Jaime B. Petenko focuses her practice on privacy and data security matters, advising U.S. and multinational clients on international, federal and state privacy and cybersecurity laws, regulations and industry standards, including the California Consumer Privacy Act (CCPA), EU General Data Protection Regulation (GDPR), Gramm-Leach-Bliley Act (GLBA), Regulation S-P, Children’s Online Privacy Protection Act (COPPA) and Canada Personal Information Protection and Electronic Documents Act (PIPEDA).
Jaime counsels clients across a broad spectrum of industries, including insurance, financial services, adtech, manufacturing, alcohol and beverage, ecommerce, educational institutions and nonprofits. She helps clients to identify risks and find practical, business-friendly solutions to address the evolving issues presented by emerging technologies and a changing regulatory landscape. While advocating for a flexible approach, she actively monitors regulatory and legislative developments as well as enforcement actions to keep her clients informed and nimbly respond as the regulatory environment changes. She also works with clients to proactively incorporate privacy into their infrastructure, products and business practices.
Additionally, Jaime’s corporate background in securities, M&A and corporate governance provides her a unique perspective on privacy and cybersecurity. She works with clients to identify and evaluate risks in corporate transactions, address data transfer issues in all stages of the transaction and develop strategies for post-closing integration of privacy and cybersecurity programs. Jaime also works with clients to develop effective privacy and cybersecurity governance strategies. She drafts and negotiates a wide variety of agreements, including data protection agreements and terms of service.
Jaime also helps clients respond to international data breaches. Having gained experience and insight from working on international data breaches impacting hundreds of millions of individuals globally, she assists clients with meeting international data breach notification obligations. When local presence is critical, she draws on a deep network of local counsel relationships to assist clients in navigating the complexities of each jurisdiction’s legal and regulatory requirements.
She also advises on legal and regulatory issues related to blockchain, virtual currencies, autonomous vehicles and artificial intelligence.
Developed and implemented CCPA compliance programs for numerous companies, including drafting notices and privacy policies, developing policies and procedures for consumer privacy requests and amending agreements with service providers and other parties
Developed and implemented GDPR compliance programs for numerous multinational organizations, including GDPR applicability analysis, data transfer mechanisms (EU Model Clauses and EU-U.S. Privacy Shield), data protection impact assessments, privacy notices and employee training*
Assisted multinational organizations with global privacy compliance efforts, including data transfers and revising vendor agreements
Do not send any information or documents that you want to have treated as secret or confidential. Providing information to McDermott via email links on this website or other introductory email communications will not create an attorney-client relationship; will not preclude McDermott from representing any other person or firm in any matter; and will not obligate McDermott to keep confidential the information you provide. McDermott cannot enter into an attorney-client relationship with you until McDermott has determined that doing so will not create a conflict of interest and until you and McDermott have entered into a written agreement or engagement letter that sets forth the terms of our relationship.