Laura E. Jehl

Partner

Washington, D.C.
T +1 202.861.1588
F +1 202.861.1783

Laura has "extremely good judgement and deep experience in major cybersecurity issues."

— Chambers USA 2018

Overview

Laura Jehl is a partner in the firm’s Privacy and Data Protection practice, and serves as co-leader of the firm's General Data Protection Regulation (GDPR) initiative and its Blockchain Technologies and Digital Currencies team. Her practice focuses on the intersection of data, law and emerging technologies, and she is ranked by Chambers USA as a leader in her field. Chambers cites clients praising her “extremely good judgement and deep experience in major cybersecurity issues."

Laura has extensive experience handling complex cyber incidents, including several of the largest data breaches ever reported, affecting high-profile clients in the healthcare, internet and hospitality sectors. She has directed forensic investigations, advised on notification of U.S. and international regulators, and led sensitive interactions with law enforcement and national security agencies related to these incidents. Laura also represents companies facing regulatory investigations and enforcement actions involving both privacy and security practices, and helps clients respond to requests from U.S. government agencies for personal data.

More »

Laura regularly helps clients understand their obligations under the “patchwork” of U.S. privacy and cybersecurity laws, including HIPAA, GLBA, SCA/ECPA, COPPA, CAN-SPAM and the California Consumer Privacy Act, as well as state breach notification and data security laws. As co-leader of the firm’s GDPR initiative, Laura understands the growing globalization of data privacy regulation. She has helped hundreds of clients build and enhance comprehensive privacy programs, while anticipating emerging privacy and security obligations.

Her role as co-founder and leader of the firm's national Blockchain Technologies and Digital Currencies Team has Laura advising clients on a wide variety of legal and regulatory issues presented by the emergence of blockchain technologies, cryptocurrencies and digital identity solutions. She also advises companies on the legal issues associated with blockchain technologies, from smart contracts and personal identity solutions to complying with SEC guidelines on digital currencies.

With extensive experience as a senior in-house lawyer and business-side executive, Laura understands the business, legal and technological challenges and opportunities that her clients face. Chambers reports that clients praise Laura’s “excellent rapport” and her “holistic, big-picture approach” to advising them on privacy and data security issues and helping them meet regulatory requirements while incorporating practical, creative, trusted and valuable business solutions.

Select Experience

  • Advised global hospitality company in connection with response to major data security incident that potentially exposed the personal information of up to 500 million guests at hotel properties. Engagement included advice on compliance with U.S. and international data protection and data breach notification regulations, including EU General Data Protection Regulation (GDPR).
  • Developed and implemented GDPR compliance programs for numerous U.S. and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers and employee training.
  • Advised numerous clients on preparation for compliance with the California Consumer Privacy Act, including advocacy related to development of implementing regulations.
More »

Experience

  • Advised global hospitality company in connection with response to major data security incident that potentially exposed the personal information of up to 500 million guests at hotel properties. Engagement included advice on compliance with U.S. and international data protection and data breach notification regulations, including EU General Data Protection Regulation (GDPR).
  • Developed and implemented GDPR compliance programs for numerous U.S. and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers and employee training.
  • Advised numerous clients on preparation for compliance with the California Consumer Privacy Act, including advocacy related to development of implementing regulations.
  • Represented a prominent internet company in complex and sensitive interactions with federal and international law enforcement related to major state-sponsored cyber incident.
  • Played a leading role in developing and executing a major health insurer's response to a massive cyberattack in which the attackers accessed personal information of nearly 80 million individuals.
  • Advised several blockchain industry clients on GDPR and CCPA compliance, particularly related to the interaction between the immutability of distributed ledger technology, GDPR’s right of erasure and CCPA’s right of deletion.
  • Advised a digital currency platform services provider in responding to a multimillion-dollar cyber theft of bitcoin from a digital currency exchange. Issues included incident response, crisis communications, interactions with compromised exchange, client cybersecurity practices and personnel and pre-litigation counseling and preparation.
  • Developed federal policy strategy for blockchain-enabled global payments company on federal and state legislative, regulatory and policy issues relating to cryptocurrencies.
  • Represented a major cloud service provider in connection with a data security incident in which a security researcher identified a large volume of third-party customer data left exposed in a publicly-permissioned bucket accessible on the internet.
  • Negotiated complex, comprehensive, multi-party relationship for development and marketing of artificial intelligence solutions in the healthcare industry.
  • Advises clients on all aspects of cyber incident and data breach response, including working with forensic security consultants and crisis communications firms, conducting internal investigations, interacting with law enforcement, complying with data breach notification laws and mitigating litigation risks.
  • Represents clients on internet, digital media and First Amendment matters, including the Electronic Communications Privacy Act (ECPA), Stored Communications Act (SCA) and national security-related privacy matters.
  • Played a formative role in the development of internet law, most notably the internet service provider (ISP) immunity provisions of Section 230 of the Communications Decency Act and the development of internet privacy policies and protections.
  • As a member of a panel of academic, technology and privacy/cybersecurity leaders, advised technology and government sectors on use of blockchain technologies to secure and streamline elections.

