Laura E. Jehl

Partner

Washington, D.C.
T +1 202.861.1588
F +1 202.861.1783

Laura has "extremely good judgement and deep experience in major cybersecurity issues."

— Chambers USA 2018

Overview

Laura Jehl focuses her practice on the intersection of law, data and emerging technologies. She is a co-leader of both the firm's General Data Protection Regulation (GDPR) initiative and of its Blockchain Technologies and Digital Currencies Team. She advises clients on U.S. and international privacy, data protection and cybersecurity matters, and helps them navigate interactions with federal regulatory and law enforcement agencies, including the Federal Trade Commission (FTC), the Federal Communications Commission (FCC) and the Department of Justice (DOJ), as well as state and local authorities. Laura also helps clients respond to data breaches, including some of the largest and most complex data security incidents. As a co-founder and leader of the firm's national Blockchain Technologies and Digital Currencies Team, Laura advises clients on a wide variety of legal and regulatory issues presented by blockchain, virtual currencies, artificial intelligence, IoT and digital identity solutions.

With her experience as a senior in-house lawyer and business-side executive, Laura understands the business, legal, technological and regulatory challenges and opportunities her clients face, and uses that experience to provide clients with practical advice and thoughtful advocacy.

Select Experience

  • Developed and implemented EU General Data Protection Regulation (GDPR) compliance programs for numerous U.S. and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers and employee training.  
  • Played a leading role in developing and executing a major insurer's response to a massive cyberattack in which the attackers accessed personal information of nearly 80 million individuals.
  • Represented a prominent internet company in complex and sensitive interactions with federal and international law enforcement related to major state-sponsored cyber incident.
More »

Experience

  • Developed and implemented EU General Data Protection Regulation (GDPR) compliance programs for numerous U.S. and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers and employee training.  
  • Played a leading role in developing and executing a major insurer's response to a massive cyberattack in which the attackers accessed personal information of nearly 80 million individuals.
  • Represented a prominent internet company in complex and sensitive interactions with federal and international law enforcement related to major state-sponsored cyber incident.
  • Advised blockchain industry clients on GDPR compliance, particularly related to the interaction between the immutability of distributed ledger technology and GDPR’s right of erasure.
  • Advised a digital currency platform services provider in responding to a multimillion-dollar cyber theft of bitcoin from a digital currency exchange. Issues included incident response; crisis communications; interactions with compromised exchange; client cybersecurity practices and personnel; and pre-litigation counseling and preparation.
  • Developed federal policy strategy for blockchain-enabled global payments company on federal and state legislative, regulatory and policy issues relating to cryptocurrencies.
  • Represented a major cloud service provider in connection with a data security incident in which a security researcher identified a large volume of third-party customer data left exposed in a publicly-permissioned bucket accessible on the internet.
  • Negotiated complex, comprehensive, multi-party relationship for development and marketing of artificial intelligence solutions in the healthcare industry.
  • Advises clients on all aspects of cyber incident and data breach response, including working with forensic security consultants and crisis communications firms, conducting internal investigations, interacting with law enforcement, complying with data breach notification laws, and mitigating litigation risks.
  • Represents clients on internet, digital media and First Amendment matters, including the Electronic Communications Privacy Act (ECPA), Stored Communications Act (SCA) and national security-related privacy matters.
  • Played a formative role in the development of internet law, most notably the internet service provider (ISP) immunity provisions of Section 230 of the Communications Decency Act and the development of internet privacy policies and protections.
  • As a member of a panel of academic, technology and privacy/cybersecurity leaders, advised tech- and government sectors on use of blockchain technologies to secure and streamline elections.

Recognitions and Memberships

Recognitions

  • Chambers FinTech: Legal: Data Protection & Cyber Security – USA, Band 2 (2018)

Memberships

  • International Association of Privacy Professionals
    • Certified Information Privacy Professional (CIPP/US)

News

News

Press Releases

Prior Positions

  • Resolution Health, Inc./Anthem, Inc.
    • General Counsel
    • Chief Privacy and Security Officer
  • America Online, Inc.
    • Vice President, Chief Litigation Counsel
    • Chief of Staff to AOL Vice Chairman

Admissions

  • District of Columbia
  • California

Education

  • J.D., Harvard Law School, cum laude
  • B.A., Political Science, University of California, Berkeley, University and Departmental Highest Honors, John Gardner Fellowship for Public Service

Languages

  • French
  • Spanish

Blog

In The Blogs

Previous Next
Data Privacy Monitor
GDPR Spurring Legal Reforms in South America With New Legislation in Brazil
By Brian P. Bartish, Laura E. Jehl
October 30, 2018
As organizations continue to grapple with the requirements of the EU General Data Protection Regulation (GDPR) even months after its effective date, one thing is clear: The impact of the regulation extends far beyond an organization’s...
Read More ->
Data Privacy Monitor
Is a New Federal Data Privacy Law on the Horizon? The Tech Industry Sure Hopes So
By Sara M. Goldstein, Laura E. Jehl
September 17, 2018
Despite several failed attempts in recent years, there is a new effort underway to enact a federal data privacy law, and it’s being led by a somewhat unlikely source – the tech industry. Although they were resistant to a federal privacy...
Read More ->
The Blockchain Monitor
Five Things Blockchain Firms Need to Know About the GDPR
By Laura E. Jehl, Stephanie N. Malaska, Robert A. Musiala Jr.
June 11, 2018
We’re witnessing the convergence, and perhaps the collision, of two powerful new forces in data privacy: the European Union General Data Protection Regulation (GDPR) and the emergence of blockchain based privacy solutions. These two forces...
Read More ->
Data Privacy Monitor
Deeper Dive: Key findings From Baker Hostetler's 2018 Data Security Incident Report
By Laura E. Jehl
April 10, 2018
In our 2018 Data Security Incident Report, “Building Cyber Resilience: Compromise Response Intelligence in Action,” we identify and analyze the most important trends and takeaways from the more than 560 incidents we handled last year...
Read More ->