Laura E. Jehl

Partner

Washington, D.C.
T +1 202.861.1588
F +1 202.861.1783

Laura has "extremely good judgement and deep experience in major cybersecurity issues."

— Chambers USA 2018

Overview

Laura Jehl is a Partner in the firm’s Privacy and Data Protection Practice, and serves as co-leader of the firm's General Data Protection Regulation (GDPR) initiative and of its Blockchain Technologies and Digital Currencies Team. Her practice focuses on the intersection of data, law and emerging technologies and she is highly recommended in the Chambers FinTech guide. Chambers praises her "extremely good judgement and deep experience in major cybersecurity issues."

Laura has extensive experience handling complex data security incidents, including several of the largest data breaches ever reported, affecting high-profile clients in the healthcare, internet and hospitality sectors, among others. She has directed forensic investigations, advised on notification of U.S. and international regulators, and led sensitive interactions with law enforcement and national security agencies related to these incidents. Laura also represents companies facing regulatory investigations and enforcement actions involving both privacy and security practices, and helps client respond to request from U.S. government agencies for personal data they hold.

Laura regularly helps clients understand their obligations under the “patchwork” of U.S. privacy and cybersecurity laws, including HIPAA, GLBA, SCA/ECPA, COPPA, CAN-SPAM, and the California Consumer Privacy Act, as well as state breach notification and data security laws. Laura also co-leads the firm’s GDPR initiative and understands the growing globalization of data privacy regulation. She has helped hundreds of clients build and enhance comprehensive privacy programs, while anticipating emerging privacy and security obligations.

More »

As a co-founder and leader of the firm's national Blockchain Technologies and Digital Currencies Team, Laura advises clients on a wide variety of legal and regulatory issues presented by the emergence of blockchain technologies, cryptocurrencies, and digital identity solutions. Laura advises companies on the legal issues associated with blockchain technologies, from smart contracts and self-sovereign identity solutions to complying with SEC guidelines on digital currencies.

Earlier, Laura served as Vice President and Chief Litigation Counsel at America Online, Inc. (AOL), where she played a critical role in the development of internet law, most notably involving the ISP immunity provisions of Section 230 of the Communications Decency Act, the development of privacy policies and protections for AOL users, the legal battle against junk email, and in achieving, on behalf of AOL subsidiary Netscape, a significant settlement of its antitrust lawsuit against Microsoft. In addition, Laura led AOL’s response to a number of high-profile government investigations, including early FTC investigations into privacy matters, and investigations by the DOJ, SEC, and State Attorneys General. Laura also played a leading role in gaining US, EU and international regulatory approval of AOL’s merger with Time Warner in 2000, then the largest corporate merger in history. Laura later held a business role as Chief of Staff to AOL’s Vice Chairman.

With extensive experience as a senior in-house lawyer and business-side executive, Laura understands the business, legal, and technological challenges and opportunities her clients face. Chambers reports that clients praise Laura’s “excellent rapport” and her “holistic, big-picture approach” to advising them on privacy and data security issues and helping them meet regulatory requirements while incorporating practical, creative, trusted and valuable business solutions.

Select Experience

  • Advised global hospitality company in connection with response to major data security incident that potentially exposed the personal information of up to 500 million guests at hotel properties. Engagement included advice on compliance with U.S. and international data protection and data breach notification regulations, including EU General Data Protection Regulation (GDPR).
  • Developed and implemented GDPR compliance programs for numerous U.S. and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers and employee training.
  • Advising numerous clients on preparation for compliance with the California Consumer Privacy Act, including advocacy related to development of implementing regulations.
More »

