well as the design of new business models, products and technologies. With unique experience as a former senior in-house counsel and C-suite executive, she understands the business, legal and technological challenges and opportunities her clients face and helps develop innovative approaches to maximize the value of their data-based assets.
Laura handles complex data security incidents, including large data breaches in the healthcare, internet, social media and hospitality sectors, among others. She directs forensic investigations, advises on notifications to US and international regulators, and leads sensitive interactions with law enforcement and national security agencies related to cyber incidents.
Laura also advises on US and international privacy and cybersecurity compliance, including obligations imposed by the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). She also advises clients on the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Electronic Communications Privacy Act (ECPA), the Children’s Online Privacy Protection Act (COPPA), and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), as well as other breach notification and data security laws. She has helped hundreds of clients build and enhance comprehensive privacy programs, while anticipating emerging and quickly evolving privacy and security obligations.
Laura also represents clients in connection with legal and regulatory issues presented by emerging technologies, including blockchain, cryptocurrencies and digital identity solutions.
Previously, Laura served as general counsel, chief privacy and security officer at a healthcare data analytics company, and as chief privacy counsel at a major health insurer, where she helped lead the company’s response to one of the largest ever reported data breaches. Earlier, Laura served as vice president and chief litigation counsel at America Online, Inc. (AOL), where she played a critical role in the development of internet law, particularly in litigating the scope of the ISP immunity provisions of Section 230 of the Communications Decency Act, the development of privacy policies and protections for AOL users, and the legal battle against junk email. In addition, Laura led AOL’s response to a number of high-profile government investigations, including some of the first FTC investigations into data privacy matters. Laura also played a leading role in gaining US international regulatory approval of AOL’s merger with Time Warner in 2000, then the largest corporate merger in history. Laura later held a business role as chief of staff to AOL’s vice chairman.
Results
- Advised global hospitality company in connection with response to major data security incident that potentially exposed the personal information of up to 500 million guests at hotel properties. Engagement included advice on compliance with US and international data protection and data breach notification regulations, including EU General Data Protection Regulation (GDPR)*
- Developed and implemented GDPR compliance programs for numerous US and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers and employee training*
- Advised numerous clients on compliance with the California Consumer Privacy Act (CCPA), including advocacy related to development of implementing regulations*
- Advised social media company on GDPR and national security implications of large scale transfers of personal data offshore
- Represented internet and technology industry clients on matters involving Section 230 of the Communications Decency Act, the Electronic Communications Privacy Act (ECPA), Stored Communications Act (SCA), Cloud Act and other content- and national security-related privacy matters*
- Represented a leading internet service provider in complex and sensitive interactions with federal and international law enforcement agencies related to major state-sponsored cyber incident*
- Led major health insurer’s response to a massive cyberattack in which the attackers accessed personal information of nearly 80 million individuals*
- Advised blockchain industry clients on GDPR and CCPA compliance, particularly related to the interaction between the immutability of distributed ledger technology, GDPR’s right of erasure and CCPA’s right of deletion, as well as the development of digital identity solutions*
- Advised a digital currency platform services provider in responding to a multimillion-dollar cyber theft of bitcoin from a digital currency exchange. Issues included incident response; crisis communications; interactions with compromised exchange; client cybersecurity practices and personnel; and pre-litigation counseling and preparation*
- Developed federal policy strategy for blockchain-enabled global payments company on federal and state legislative, regulatory and policy issues relating to cryptocurrencies*
- Represented a major cloud service provider in connection with a data security incident involving customer data left exposed in a publicly-permissioned bucket accessible on the internet*
- Negotiated complex, multi-party relationship for development and marketing of artificial intelligence solutions in the healthcare industry*
- As a member of a panel of academic, technology and privacy/cybersecurity leaders, advised technology and government sectors on use of blockchain technologies to secure and streamline elections*
*Matter handled prior to joining McDermott.
Recognitions
Community
- International Association of Privacy Professionals, Certified Information Privacy Professional (CIPP/US)
Credentials
Education
Harvard Law School, JD, cum laude, 1991
University of California, Berkeley, BA, highest honors, 1986
Admissions
District of Columbia
California
Languages
English
French
Spanish