Skip to Main Content

The following is an excerpt from Practice Perspectives: Vault's Guide to Legal Practice Areas.

Jennifer Everett's practice focuses on cybersecurity, data privacy, and employment. She advises multinational clients on a wide range of privacy and data compliance issues, including cyber governance, identifying strategies for international data transfers, developing global data protection compliance programs, and conducting privacy impact assessments. Jennifer has particular experience in advising companies on compliance with global data protection laws, including the EU General Data Protection Regulation (GDPR). She also advises clients on compliance with various U.S. laws such as health insurance and health information technology acts (HIPAA/HITECH), the Federal Trade Commission (FTC) Act, and other U.S. consumer privacy statutes.

Jennifer handles all aspects of U.S. and international data breach investigation and response, including advising clients on forensic investigations, notification, and other legal obligations, and related regulatory investigations.

Jennifer regularly counsels employers on issues concerning data protection that impact the workforce ranging from bring your own device (BYOD) policies, employee background checks, employee monitoring, e-discovery, and workplace investigations. She also has litigation and arbitration experience, particularly in employment-related matters. Jennifer has assisted clients in a variety of industries such as health care, financial services, hospitality, manufacturing, retail, technology, automotive, and marketing.

Describe your practice area and what it entails.

Jones Day’s Cybersecurity, Privacy and Data Protection practice has been at the forefront of cybersecurity and data privacy law developments around the globe, and our interdisciplinary team of nearly 100 lawyers on five continents can provide our clients with access to cybersecurity, privacy, and data protection expertise that is essential to effective proactive and reactive incident response activities. Our clients—which include global and local companies of all sizes, in many different industry sectors—rely on us for a variety of services, from providing representation in the face of litigation and enforcement actions, to conducting privacy audits and assisting with the development of compliance policies.

What types of clients do you represent?

Given that companies in every industry leverage personal information, the clients we represent are industry agnostic. We represent clients across sectors, including emerging technologies, health care, financial services, retail, communications, manufacturing, and transportation. Jones Day has long standing relationships with companies including ICANN organization, IBM, Thermo Fisher, STERIS Corporation, and GrafTech.

What types of cases/deals do you work on?

My practice generally covers four main areas: (a) corporate compliance; (b) transactional; (c) incident response; and (d) regulatory.

Corporate Compliance/Advisory: I advise multinational clients on a wide range of data privacy compliance issues, including cyber and data privacy governance, identifying strategies for international data transfers, developing global data protection programs, and conducting privacy impact assessments.

Transactional: I advise companies on all aspects of technology and data and privacy related corporate transactional agreements, including with respect to privacy and information security due diligence in connection with M&A and other corporate transactions.

Regulatory: I advise and defend companies on regulatory investigations including before the FTC and state attorneys general.

Incident Response/Crisis Management: I advise on all aspects of U.S. and international data breach investigation and response, including advising companies on development and implementing crisis management strategies, breach notification response, and other regulatory obligations.

How did you choose this practice area?

Data privacy and cybersecurity legal landscape is ever evolving. As technology and the use of data constantly changes, there’s never an “off the shelf” answer for company’s needs. I have also enjoyed learning how companies leverage and use data, and love the challenge of developing innovative solutions to unique legal issues. In short, there’s never a dull moment.

What is a typical day like and/or what are some common tasks you perform?

As mentioned above, there’s never a dull moment in our Cybersecurity, Protection and Data Privacy Practice. Many of my days are spent advising clients on unique legal issues in data privacy. I also spend a portion of my days on privacy and cybersecurity due diligence for complex and high-stakes transactions. When there is a cybersecurity incident, the issues facing a client can be time sensitive so all focus is devoted to ensuring the client can timely respond in the midst of a crisis. I firmly believe that being an effective attorney also means dedicating one’s time not only to the practice of law but also to the office and the firm. For this reason, a portion of my day is also spent on client development, and also working alongside my colleagues in advancing programs for our diversity initiatives.

What training, classes, experience, or skills development would you recommend to someone who wishes to enter your practice area?

We encourage law school students aspiring to do cybersecurity or data privacy to take classes or seminars on those subjects in law school, where available. Additionally, law school students, associates and other practitioners alike should take advantage of CLEs in data privacy and cybersecurity. At Jones Day, we also offer in-house training on data privacy and cybersecurity laws. Additionally, organizations like the International Association of Privacy Professionals (IAPP) offer certifications that can help increase one’s knowledge base in this area. And there is no greater training than actually doing the work.
What do you like best about your practice area?

I enjoy the unique issues that we have the opportunity to address that are relevant and critical to the global economy. We are able to leverage our expertise to advise clients on key issues such as compliance with the ever evolving cybersecurity laws and Executive Orders; unique data sharing arrangements in complex transactions, international data transfers, managing data privacy and security during a pandemic, and so much more. Above all, however, I enjoy the fact that I get to work on these critical issues with an amazing team of attorneys. We have a deep bench of experienced attorneys who bring an array of experience—including having served in-house or in the government—to the practice to provide quality, in-depth and effective advice to our clients.

What misconceptions exist about your practice area?

I want to dispel any notion that computer science or similar backgrounds are per se required to practice in this area. I was a political science/international studies major with a Japanese language minor in college. We welcome new associates who have an interest in this practice to try out a new area of the law.

What is unique about your practice area at your firm?

As I mentioned earlier, the use of data is industry agnostic. As a result, our practice works with almost every practice area within the firm. From health care and life sciences to the financial sector, we advise clients across a wide range of industries. Our Cybersecurity, Data Protection and Privacy practice is also one of the few practice areas that has both transactional and litigation attorneys. This allows us to provide a full range of service to our clients.

What are some typical tasks that a junior lawyer would perform in this practice area?

We tend to staff matters leanly, meaning that junior associates are a part of the core team and immediately get substantive work experience. For example, for any cybersecurity incidents, junior associates may work closely with a third-party forensics team to identify and mitigate the cyber incident, draft and coordinate notifications to affected third parties and regulators, and work on substantive responses to regulators, should they arise. The quick pace of cybersecurity incidents requires associates to think fast on their feet and work collaboratively with a team.