Privacy, Data Strategy, and Artificial Intelligence

Compliance

Staying on top of legal, compliance, and regulatory obligations under the myriad of burgeoning global privacy-, data protection-, and AI-related laws, regulations, frameworks, and standards can be challenging for any organization, large or small. Jones Walker has the knowledge and practical experience to help your organization navigate these laws, obligations frameworks and standards, including the EU and UK General Data Protection Regulation (EU and UK GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act (COPPA), the EU Artificial Intelligence Act (EU AI Act), the EU e-Privacy Directive, the Federal Information Security Management Act (FISMA), the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Federal Communications Act of 1934, SEC disclosure guidelines, the National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework, Federal Trade Commission (FTC) data/privacy regulations, the Telephone Consumer Protection Act (TCPA), and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM).

Our team also advises clients regarding US state breach notification laws, and new and proposed state privacy, data protection and security laws and regulations such as the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Illinois Biometric Information Privacy Act (BIPA), and similar statutes across the country.

We also advise on applications for binding corporate rules, the EU-US Data Privacy Framework, and the maintenance of such programs.

Data Strategy and Program Development

As the global regulatory environment for privacy and data becomes increasingly complex and our clients expand internationally, our attorneys help clients create, implement, and update their privacy programs and adapt their existing data management practices to meet new and changing compliance challenges without stressing their resources. We help them with data mapping so that they can better understand their data, where it is located, and where and with whom it is shared. We also advise on strategies about how to manage, protect, and optimize data.

We assess, develop, and revise information collection, storage, disposal, and sharing policies and procedures in accordance with regulatory obligations without compromising business workflows, data security, or integrity, and we identify potential threats and compliance issues. We also help clients develop and implement comprehensive data protection and AI programs, including documenting policies, procedures, and guidance around privacy, cybersecurity, data governance, data minimization, records retention, privacy notices, data protection impact assessments, transfer impact assessments, legitimate interests assessments, and employee privacy guidance and procedures.

Commercial and Transactions

Data and security issues and considerations exist in many client, vendor and other third-party agreements, which can impact contracting and implementation timelines, increase the complexity of negotiations, affect operational commitments, and increase risk to any organization. Jones Walker attorneys are keenly aware of these considerations and work with you to meet your contracting goals while minimizing overall risk. We advise clients on developing, negotiating, and finalizing privacy, data protection, and AI commercial agreements and corporate transactions, including agreements regarding the processing, sharing, transfer, and protection of personal information such as data processing, security, licensing, data transfer, vendor, services, outsourcing, technology, and data sharing agreements.

We also advise on data protection- and security-related due diligence, governance, and contracting for mergers and acquisitions and other corporate transactions. Additionally, Jones Walker attorneys assist in vetting potential suppliers and negotiating related outsourcing, licensing, consulting, and service agreements.

Artificial Intelligence

AI is rapidly becoming ubiquitous, with material impacts on the business world and society at large. Increasing global efforts to regulate the development and use of AI present compliance challenges and increased risks around the use, creation, and deployment of AI systems.

Jones Walker attorneys have a deep understanding of the technologies that constitute the world of AI, including generative AI, machine learning, natural language processing, large language models (LLMs) and neural networks. This knowledge enables us to better help our clients navigate this complex world, mitigate risks, be strategic, and develop approaches to differentiate themselves. As a result, we offer strategic and pragmatic advice on AI governance, contracting, risks, data collection, licensing, procurement, risk management, outputs, intellectual property issues, transactional matters, and the use of AI tools that allow our clients to focus on their AI strategy.

Incident Response, Investigations, Disputes, and Litigation

A company victimized by a data breach can quickly become the target of litigation or a governmental investigation. Jones Walker attorneys represent clients in related privacy and data security disputes and litigation such as with shareholders, customers, and credit card agencies. We also represent our clients in related regulatory proceedings.

We advise on proactive methods and strategies, including breach readiness and security strategies, to minimize data incidents. If a data incident does occur — whether it results from a cybersecurity breach, ransomware, denial-of-service attack, hack, human error, theft, data leakage, or other loss of sensitive information — we respond to the event quickly and effectively. We help clients investigate and contain the incident, analyze the circumstances and impact of the situation, and advise on compliance with federal and state notice, reporting, and other requirements, including responding to regulatory inquiries and coordinating with governmental, law enforcement, and supervisory authorities. Our attorneys assemble teams of key in-house staff; outside IT, forensic, and public relations experts; and data security professionals to develop a plan for minimizing the risk of future incidents and communicating with the public in an appropriate manner. 

Follow-on disputes, including shareholder and class action litigation against corporations and their directors and officers, often arise after a data breach. Our experienced litigators and trial lawyers help clients resolve disputes in federal and state courts as well as through alternative procedures such as arbitration and negotiated settlements.

Cybersecurity

Understanding the sophisticated world of cybersecurity is critical to navigating compliance challenges and minimizing cyber threats. Jones Walker attorneys offer advice on a wide range of cybersecurity matters, including compliance with federal, state, and global cybersecurity laws, regulations, and standards such as the UK Network and Information Systems (NIS) Regulations, the EU NIS2 Directive, the New York Department of Financial Services Cybersecurity Regulation, the Electronic Communications Privacy Act, the Homeland Security Act, the Cybersecurity Information Sharing Act of 2015, the FTC Act, cyber breach notification laws, and other federal, state, sector-specific, and global cybersecurity laws and regulations.

We also advise on cyber incident investigations, reporting, and governmental engagement and offer guidance on cybersecurity policies and procedures, training and awareness, risk assessments, insurance, vendor risk management, and contracting.