Jennifer L. Mitchell

She | Her | Hers

Partner

Los Angeles
T +1.310.442.8865
F +1.310.820.8859

Overview

As the firm's Los Angeles and Costa Mesa Digital Assets and Data Management Leader, Jennifer Mitchell leverages more than 15 years of legal, compliance and operational experience, much of it in-house, as she helps clients navigate the complex landscape of global and strategic privacy matters. Having most recently served in executive privacy leadership roles for two global Fortune 100 companies, she is well versed in providing practical business solutions to maintain compliance with U.S., EMEA, LATAM and APAC privacy regulations. Jennifer also has in-depth experience with implementing data-driven initiatives in compliance with GDPR, HIPAA and CCPA, and provides strategic privacy counseling in mergers and acquisitions and divestitures across industries, including medical device and entertainment.

Jennifer has supported employee data programs for companies, including providing strategic privacy counseling to tackle the challenges posed by return-to-work initiatives during the pandemic, both in-office and at production locales. She has also supported global data subject rights requests in the employment context, and provides strategic counseling in preparation for CPRA employment data compliance.

Jennifer recently served as the Vice President of Privacy at Sony Pictures Entertainment Inc., where she was responsible for overseeing Sony Pictures' global privacy program across businesses. In addition, Jennifer was the Global Privacy Officer for Abbott Laboratories' Diabetes Care Division and a partner at an international law firm specializing in white-collar criminal defense, government investigations and litigation. She is a Certified Information Privacy Professional (CIPP/US/EU) and a Certified Information Privacy Manager (CIPM).

Select Experience

  • Legal and operational experience related to compliance with international and federal data protection laws and frameworks, such as the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), General Data Protection Regulation (GDPR) and the Brazilian General Data Protection Law (LGPD).
  • Led strategy and negotiations with government authorities, including Data Protection Authorities (DPA), regarding data breach notifications and in response to DPA inquiries.
  • Created and implemented privacy programs, including the drafting and implementation of consumer-facing and employee data protection notices and policies; conducting privacy risk assessments and advising on privacy-by-design for product launches and new data initiatives; and implementing Data Subject Rights (DSR) procedures and automated processes in compliance with global laws.
More »

Experience

  • Legal and operational experience related to compliance with international and federal data protection laws and frameworks, such as the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), General Data Protection Regulation (GDPR) and the Brazilian General Data Protection Law (LGPD).
  • Led strategy and negotiations with government authorities, including Data Protection Authorities (DPA), regarding data breach notifications and in response to DPA inquiries.
  • Created and implemented privacy programs, including the drafting and implementation of consumer-facing and employee data protection notices and policies; conducting privacy risk assessments and advising on privacy-by-design for product launches and new data initiatives; and implementing Data Subject Rights (DSR) procedures and automated processes in compliance with global laws.
  • Led privacy legal strategy for global acquisitions and divestitures, including performing due diligence to identify privacy risks, drafting of deal terms to reduce privacy or information security risks, counseling on data transfer obligations in acquisitions and divestitures and advised on post-close strategy.
  • Supported updates to global technologies impacting employee privacy, including the drafting of privacy impact assessments, coordinating with technology and information security leads on implementing appropriate safeguards, updating employee data protection notices and working with DPOs and local Works Councils to evaluate initiatives prior to implementation.
  • Analyzed and negotiated data processing agreements in controller-to-controller and controller-processor scenarios, and business associate agreements and data use agreements for HIPAA-covered entities.

Recognitions and Memberships

Recognitions

  • Certified Information Privacy Professional (CIPP/US/EU)
  • Certified Information Privacy Manager (CIPM)

Memberships

  • California Lawyers Association, Privacy Law Section: Executive Committee
  • CHIEF (the only private membership network focused on connecting and supporting women executive leaders): Founding Member, Los Angeles Chapter (2020 to present)
  • International Association of Privacy Professionals (IAPP): Co-Chair, Los Angeles Chapter (2016 to 2018)
  • Women Business Leaders of the U.S. Health Care Industry Foundation (2016 to 2017)
  • EmpowHer Institute, Inc.: Vice President and Board Member (2014 to 2015)

Prior Positions

  • Sony Pictures Entertainment Inc.: Vice President, Privacy, Legal Compliance (2020 to 2021)
  • Abbott Laboratories, Global Privacy Officer, Abbott Diabetes Care Division (2017 to 2020)

Admissions

  • California

Education

  • J.D., University of Michigan Law School
  • B.A., University of Michigan, with high distinction

Blog

In The Blogs

Previous Next
Data Counsel
2023 DSIR Report Deeper Dive: U.S. Employee Privacy Developments
By Frederick C. Bingham, Jennifer L. Mitchell, Justin T. Yedor
May 30, 2023
Among the many developments in data privacy regulation that took place over the past year, new requirements relating to employee personal information in California and New York have deservedly received a lot of attention. Meanwhile...
Read More ->
Data Counsel
California's Landmark Age-Appropriate Design Code Act: What You Need to Know
By Christine Mastromonaco, Jennifer L. Mitchell, Jeewon K. Serrato, Justin T. Yedor
September 8, 2022
On Aug. 29, California’s Senate unanimously passed Assembly Bill 2273, known as the Age-Appropriate Design Code Act (the CA AADC or the Bill). The Bill, which is anticipated to be signed into law by Gov. Gavin Newsom, is aimed at promoting...
Read More ->
Data Counsel
CPPA Begins CPRA Rulemaking
By Jennifer L. Mitchell, Jeewon K. Serrato, Justin T. Yedor
June 2, 2022
On May 26, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to provide updates on the Agency’s rulemaking process. The next day, the CPPA released draft regulations for the California Privacy...
Read More ->
Data Counsel
Part 2 of BakerHostetler's Countdown to CPRA – Top 5 FAQs to Evaluate Compliance Strategy for Employees
By Jennifer L. Mitchell
April 1, 2022
In Part 1 of BakerHostetler’s Countdown to CPRA blog series, we provided initial guidance to businesses on key California Privacy Rights Act (CPRA) compliance readiness considerations. On January 1, 2023, California could become the first...
Read More ->
Data Counsel
Countdown to the CPRA
By Taylor A. Bloom, Jennifer L. Mitchell, Justin T. Yedor
February 15, 2022
On Oct. 15, 2021, BakerHostetler reported on the status of the California Privacy Protection Agency’s rulemaking process and the challenges the agency faces issuing regulations under the California Privacy Rights Act (CPRA) before the July...
Read More ->