Recognitions and Memberships

Recognitions

  • Chambers FinTech: Legal: Data Protection & Cyber Security – USA, Band 2 (2018)

Memberships

  • International Association of Privacy Professionals
    • Certified Information Privacy Professional (CIPP/US)

News

News

Press Releases

Prior Positions

  • Resolution Health, Inc./Anthem, Inc.
    • General Counsel
    • Chief Privacy and Security Officer
  • America Online, Inc.
    • Vice President, Chief Litigation Counsel
    • Chief of Staff to AOL Vice Chairman

Admissions

  • District of Columbia
  • California

Education

  • J.D., Harvard Law School, cum laude
  • B.A., Political Science, University of California, Berkeley, University and Departmental Highest Honors, John Gardner Fellowship for Public Service

Languages

  • French
  • Spanish

Blog

In The Blogs

Previous Next
Data Privacy Monitor
"No Deal" Brexit May Bring Practical Problems for Privacy and Data Protection
By Kyle R. Fath, Laura E. Jehl, Jaime B. Petenko
January 31, 2019
With a “No Deal” Brexit seeming more likely than ever after the UK Parliament voted down a proposed deal in January 2019, concerns are rapidly multiplying about the effects of such a withdrawal from the EU for organizations doing business...
Read More ->
Data Privacy Monitor
Racing to Meet the 72-hour Deadline to Report a Personal Data Breach in the EU? A GDPR Resource Is Available
By Laura E. Jehl, Jaime B. Petenko
January 28, 2019
Companies face substantial challenges in complying with breach notification requirements under Article 33 of the General Data Protection Regulation (GDPR). Article 33 requires a data controller to report a personal data breach to European...
Read More ->
Data Privacy Monitor
Advocate General Opinion Supports Limiting the "Right to be Forgotten" to the EU
By Emily R. Fedeles, Laura E. Jehl, Nichole L. Sterling
January 23, 2019
On January 10, Advocate General Maciej Szpunar released an opinion recommending that Google and other search engines should not be forced to apply the EU’s “right to be forgotten” beyond the EU. The advocates general assist the judges of...
Read More ->
Data Privacy Monitor
Brazil Enacts Measure Creating a Data Supervisory Authority; Delays Implementation of the LGPD
By Brian P. Bartish, Laura E. Jehl
January 16, 2019
While the inauguration of a polarizing new president dominated the news of Brazil around the beginning of the new year, outgoing President Michel Temer, before leaving office, issued an executive order that has important ramifications for...
Read More ->
Data Privacy Monitor
A New Year Brings a New Vermont Law Aimed at Data Brokers and Credit Reporting Agencies
By Sara M. Goldstein, Laura E. Jehl
January 15, 2019
On Jan. 1, 2019, a new Vermont law intended to protect consumers by imposing new requirements on “data brokers,” companies that aggregate and sell consumer information, and credit reporting agencies took effect. Under the new law, data...
Read More ->