Jonathan Ende counsels clients on global privacy and cybersecurity compliance. His clients cover nearly every industry, market, and stage of development, and include large technology and media companies, financial institutions and insurers, healthcare providers and startups.
Jonathan provides practical, business-oriented advice on a range of privacy issues. He helps clients develop and maintain privacy compliance programs and counsels on a variety of product development and business operations topics, including advertising, emerging technologies and data monetization. He drafts and negotiates data privacy terms in contracts and assesses risks in business transactions. His expertise covers US federal and state and international privacy laws, including the EU General Data Protection Regulation (GDPR), state laws like the California Consumer Privacy Act (CCPA) and similar laws in Virginia, Colorado, Utah, and Connecticut, the Gramm-Leach-Bliley Act (GLBA), marketing laws including the CAN-SPAM Act and Telephone Consumer Protection Act (TCPA) and biometric data privacy laws like the Illinois Biometric Information Privacy Act (BIPA).
Jonathan also advises clients on cybersecurity matters and incident response. He has guided businesses through data breach response, working with vendors to investigate, mitigate, and remediate the breach and coordinating communications with regulators and notifications to third parties. Jonathan has also helped clients complete security risk assessments, including under industry standards like the Payment Card Industry (PCI) Data Security Standard (DSS).
Jonathan speaks on privacy and cybersecurity topics, including in America Bar Association events.
Assisted numerous companies with ground-up construction of privacy compliance programs for US state privacy laws in California, Virginia, Colorado, Utah, and Connecticut, including analyses of exemptions under GLBA and HIPAA
Advised large technology company on all aspects of privacy-compliant development of consumer wearable device
Counseled consumer electronics company on privacy and data security compliance issues in development of connected infotainment system, advanced driver assistance system, mobile applications, and other products
Advised tier 1 PCI merchant on preparation for a Report on Compliance (ROC) conducted by Qualified Security Assessor (QSA), and advised on actions to be taken to address gaps and remediate risks
Assisted large government contractor with response to data breach, including analysis of obligations under DFARS and other government contracting rules and regulations
Vetted privacy and cybersecurity risks in acquisitions of highly regulated businesses, including under debt collection laws, FCRA, marketing laws, HIPAA, and biometric privacy laws
Guided firm through registration as a data broker
Advised retailer on development of program involving collection and processing of biometric data, including drafting appropriate notice-and-consent forms, creating retention and deletion policies, and negotiating contracts with vendors
Advised financial and insurance services business on creation of a privacy compliance program that harmonizes requirements under US federal and state financial and insurance privacy laws
Do not send any information or documents that you want to have treated as secret or confidential. Providing information to McDermott via email links on this website or other introductory email communications will not create an attorney-client relationship; will not preclude McDermott from representing any other person or firm in any matter; and will not obligate McDermott to keep confidential the information you provide. McDermott cannot enter into an attorney-client relationship with you until McDermott has determined that doing so will not create a conflict of interest and until you and McDermott have entered into a written agreement or engagement letter that sets forth the terms of our relationship.