Lorraine Maisnier-Boché focuses her practice on data protection and information technology (IT) law.
She has deep experience in the digital and IT sector as well as the health care industry, frequently advising health care professionals, hospitals, governmental entities, insurance companies, medical device manufacturers, software editors and hosting service providers on complex IT projects.
Lorraine has a strong background in data protection, and regularly advises on GDPR compliance programs, international data transfers, marketing and profiling actions, sensitive data (e.g., personal health data), audits and security issues.
Prior to joining McDermott, Lorraine was an IT/DP lawyer in an international law firm for several years. She then served as Senior Legal Counsel at the French eHealth Agency (ASIP Santé), where she advised on the development and implementation of national health information systems and on drafting the related IT agreements and licenses. She assisted the eHealth Agency’s Data Protection Officer with maintaining records on data processing activities and ensuring that the Agency implements a GDPR compliance program. In this context, she also carried out legal review of applications for health care data hosting service providers and for obtaining access to the National Healthcare Professionals Directory, as well as implemented labels, certifications and guidelines regarding digital switchover, interoperability and cybersecurity in the health sector.
She is also a lecturer in IT and Data Protection law at the Paris University and author of several papers on digital, data protection and e-health law. She is a regular speaker in eHealth and data protection conferences and workshops. She is a Certified Information Privacy Professional/Europe (CIPP/E).
- Assisted a multinational manufacturer in drafting and negotiating IT agreements
- Advised an international insurance company on the data protection aspects of the negotiation of an AI technology
- Assisted a data broker in its GDPR compliance program and advised on the profiling compliance strategy
- Assisted a multinational manufacturer in conducting a data protection impact assessment (DPIA) on a cybersecurity-related data processing
- Drafted the contractual documentation of an AI medical imaging platform
- Assisted and conducted a biotech’s GDPR compliance program
- Collaborated with the Ministry of Health in drafting national health-related regulations and managing mandatory consultations with the CNIL and various other professional bodies*
- Advised on the development and implementation of several national eHealth information systems*
- Advised an international IT company on the adoption of Binding Corporate Rules*
*Matter handled prior to joining McDermott Will & Emery
- The Legal 500 EMEA, Recommended Lawyer, 2022 – 2023
- Best Lawyers in France 2023
- Association for the Development of IT Law, Member and Coordinator of the Data Protection Workshop
University of Paris XI – Jean Monnet, Master’s IP/IT Law, 2010
University of Paris II – Panthéon-Assas, Master’s Business and Tax law, 2009