Jennifer L. Mitchell

She | Her | Hers

Partner

Los Angeles
T +1.310.442.8865
F +1.310.820.8859

Overview

As the firm's Los Angeles and Costa Mesa Digital Assets and Data Management Leader, Jennifer Mitchell leverages more than 15 years of legal, compliance and operational experience, much of it in-house, as she helps her clients navigate the complex landscape of global and strategic privacy matters. Having most recently served in executive privacy leadership roles for two global Fortune 100 companies, she is well versed in providing practical business solutions to maintain compliance with U.S., EMEA, LATAM and APAC privacy regulations. Jennifer also has in-depth experience with implementing data-driven initiatives in compliance with GDPR, HIPAA and CCPA, and provides strategic privacy counseling in mergers and acquisitions and divestitures across industries, including medical device and entertainment.

Jennifer has supported employee data programs for companies, including providing strategic privacy counseling to tackle the challenges posed by return-to-work initiatives during the pandemic, both in-office and at production locales. She has also supported global data subject rights requests in the employment context, and provides strategic counseling in preparation for CPRA employment data compliance.

Jennifer recently served as the Vice President of Privacy at Sony Pictures Entertainment Inc., where she was responsible for overseeing Sony Pictures' global privacy program across businesses. In addition, Jennifer was the Global Privacy Officer for Abbott Laboratories' Diabetes Care Division and a partner at an international law firm specializing in white-collar criminal defense, government investigations and litigation. She is a Certified Information Privacy Professional (CIPP/US/EU) and a Certified Information Privacy Manager (CIPM).

Select Experience

  • Legal and operational experience related to compliance with international and federal data protection laws and frameworks, such as the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), General Data Protection Regulation (GDPR) and the Brazilian General Data Protection Law (LGPD).
  • Led strategy and negotiations with government authorities, including Data Protection Authorities (DPA), regarding data breach notifications and in response to DPA inquiries.
  • Created and implemented privacy programs, including the drafting and implementation of consumer-facing and employee data protection notices and policies; conducting privacy risk assessments and advising on privacy-by-design for product launches and new data initiatives; and implementing Data Subject Rights (DSR) procedures and automated processes in compliance with global laws.
More »

Experience

  • Legal and operational experience related to compliance with international and federal data protection laws and frameworks, such as the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), General Data Protection Regulation (GDPR) and the Brazilian General Data Protection Law (LGPD).
  • Led strategy and negotiations with government authorities, including Data Protection Authorities (DPA), regarding data breach notifications and in response to DPA inquiries.
  • Created and implemented privacy programs, including the drafting and implementation of consumer-facing and employee data protection notices and policies; conducting privacy risk assessments and advising on privacy-by-design for product launches and new data initiatives; and implementing Data Subject Rights (DSR) procedures and automated processes in compliance with global laws.
  • Led privacy legal strategy for global acquisitions and divestitures, including performing due diligence to identify privacy risks, drafting of deal terms to reduce privacy or information security risks, counseling on data transfer obligations in acquisitions and divestitures and advised on post-close strategy.
  • Supported updates to global technologies impacting employee privacy, including the drafting of privacy impact assessments, coordinating with technology and information security leads on implementing appropriate safeguards, updating employee data protection notices and working with DPOs and local Works Councils to evaluate initiatives prior to implementation.
  • Analyzed and negotiated data processing agreements in controller-to-controller and controller-processor scenarios, and business associate agreements and data use agreements for HIPAA-covered entities.

Recognitions and Memberships

Recognitions

  • Certified Information Privacy Professional (CIPP/US/EU)
  • Certified Information Privacy Manager (CIPM)

Memberships

  • CHIEF (the only private membership network focused on connecting and supporting women executive leaders): Founding Member, Los Angeles Chapter (2020 to present)
  • International Association of Privacy Professionals (IAPP): Co-Chair, Los Angeles Chapter (2016 to 2018)
  • Women Business Leaders of the U.S. Health Care Industry Foundation (2016 to 2017)
  • EmpowHer Institute, Inc.: Vice President and Board Member (2014 to 2015)

Prior Positions

  • Sony Pictures Entertainment Inc.: Vice President, Privacy, Legal Compliance (2020 to 2021)
  • Abbott Laboratories, Global Privacy Officer, Abbott Diabetes Care Division (2017 to 2020)

Admissions

  • California

Education

  • J.D., University of Michigan Law School
  • B.A., University of Michigan, with high distinction