Overview
Jonathan Ende counsels clients on global privacy and cybersecurity compliance. His clients cover nearly every industry, market, and stage of development, and include large technology and media companies, financial institutions and insurers, healthcare providers and startups.
Jonathan provides practical, business-oriented advice on a range of privacy issues. He helps clients develop and maintain privacy compliance programs and counsels on a variety of product development and business operations topics, including advertising, emerging technologies and data monetization. He drafts and negotiates data privacy terms in contracts and assesses risks in business transactions. His expertise covers US federal and state and international privacy laws, including the EU General Data Protection Regulation (GDPR), state laws like the California Consumer Privacy Act (CCPA) and similar laws in Virginia, Colorado, Utah, and Connecticut, the Gramm-Leach-Bliley Act (GLBA), marketing laws including the CAN-SPAM Act and Telephone Consumer Protection Act (TCPA) and biometric data privacy laws like the Illinois Biometric Information Privacy Act (BIPA).
Jonathan also advises clients on cybersecurity matters and incident response. He has guided businesses through data breach response, working with vendors to investigate, mitigate, and remediate the breach and coordinating communications with regulators and notifications to third parties. Jonathan has also helped clients complete security risk assessments, including under industry standards like the Payment Card Industry (PCI) Data Security Standard (DSS).
Jonathan speaks on privacy and cybersecurity topics, including in America Bar Association events.
Results
- Assisted numerous companies with ground-up construction of privacy compliance programs for US state privacy laws in California, Virginia, Colorado, Utah, and Connecticut, including analyses of exemptions under GLBA and HIPAA
- Advised large technology company on all aspects of privacy-compliant development of consumer wearable device
- Counseled consumer electronics company on privacy and data security compliance issues in development of connected infotainment system, advanced driver assistance system, mobile applications, and other products
- Advised tier 1 PCI merchant on preparation for a Report on Compliance (ROC) conducted by Qualified Security Assessor (QSA), and advised on actions to be taken to address gaps and remediate risks
- Assisted large government contractor with response to data breach, including analysis of obligations under DFARS and other government contracting rules and regulations
- Vetted privacy and cybersecurity risks in acquisitions of highly regulated businesses, including under debt collection laws, FCRA, marketing laws, HIPAA, and biometric privacy laws
- Guided firm through registration as a data broker
- Advised retailer on development of program involving collection and processing of biometric data, including drafting appropriate notice-and-consent forms, creating retention and deletion policies, and negotiating contracts with vendors
- Advised financial and insurance services business on creation of a privacy compliance program that harmonizes requirements under US federal and state financial and insurance privacy laws
Credentials
Education
University of Virginia School of Law, JD, 2017
University of Virginia, BA, Economics, 2011
Admissions
District of Columbia
Virginia
Languages
English
Japanese
