Antonette E. Igbenoba

Associate

Atlanta
T +1.404.946.9787
F +1.404.459.5734

Overview

Toni Igbenoba advises clients in multiple industries on global and domestic data protection regulations and assists them in developing privacy standards and business-friendly operational measures to address issues, mitigate risk and achieve compliance. As a Certified Information Privacy Professional (CIPP/US), Certified Information Privacy Manager (CIPM) and a Fellow of Information Privacy (FIP), she is well versed in global data privacy and security requirements, such as the General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Law (CASL), Personal Information Protection Law of the People's Republic of China (PIPL) and the California Consumer Privacy Act (CCPA).

Prior to joining BakerHostetler, Toni served as the privacy and ethics associate counsel of a U.S. software as a service (SaaS) platform, where she helped develop and refine their data privacy, data ethics and anti-money laundering law compliance programs. She also worked at a multinational professional services firm, where she advised Fortune 100 companies on complex data privacy initiatives, including state, federal and international privacy law compliance, privacy by design, privacy program governance, privacy program assessment, policy implementation and data breach response and management. 

Select Experience

  • Developed and maintained a “Privacy Legal Developments Tracker”, monitoring data transfer developments, Brexit, mobile application privacy requirements (iOS and Android), state law updates, federal trends, GDPR developments from Data Protection Authorities or the European Data Protection Board (EDPB), biometric trends, cookies and international privacy regulatory updates to drive compliance with domestic and international requirements.
  • Advised on internal vendor and external enterprise client Data Processing Agreements (DPA), including documented privacy and security protection clauses obligated for the protection of data depending on Controller or Processor position. Advised on the incorporation and proper tailoring of Standard Contractual Clauses (SCCs), where necessary, within DPA relationships listed above.
  • Maintained global Data Subject Rights (DSAR) program, including updating internal policies, customer service procedures and response templates. Refined DSAR process to include new countries with DSAR rights such as China and Ecuador.
More »

Experience

  • Developed and maintained a “Privacy Legal Developments Tracker”, monitoring data transfer developments, Brexit, mobile application privacy requirements (iOS and Android), state law updates, federal trends, GDPR developments from Data Protection Authorities or the European Data Protection Board (EDPB), biometric trends, cookies and international privacy regulatory updates to drive compliance with domestic and international requirements.
  • Advised on internal vendor and external enterprise client Data Processing Agreements (DPA), including documented privacy and security protection clauses obligated for the protection of data depending on Controller or Processor position. Advised on the incorporation and proper tailoring of Standard Contractual Clauses (SCCs), where necessary, within DPA relationships listed above.
  • Maintained global Data Subject Rights (DSAR) program, including updating internal policies, customer service procedures and response templates. Refined DSAR process to include new countries with DSAR rights such as China and Ecuador.
  • Managed responses to platform users' escalated DSAR complaints and regulatory inquiries from clients, vendors and other stakeholders regarding privacy program. Corresponded and settled an inquiry from an international privacy regulator regarding a user’s DSAR request concern and additional allegations regarding biometric data processing.
  • Managed cross-functional partners in developing full scale ePrivacy Directive and GDPR cookie compliance effort via measuring legal requirements, documenting cookie guidance for internal teams to map cookie processing organization-wide and working with external cookie solution vendor to deploy cookie banner on webpages mobile applications. Supported teams impacted by banner opt-out numbers (e.g. marketing and analytics) through strategic risk-based advice (e.g. cookie reclassification).
  • Provided specific day-to-day risk-based privacy and security legal advice to cross-functional corporate partners.
  • Addressed organizational privacy and security compliance issues via operationalizing and implementing legal requirements into actionable business targets.
  • Monitored and investigated potential breach incidents to confirm the vulnerability had been patched and if there was an “unauthorized access” or “breach” of data as proscribed by applicable laws.
  • Supported marketing team by developing specific legal guidance for email and telephone marketing, as well as detailed guidelines for opt-out/unsubscribe requirements in the European Economic Area (EEA), Canada and the U.S., including FAQs regarding re-engagement with a consumer, LinkedIn outreach requirements and the differences between “opt-out” and “unsubscribe”.
  • Developed a document with both domestic and international legal requirements to support internal team in processing and leveraging biometric data for platform security purposes in a risk-limiting manner while still meeting safety objectives.
  • Developed privacy training and awareness content and hosted organization-wide events for Data Privacy Day and Cybersecurity Awareness month.
  • Supported privacy program maintenance, including periodic policy updates (such as privacy policy and internal privacy procedure documents), privacy process implementations and supported internal and external organizational privacy audits (annual ISO audits and enterprise client compliance audits).
  • According to new U.S. state law requirements from California, Virginia, Colorado, Utah and Connecticut, road-mapped legal requirements and documented corresponding compliance gaps and documented cross-functional action items for compliance and new procedural deployments in preparation for 2023 target dates.
  • Designed an annual organization-wide and finance team-specific anti-money laundering (AML) law training, based on Office of Foreign Assets Control (OFAC) requirements with a focus on know your customer (KYC) and due diligence requirements. 
  • Evaluated new or updated product features, systems, activities, initiatives and vendors to determine whether a Privacy Impact Assessment (PIA) was required. Facilitated the PIA process via identifying privacy risks and recommending regulatory compliant and effective remediations.
  • Advised product counsels and corporate stakeholders on privacy risks/trends within their business units.
  • Worked closely with corporate stakeholders to identify gaps in privacy implementation across business units.

Recognitions and Memberships

Recognitions

  • International Association of Privacy Professionals (IAPP)
    • Certified Information Privacy Professional (CIPP/US )
    • Certified Information Privacy Manager (CIPM)
    • Fellow of Information Privacy (FIP)

Memberships

  • Georgia Bar, Privacy and Technology Section: Executive Committee 
  • International Association of Privacy Professionals (IAPP), Atlanta KnowledgeNet Chapter: Co-chair 

Community

  • Hands On Atlanta: Civic Fellow
  • Books For Africa
  • Pajama Program

Prior Positions

  • Upwork Inc.: Privacy and Ethics Associate Counsel (2020 to 2022)
  • Ernst & Young: Data Privacy Consultant (2019 to 2020)

Admissions

  • Georgia

Education

  • J.D., John Marshall Law School, Atlanta, 2017
  • B.A., The Pennsylvania State University, 2014