Experience

  • Advised global hospitality company in connection with response to major data security incident that potentially exposed the personal information of up to 500 million guests at hotel properties. Engagement included advice on compliance with U.S. and international data protection and data breach notification regulations, including EU General Data Protection Regulation (GDPR).
  • Developed and implemented GDPR compliance programs for numerous U.S. and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers and employee training.
  • Advising numerous clients on preparation for compliance with the California Consumer Privacy Act, including advocacy related to development of implementing regulations.
  • Represented a leading internet service provider in complex and sensitive interactions with federal and international law enforcement related to major state-sponsored cyber incident.
  • Played a leading role in developing and executing a major health insurer's response to a massive cyberattack in which the attackers accessed personal information of nearly 80 million individuals.
  • Advised several blockchain industry clients on GDPR and CCPA compliance, particularly related to the interaction between the immutability of distributed ledger technology, GDPR’s right of erasure and CCPA’s right of deletion.
  • Advised a digital currency platform services provider in responding to a multimillion-dollar cyber theft of bitcoin from a digital currency exchange. Issues included incident response; crisis communications; interactions with compromised exchange; client cybersecurity practices and personnel; and pre-litigation counseling and preparation.
  • Developed federal policy strategy for blockchain-enabled global payments company on federal and state legislative, regulatory and policy issues relating to cryptocurrencies.
  • Represented a major cloud service provider in connection with a data security incident in which a security researcher identified a large volume of third-party customer data left exposed in a publicly-permissioned bucket accessible on the internet.
  • Negotiated complex, comprehensive, multi-party relationship for development and marketing of artificial intelligence solutions in the healthcare industry.
  • Advises clients on all aspects of cyber incident and data breach response, including working with forensic security consultants and crisis communications firms, conducting internal investigations, interacting with law enforcement, complying with data breach notification laws, and mitigating litigation risks.
  • Represents clients on internet, digital media and First Amendment matters, including the Electronic Communications Privacy Act (ECPA), Stored Communications Act (SCA) and national security-related privacy matters.
  • Played a formative role in the development of internet law, most notably the internet service provider (ISP) immunity provisions of Section 230 of the Communications Decency Act and the development of internet privacy policies and protections.
  • As a member of a panel of academic, technology and privacy/cybersecurity leaders, advised technology and government sectors on use of blockchain technologies to secure and streamline elections.

Recognitions and Memberships

Recognitions

  • The Legal 500 United States (2018 to 2019)
    • Recommended in Media, Technology and Telecoms - Cyber Law (including data privacy and protection)
  • Chambers FinTech: Legal: Data Protection & Cyber Security – USA, Band 2 (2019)

Memberships

  • International Association of Privacy Professionals
    • Certified Information Privacy Professional (CIPP/US)

News

News

Press Releases

Publications

Alerts

Articles

Prior Positions

  • Resolution Health, Inc./Anthem, Inc.
    • General Counsel
    • Chief Privacy and Security Officer
  • America Online, Inc.
    • Vice President, Chief Litigation Counsel
    • Chief of Staff to AOL Vice Chairman

Admissions

  • District of Columbia
  • California

Education

  • J.D., Harvard Law School, cum laude
  • B.A., Political Science, University of California, Berkeley, University and Departmental Highest Honors, John Gardner Fellowship for Public Service

Languages

  • French
  • Spanish

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Deeper Dive: GDPR a Game-Changer for Data Breach Notification
By Laura E. Jehl, Andreas T. Kaltsounis
April 8, 2019
When the EU General Data Protection Regulation (GDPR) took effect on May 25, 2018, it dramatically changed the way multinationals manage the reporting of personal data breaches. It also substantially raised the stakes: Entities found to...
Read More ->
Data Privacy Monitor
The California Consumer Privacy Act: Frequently Asked Questions
By Alan L. Friel, Laura E. Jehl, Melinda L. McLellan
March 27, 2019
The California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect on January 1, 2020. In the wake of the CCPA’s passage, approximately 15 other states introduced their own CCPA-like privacy...
Read More ->
Data Privacy Monitor
EU Regulators Increase Focus on Cookie Practices
By Kyle R. Fath, Laura E. Jehl, Monique Matar, Jean H. Shin
March 14, 2019
In the absence of cookies-related guidance and enforcement by regulators against ordinary website publishers and operators, many e-commerce sites, online publishers and other website operators have taken a “wait and see” approach with...
Read More ->
Data Privacy Monitor
"No Deal" Brexit May Bring Practical Problems for Privacy and Data Protection
By Kyle R. Fath, Laura E. Jehl, Jaime B. Petenko
January 31, 2019
With a “No Deal” Brexit seeming more likely than ever after the UK Parliament voted down a proposed deal in January 2019, concerns are rapidly multiplying about the effects of such a withdrawal from the EU for organizations doing business...
Read More ->
Data Privacy Monitor
Racing to Meet the 72-hour Deadline to Report a Personal Data Breach in the EU? A GDPR Resource Is Available
By Laura E. Jehl, Jaime B. Petenko
January 28, 2019
Companies face substantial challenges in complying with breach notification requirements under Article 33 of the General Data Protection Regulation (GDPR). Article 33 requires a data controller to report a personal data breach to European...
Read More ->